Stack Trace =========== Stack Trace ========= frame #0: WebCore`WebCore::CompositeEditCommand::moveParagraphs(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, bool, bool)+8933 frame #1: WebCore`WebCore::InsertListCommand::doApplyForSingleParagraph(bool, WebCore::HTMLQualifiedName const&, WebCore::SimpleRange&)+7504 frame #2: WebCore`WebCore::InsertListCommand::doApply()+7534 frame #3: WebCore`WebCore::CompositeEditCommand::apply()+500 frame #4: WebCore`WebCore::executeInsertOrderedList(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&)+109 frame #5: WebCore`WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&)+77 frame #6: WebCore`WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::JSGlobalObject*, JSC::CallFrame*)+428 frame #7: JavaScriptCore`llint_entry+104868 frame #8: JavaScriptCore`vmEntryToJavaScript+216 frame #9: JavaScriptCore`JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)+518 frame #10: JavaScriptCore`JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)+147
<rdar://problem/70987467>
Created attachment 413029 [details] Crashing input
<rdar://problem/70094270>
On LinuxGTK I get: STDERR: ASSERTION FAILED: initialized() STDERR: DerivedSources/ForwardingHeaders/wtf/Optional.h(540) : constexpr T&& WTF::Optional< <template-parameter-1-1> >::operator*() && [with T = WebCore::SimpleRange] STDERR: 1 0x7f5d596cb77d WTFCrash STDERR: 2 0x7f5d6aac3599 WTF::Optional<WebCore::SimpleRange>::operator*() && STDERR: 3 0x7f5d6cec006e WebCore::CompositeEditCommand::moveParagraphs(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, bool, bool) STDERR: 4 0x7f5d6b2711aa WebCore::InsertListCommand::unlistifyParagraph(WebCore::VisiblePosition const&, WebCore::HTMLElement*, WebCore::Node*) STDERR: 5 0x7f5d6b27091a WebCore::InsertListCommand::doApplyForSingleParagraph(bool, WebCore::HTMLQualifiedName const&, WebCore::SimpleRange&) STDERR: 6 0x7f5d6b26ffa5 WebCore::InsertListCommand::doApply() STDERR: 7 0x7f5d6ceb9c8a WebCore::CompositeEditCommand::apply() STDERR: 8 0x7f5d6b248dda /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0x10023dda) [0x7f5d6b248dda] STDERR: 9 0x7f5d6b24d0bc WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const STDERR: 10 0x7f5d6afe3c4f WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) STDERR: 11 0x7f5d6995de3a /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xe738e3a) [0x7f5d6995de3a] STDERR: 12 0x7f5d6997f903 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xe75a903) [0x7f5d6997f903] STDERR: 13 0x7f5d6995df08 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xe738f08) [0x7f5d6995df08] STDERR: 14 0x7f5d0f687178 [0x7f5d0f687178] STDERR: LEAK: 1 WebPageProxy
(In reply to Rob Buis from comment #4) > On LinuxGTK I get: > STDERR: ASSERTION FAILED: initialized() > STDERR: DerivedSources/ForwardingHeaders/wtf/Optional.h(540) : constexpr T&& > WTF::Optional< <template-parameter-1-1> >::operator*() && [with T = > WebCore::SimpleRange] > STDERR: 1 0x7f5d596cb77d WTFCrash > STDERR: 2 0x7f5d6aac3599 WTF::Optional<WebCore::SimpleRange>::operator*() > && > STDERR: 3 0x7f5d6cec006e > WebCore::CompositeEditCommand::moveParagraphs(WebCore::VisiblePosition > const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, > bool, bool) > STDERR: 4 0x7f5d6b2711aa > WebCore::InsertListCommand::unlistifyParagraph(WebCore::VisiblePosition > const&, WebCore::HTMLElement*, WebCore::Node*) > STDERR: 5 0x7f5d6b27091a > WebCore::InsertListCommand::doApplyForSingleParagraph(bool, > WebCore::HTMLQualifiedName const&, WebCore::SimpleRange&) > STDERR: 6 0x7f5d6b26ffa5 WebCore::InsertListCommand::doApply() > STDERR: 7 0x7f5d6ceb9c8a WebCore::CompositeEditCommand::apply() > STDERR: 8 0x7f5d6b248dda > /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0x10023dda) > [0x7f5d6b248dda] > STDERR: 9 0x7f5d6b24d0bc WebCore::Editor::Command::execute(WTF::String > const&, WebCore::Event*) const > STDERR: 10 0x7f5d6afe3c4f WebCore::Document::execCommand(WTF::String > const&, bool, WTF::String const&) > STDERR: 11 0x7f5d6995de3a > /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xe738e3a) > [0x7f5d6995de3a] > STDERR: 12 0x7f5d6997f903 > /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xe75a903) > [0x7f5d6997f903] > STDERR: 13 0x7f5d6995df08 > /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xe738f08) > [0x7f5d6995df08] > STDERR: 14 0x7f5d0f687178 [0x7f5d0f687178] > STDERR: LEAK: 1 WebPageProxy Looks like bug #218494
(In reply to Carlos Garcia Campos from comment #5) > Looks like bug #218494 Yeah, applying your fix there results in : STDERR: ASSERTION FAILED: startOfParagraphToMove == endOfParagraphToMove || !endOfParagraphToMove.isNull() STDERR: ../../Source/WebCore/editing/CompositeEditCommand.cpp(1403) : void WebCore::CompositeEditCommand::moveParagraphs(const WebCore::VisiblePosition&, const WebCore::VisiblePosition&, const WebCore::VisiblePosition&, bool, bool) STDERR: 1 0x7efe8587d77d WTFCrash STDERR: 2 0x7efe942185d7 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xce415d7) [0x7efe942185d7] STDERR: 3 0x7efe99071477 WebCore::CompositeEditCommand::moveParagraphs(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, bool, bool) STDERR: 4 0x7efe9742295e I assume this is a small improvement (crash seems later) but obviously still problematic.
