Bug 254375

Summary: Assertion failure in CompositeEditCommand::moveParagraph via InsertListCommand::listifyParagraph
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: HTML EditingAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: wenson_hsieh
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Ryosuke Niwa 2023-03-23 15:31:38 PDT 
e.g.

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   JavaScriptCore                	       0x13f5b287e WTFCrash + 14 (Assertions.cpp:327)
1   WebCore                       	       0x1567ef6fb WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:758)
2   WebCore                       	       0x15a329345 WebCore::CompositeEditCommand::moveParagraph(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, bool, bool) + 181 (CompositeEditCommand.cpp:1444)
3   WebCore                       	       0x15a3ae01f WebCore::InsertListCommand::listifyParagraph(WebCore::VisiblePosition const&, WebCore::QualifiedName const&) + 2399 (InsertListCommand.cpp:436)
4   WebCore                       	       0x15a3acd54 WebCore::InsertListCommand::doApplyForSingleParagraph(bool, WebCore::HTMLQualifiedName const&, WebCore::SimpleRange&) + 2148 (InsertListCommand.cpp:287)
5   WebCore                       	       0x15a3ac4b7 WebCore::InsertListCommand::doApply() + 2503 (InsertListCommand.cpp:209)
6   WebCore                       	       0x15a30ea1f WebCore::CompositeEditCommand::apply() + 431 (CompositeEditCommand.cpp:398)
7   WebCore                       	       0x15a394a2d WebCore::executeInsertOrderedList(WebCore::LocalFrame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) + 157 (EditorCommand.cpp:519)
8   WebCore                       	       0x15a36ac24 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const + 212 (EditorCommand.cpp:1923)
9   WebCore                       	       0x15a05a869 WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) + 265 (Document.cpp:6105)
10  WebCore                       	       0x15739a8d9 WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*) + 1593 (JSDocument.cpp:6449)
11  WebCore                       	       0x15739a26e long long WebCore::IDLOperation<WebCore::JSDocument>::call<&(WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) + 670 (JSDOMOperation.h:63)
12  WebCore                       	       0x1573832e4 WebCore::jsDocumentPrototypeFunction_execCommand(JSC::JSGlobalObject*, JSC::CallFrame*) + 36 (JSDocument.cpp:6454)
13  ???                           	    0x5297a2e0c1b8 ???
14  JavaScriptCore                	       0x13fd6d55c llint_entry + 148024 (LowLevelInterpreter.asm:1191)
15  JavaScriptCore                	       0x13fd6d55c llint_entry + 148024 (LowLevelInterpreter.asm:1191)
16  JavaScriptCore                	       0x13fd4901d vmEntryToJavaScript + 286 (LowLevelInterpreter64.asm:368)
17  JavaScriptCore                	       0x140e6ecdb JSC::Interpreter::executeCallImpl(JSC::VM&, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1627 (Interpreter.cpp:1117)
18  JavaScriptCore                	       0x140e6ede0 JSC::Interpreter::executeCall(JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 112 (Interpreter.cpp:1126)
19  JavaScriptCore                	       0x14111881d JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 205 (CallData.cpp:57)
20  JavaScriptCore                	       0x1411188fd JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 205 (CallData.cpp:64)
21  JavaScriptCore                	       0x141118bbd JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 125 (CallData.cpp:85)
22  WebCore                       	       0x1597fe43c WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 252 (JSExecState.h:91)
23  WebCore                       	       0x15981dda5 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 2149 (JSEventListener.cpp:220)
24  WebCore                       	       0x15a16a89e WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 2ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) + 1022 (EventTarget.cpp:372)
25  WebCore                       	       0x15a15d71b WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 395 (EventTarget.cpp:304)
26  WebCore                       	       0x15aeb3619 WebCore::LocalDOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*) + 505 (LocalDOMWindow.cpp:2384)
27  WebCore                       	       0x15aebe5dd WebCore::LocalDOMWindow::dispatchLoadEvent() + 429 (LocalDOMWindow.cpp:2332)
28  WebCore                       	       0x15a046724 WebCore::Document::dispatchWindowLoadEvent() + 132 (Document.cpp:5330)
29  WebCore                       	       0x15a0462ed WebCore::Document::implicitClose() + 621 (Document.cpp:3344)
30  WebCore                       	       0x15ac7e3fb WebCore::FrameLoader::checkCallImplicitClose() + 155 (FrameLoader.cpp:995)
31  WebCore                       	       0x15ac7dec1 WebCore::FrameLoader::checkCompleted() + 433 (FrameLoader.cpp:936)
32  WebCore                       	       0x15ac7c13b WebCore::FrameLoader::finishedParsing() + 283 (FrameLoader.cpp:843)
33  WebCore                       	       0x15a05ce32 WebCore::Document::finishedParsing() + 738 (Document.cpp:6438)
34  WebCore                       	       0x15a79ba88 WebCore::HTMLConstructionSite::finishedParsing() + 24 (HTMLConstructionSite.cpp:448)
35  WebCore                       	       0x15a806730 WebCore::HTMLTreeBuilder::finished() + 256 (HTMLTreeBuilder.cpp:3026)
36  WebCore                       	       0x15a7a3193 WebCore::HTMLDocumentParser::end() + 243 (HTMLDocumentParser.cpp:446)
37  WebCore                       	       0x15a7a1061 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() + 289 (HTMLDocumentParser.cpp:455)
38  WebCore                       	       0x15a7a0d99 WebCore::HTMLDocumentParser::prepareToStopParsing() + 281 (HTMLDocumentParser.cpp:150)
39  WebCore                       	       0x15a7a31ff WebCore::HTMLDocumentParser::attemptToEnd() + 63 (HTMLDocumentParser.cpp:467)
40  WebCore                       	       0x15a7a32cb WebCore::HTMLDocumentParser::finish() + 59 (HTMLDocumentParser.cpp:495)
41  WebCore                       	       0x15ac18a7a WebCore::DocumentWriter::end() + 378 (DocumentWriter.cpp:323)

<rdar://106816068>
Comment 1 Ryosuke Niwa 2023-03-23 15:41:59 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/11892
Comment 2 EWS 2023-03-23 18:47:05 PDT 
Committed 262051@main (6e4c6ef4ca8a): <https://commits.webkit.org/262051@main>

Reviewed commits have been landed. Closing PR #11892 and removing active labels.