[chromium-bugs] Issue 8019 in chromium: Gmail crashes on returns/deletes

codesite-noreply Tue, 24 Feb 2009 15:05:53 -0800

Status: Untriaged
Owner: a...@chromium.org
Labels: Type-Bug Pri-2 OS-All Area-Misc


New issue 8019 by a...@chromium.org: Gmail crashes on returns/deletes
http://code.google.com/p/chromium/issues/detail?id=8019

What steps will reproduce the problem?
1. Open a Gmail compose page
2. In the compose area type "asdf", then return four times, then delete
four times

What is the expected output? What do you see instead?

No crash; crash.

0x013a3ed6 in WebCore::Range::compareBoundaryPoints (containerA=0x1b3f2240,
offsetA=4, containerB=0x0, offsetB=0) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/dom/Range.cpp:444
444         ASSERT(containerA && containerB);
(gdb) bt
#0  0x013a3ed6 in WebCore::Range::compareBoundaryPoints
(containerA=0x1b3f2240, offsetA=4, containerB=0x0, offsetB=0) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/dom/Range.cpp:444
#1  0x013a423f in WebCore::Range::compareBoundaryPoints (a...@0xb01a0da4,
b...@0xb01a0d9c) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/dom/Range.cpp:532
#2  0x00ed7b5c in WebCore::ApplyStyleCommand::applyInlineStyleToRange
(this=0x1b3f5a10, style=0x1c7024f0, sta...@0xb01a0ee0,
rangee...@0xb01a0ed8) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/ApplyStyleCommand.cpp:874
#3  0x00edad4c in WebCore::ApplyStyleCommand::applyInlineStyle
(this=0x1b3f5a10, style=0x1c7024f0) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/ApplyStyleCommand.cpp:856
#4  0x00edbe7c in WebCore::ApplyStyleCommand::doApply (this=0x1b3f5a10) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/ApplyStyleCommand.cpp:380
#5  0x0111aceb in WebCore::EditCommand::apply (this=0x1b3f5a10) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/EditCommand.cpp:92
#6  0x00f55c07 in WebCore::CompositeEditCommand::applyCommandToComposite
(this=0x1c703600, c...@0xb01a1094) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/CompositeEditCommand.cpp:98
#7  0x00f5bd60 in WebCore::CompositeEditCommand::applyStyle
(this=0x1c703600, style=0x1c703900,
editingAction=WebCore::EditActionChangeAttributes) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/CompositeEditCommand.cpp:104
#8  0x00f5df8b in WebCore::CompositeEditCommand::moveParagraphs
(this=0x1c703600, startofparagraphtomo...@0xb01a14ec,
endofparagraphtomo...@0xb01a14c8, destinati...@0xb01a14e0,
preserveSelection=false, preserveStyle=true) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/CompositeEditCommand.cpp:857
#9  0x00f5e50a in WebCore::CompositeEditCommand::moveParagraph
(this=0x1c703600, startofparagraphtomo...@0xb01a14ec,
endofparagraphtomo...@0xb01a14c8, destinati...@0xb01a14e0,
preserveSelection=false, preserveStyle=true) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/CompositeEditCommand.cpp:734
#10 0x0108715f in WebCore::DeleteSelectionCommand::mergeParagraphs
(this=0x1c703600) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/DeleteSelectionCommand.cpp:610
#11 0x0108bde5 in WebCore::DeleteSelectionCommand::doApply
(this=0x1c703600) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/DeleteSelectionCommand.cpp:768
#12 0x0111aceb in WebCore::EditCommand::apply (this=0x1c703600) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/EditCommand.cpp:92
#13 0x00f55c07 in WebCore::CompositeEditCommand::applyCommandToComposite
(this=0x1b3eb520, c...@0xb01a17c4) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/CompositeEditCommand.cpp:98
#14 0x00f563a8 in WebCore::CompositeEditCommand::deleteSelection
(this=0x1b3eb520, selecti...@0xb01a1928, smartDelete=false,
mergeBlocksAfterDelete=true, replace=false, expandForSpecialElements=true)
at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/CompositeEditCommand.cpp:351