(In reply to Rob Buis from comment #6) > (In reply to Carlos Garcia Campos from comment #5) > > Looks like bug #218494 > > Yeah, applying your fix there results in : > STDERR: ASSERTION FAILED: startOfParagraphToMove == endOfParagraphToMove || > !endOfParagraphToMove.isNull() > STDERR: ../../Source/WebCore/editing/CompositeEditCommand.cpp(1403) : void > WebCore::CompositeEditCommand::moveParagraphs(const > WebCore::VisiblePosition&, const WebCore::VisiblePosition&, const > WebCore::VisiblePosition&, bool, bool) > STDERR: 1 0x7efe8587d77d WTFCrash > STDERR: 2 0x7efe942185d7 > /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xce415d7) > [0x7efe942185d7] > STDERR: 3 0x7efe99071477 > WebCore::CompositeEditCommand::moveParagraphs(WebCore::VisiblePosition > const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, > bool, bool) > STDERR: 4 0x7efe9742295e > > I assume this is a small improvement (crash seems later) but obviously still > problematic. Isn't that https://bugs.webkit.org/show_bug.cgi?id=218492 ?
Created attachment 414937 [details] Reduced test case
The problem is indeed similar to bug #218494, but in this case the li element has the actual body element as a child, so the fix for bug #218494 doesn't work here.
(In reply to Carlos Garcia Campos from comment #9) > The problem is indeed similar to bug #218494, but in this case the li > element has the actual body element as a child, so the fix for bug #218494 > doesn't work here. Ah, ok.
So, the problem is the same than in bug #218494, endOfParagraphToMove is null in CompositeEditCommand::moveParagraphs() and also comes from InsertListCommand::unlistifyParagraph(), but the reason is different in this case. In InsertListCommand::unlistifyParagraph() firstPositionInNode and lastPositionInNode of the list child they both return the same position (offset 0 of LI 0x7f0eb851a7b0 id='htmlvar00010'). but when converted to a VisiblePosition, start is offset 0 of #text 0x7f0eb851a830 length=1 "a" and end is null. I don't understand why yet. The debug tree is this one: BODY 0x7f0eb85192e0 (renderer 0x7f0eb8519470) #text 0x7f0eb851a450 "\n" MAP 0x7f0eb851a4b0 (renderer 0x7f0eb851a990) #text 0x7f0eb851a530 "\n" UL 0x7f0eb97c4010 (renderer 0x7f0e6004c200) #text 0x7f0eb851a610 "\n" LI 0x7f0eb851a7b0 (renderer 0x7f0eb851b1f0) * #text 0x7f0eb851a830 "a" PRE 0x7f0eb851a890 (renderer 0x7f0e6004c300) #text 0x7f0eb97d8058 "b" #text 0x7f0eb851a750 "\n" #text 0x7f0eb97d80b0 "\n" LI 0x7f0eb851a910 (renderer 0x7f0eb851b720) #text 0x7f0eb97d8108 "c" #text 0x7f0eb97d8160 "\n" #text 0x7f0eb97d81b8 "\n\n\n" offset, offset:0
Ryosuke pointed out that this looks just like https://bugs.webkit.org/show_bug.cgi?id=220630
(In reply to Julian Gonzalez from comment #12) > Ryosuke pointed out that this looks just like > https://bugs.webkit.org/show_bug.cgi?id=220630 Indeed, the reduced and original test cases here don't crash on trunk with the patch from 220630.
*** This bug has been marked as a duplicate of bug 220630 ***