Bug 32424

Summary: WebCore::ReplaceSelectionCommand::doApply ReadAV@NULL (15d09a1a5a07b619154c5a2a36579bfd)
Product: WebKit Reporter: Berend-Jan Wever <skylined>
Component: HTML EditingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: enrica, eric
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows Vista   
URL: http://skypher.com/SkyLined/Repro/WebKit/Bug%2032424%20-%20WebCore..ReplaceSelectionCommand..doApply%20ReadAV@NULL%20(15d09a1a5a07b619154c5a2a36579bfd)/repro.html
Attachments:
Description Flags
Repro none

Berend-Jan Wever
Reported 2009-12-11 04:43:34 PST
Created attachment 44671 [details] Repro Id: WebCore::ReplaceSelectionCommand::doApply ReadAV@NULL (15d09a1a5a07b619154c5a2a36579bfd) Description: Attempt to read from NULL pointer (+0x25) in WebCore::ReplaceSelectionCommand::doApply Stack: WebCore::ReplaceSelectionCommand::doApply WebCore::EditCommand::apply WebCore::applyCommand WebCore::executeInsertFragment WebCore::executeInsertHTML WebCore::Editor::Command::execute WebCore::Document::execCommand WebCore::DocumentInternal::execCommandCallback v8::internal::Builtin_HandleApiCall v8::internal::Invoke v8::internal::Execution::Call v8::Script::Run WebCore::V8Proxy::runScript WebCore::V8Proxy::evaluate WebCore::ScriptController::evaluate WebCore::ScriptController::executeScript WebCore::ScriptController::executeScript WebCore::ScriptController::executeIfJavaScriptURL WebCore::FrameLoader::changeLocation WebCore::RedirectScheduler::timerFired WebCore::Timer<...>::fired WebCore::ThreadTimers::sharedTimerFiredInternal MessageLoop::RunTask MessageLoop::DoWork base::MessagePumpDefault::Run MessageLoop::RunInternal MessageLoop::Run RendererMain ChromeMain Repro: <BODY onload=go()></BODY> <SCRIPT> function go() { document.execCommand("selectall",false,6); document.designMode="on"; document.execCommand("Cut",false,2); document.execCommand("inserthorizontalrule",""); document.execCommand("Delete",false, ""); document.designMode=""; document.execCommand("Undo",""); document.designMode="on"; document.execCommand("InsertHTML",false,""); } </SCRIPT>
Attachments
Repro (427 bytes, text/html)
2009-12-11 04:43 PST, Berend-Jan Wever 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Berend-Jan Wever
Comment 1 2009-12-11 04:44:39 PST
Online repro
Berend-Jan Wever
Comment 2 2009-12-31 02:32:09 PST
Mike Moretti claims there is a problem with "Undo" after "designmode off". https://bugs.webkit.org/show_bug.cgi?id=32822 I am assuming this is a variation of that problem. *** This bug has been marked as a duplicate of bug 32823 ***
Note You need to log in before you can comment on or make changes to this bug.