Bug 239533

Summary: ASSERTION FAILED: !m_insertChild->parentNode() on editing/inserting/insert-list-user-select-none-crash.html
Product: WebKit Reporter: Tim Nguyen (:ntim) <ntim>
Component: HTML EditingAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: ahmad.saleem792, webkit-bug-importer, wenson_hsieh
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=123732
https://bugs.webkit.org/show_bug.cgi?id=127341
https://bugs.webkit.org/show_bug.cgi?id=121949
https://bugs.webkit.org/show_bug.cgi?id=75845

Description Tim Nguyen (:ntim) 2022-04-20 02:05:15 PDT 
This started crashing after r293028, but it's not a direct cause of that bug. You can also reproduce before r293028 by replacing `user-select: none;` in the test with `user-select: text`.

https://build.webkit.org/results/Apple-Monterey-Debug-AppleSilicon-WK1-Tests/r249767@main%20(2275)/results.html

stderr:
2022-04-19 12:29:55.919 DumpRenderTree[61599:138005588] nil host used in call to allowsSpecificHTTPSCertificateForHost
2022-04-19 12:29:55.919 DumpRenderTree[61599:138005588] nil host used in call to allowsAnyHTTPSCertificateForHost:
ASSERTION FAILED: !m_insertChild->parentNode()
./editing/InsertNodeBeforeCommand.cpp(43) : WebCore::InsertNodeBeforeCommand::InsertNodeBeforeCommand(Ref<WebCore::Node> &&, WebCore::Node &, WebCore::ShouldAssumeContentIsAlwaysEditable, WebCore::EditAction)
1   0x117fd3634 WTFCrash
2   0x121489d10 WebCore::JSDOMGlobalObject* JSC::jsCast<WebCore::JSDOMGlobalObject*, JSC::JSGlobalObject>(JSC::JSGlobalObject*)
3   0x1246ed70c WebCore::InsertNodeBeforeCommand::InsertNodeBeforeCommand(WTF::Ref<WebCore::Node, WTF::RawPtrTraits<WebCore::Node> >&&, WebCore::Node&, WebCore::ShouldAssumeContentIsAlwaysEditable, WebCore::EditAction)
4   0x1246ed850 WebCore::InsertNodeBeforeCommand::InsertNodeBeforeCommand(WTF::Ref<WebCore::Node, WTF::RawPtrTraits<WebCore::Node> >&&, WebCore::Node&, WebCore::ShouldAssumeContentIsAlwaysEditable, WebCore::EditAction)
5   0x124654c30 WebCore::InsertNodeBeforeCommand::create(WTF::Ref<WebCore::Node, WTF::RawPtrTraits<WebCore::Node> >&&, WebCore::Node&, WebCore::ShouldAssumeContentIsAlwaysEditable, WebCore::EditAction)
6   0x12464f924 WebCore::CompositeEditCommand::insertNodeBefore(WTF::Ref<WebCore::Node, WTF::RawPtrTraits<WebCore::Node> >&&, WebCore::Node&, WebCore::ShouldAssumeContentIsAlwaysEditable)
7   0x12470037c WebCore::RemoveNodePreservingChildrenCommand::doApply()
8   0x124653f2c WebCore::CompositeEditCommand::applyCommandToComposite(WTF::Ref<WebCore::EditCommand, WTF::RawPtrTraits<WebCore::EditCommand> >&&)
9   0x12464981c WebCore::CompositeEditCommand::removeNodePreservingChildren(WebCore::Node&, WebCore::ShouldAssumeContentIsAlwaysEditable)
10  0x12470ba50 WebCore::ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline(WebCore::ReplaceSelectionCommand::InsertedNodes&)
11  0x12470f188 WebCore::ReplaceSelectionCommand::doApply()
12  0x124653f2c WebCore::CompositeEditCommand::applyCommandToComposite(WTF::Ref<WebCore::EditCommand, WTF::RawPtrTraits<WebCore::EditCommand> >&&)
13  0x124658c64 WebCore::CompositeEditCommand::moveParagraphs(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, bool, bool)
14  0x12465a08c WebCore::CompositeEditCommand::moveParagraph(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, bool, bool)
15  0x1246eccc4 WebCore::InsertListCommand::listifyParagraph(WebCore::VisiblePosition const&, WebCore::QualifiedName const&)
16  0x1246ebd44 WebCore::InsertListCommand::doApplyForSingleParagraph(bool, WebCore::HTMLQualifiedName const&, WebCore::SimpleRange&)
17  0x1246eb4f8 WebCore::InsertListCommand::doApply()
18  0x124641700 WebCore::CompositeEditCommand::apply()
19  0x1246d2f54 WebCore::executeInsertOrderedList(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&)
20  0x1246a8268 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const
21  0x12435496c WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&)
22  0x121955514 WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*)
23  0x121954ffc long long WebCore::IDLOperation<WebCore::JSDocument>::call<&(WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)
24  0x12193f4f0 WebCore::jsDocumentPrototypeFunction_execCommand(JSC::JSGlobalObject*, JSC::CallFrame*)
25  0x28000c03c
26  0x11862d290 llint_entry
27  0x118606e44 vmEntryToJavaScript
28  0x1195d4880 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
29  0x1195d3e38 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*)
30  0x119a5c318 JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
31  0x119a5c45c JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
Comment 1 Tim Nguyen (:ntim) 2022-04-20 02:09:53 PDT 
Test gardening: https://commits.webkit.org/r293088
Comment 2 Radar WebKit Bug Importer 2022-04-27 02:06:12 PDT 
<rdar://problem/92385812>
Comment 3 Ahmad Saleem 2022-11-17 04:43:23 PST 
Tim - I fixed similar looking Assertion issue with this commit:

https://github.com/WebKit/WebKit/commit/531d3679e268acaf10750ee50bdce95007891bdb

Do you think it can fix this issue?