#15 0x016b073b in WebCore::TypingCommand::deleteKeyPressed
(this=0x1b3eb520, granularity=WebCore::CharacterGranularity,
killRing=false) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/TypingCommand.cpp:447
#16 0x016b2092 in WebCore::TypingCommand::deleteKeyPressed
(document=0x59b0e00, smartDelete=false,
granularity=WebCore::CharacterGranularity, killRing=false) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/TypingCommand.cpp:90
#17 0x011283f5 in WebCore::Editor::deleteWithDirection (this=0x59d8934,
direction=WebCore::SelectionController::BACKWARD,
granularity=WebCore::CharacterGranularity, killRing=false,
isTypingAction=true) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/Editor.cpp:246
#18 0x011319e5 in WebCore::executeDeleteBackward (frame=0x59d8400) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/EditorCommand.cpp:298
#19 0x0112e047 in WebCore::Editor::Command::execute (this=0xb01a1be8,
paramet...@0xb01a1b98, triggeringEvent=0x1c702f30) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/EditorCommand.cpp:1450
#20 0x0112e0ad in WebCore::Editor::Command::execute (this=0xb01a1be8,
triggeringEvent=0x1c702f30) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/EditorCommand.cpp:1455
#21 0x0057e0ff in EditorClientImpl::handleEditingKeyboardEvent
(this=0x5516280, evt=0x1c702f30) at
/Users/avi/Source/chrome/src/webkit/glue/editor_client_impl.cc:599
#22 0x0057c431 in EditorClientImpl::handleKeyboardEvent (this=0x5516280,
evt=0x1c702f30) at
/Users/avi/Source/chrome/src/webkit/glue/editor_client_impl.cc:636
#23 0x011227d9 in WebCore::Editor::handleKeyboardEvent (this=0x59d8934,
event=0x1c702f30) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/editing/Editor.cpp:105
#24 0x01145c56 in WebCore::EventHandler::defaultKeyboardEventHandler
(this=0x59d8960, event=0x1c702f30) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/page/EventHandler.cpp:1907
#25 0x0134587a in WebCore::Node::defaultEventHandler (this=0x1b3e35a0,
event=0x1c702f30) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/dom/Node.cpp:2812
#26 0x01346556 in WebCore::Node::dispatchGenericEvent (this=0x1b3e35a0,
prpeve...@0xb01a1eec) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/dom/Node.cpp:2439
#27 0x01346b3d in WebCore::Node::dispatchEvent (this=0x1b3e35a0,
e...@0xb01a1fc4, e...@0xb01a1fe0) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/dom/Node.cpp:2336
#28 0x01144cd7 in WebCore::EventHandler::keyEvent (this=0x59d8960,
initialkeyeve...@0xb01a2060) at
/Users/avi/Source/chrome/src/webkit/../third_party/WebKit/WebCore/page/EventHandler.cpp:1848
#29 0x005fcaa7 in WebViewImpl::KeyEvent (this=0x5515ee0, eve...@0x1c702fc4)
at /Users/avi/Source/chrome/src/webkit/glue/webview_impl.cc:524
#30 0x005fd3ad in WebViewImpl::HandleInputEvent (this=0x5515ee0,
input_event=0x1c702fc4) at
/Users/avi/Source/chrome/src/webkit/glue/webview_impl.cc:965
#31 0x00b58f13 in RenderWidget::OnHandleInputEvent (this=0x5816a00,
messa...@0x1c7033bc) at
/Users/avi/Source/chrome/src/chrome/renderer/render_widget.cc:333
#32 0x00b5c965 in IPC::Message::Dispatch<RenderWidget> (msg=0x1c7033bc,
obj=0x5816a00, func={__pfn = 0xb58e8c
<RenderWidget::OnHandleInputEvent(IPC::Message const&)>, __delta = 0}) at
ipc_message.h:148
#33 0x00b59f46 in RenderWidget::OnMessageReceived (this=0x5816a00,
m...@0x1c7033bc) at
/Users/avi/Source/chrome/src/chrome/renderer/render_widget.cc:168
#34 0x00b86a3d in RenderView::OnMessageReceived (this=0x5816a00,
messa...@0x1c7033bc) at
/Users/avi/Source/chrome/src/chrome/renderer/render_view.cc:418
#35 0x0050aa62 in MessageRouter::RouteMessage (this=0x5514e90,
m...@0x1c7033bc) at
/Users/avi/Source/chrome/src/chrome/common/message_router.cc:39
#36 0x0050aae9 in MessageRouter::OnMessageReceived (this=0x5514e90,
m...@0x1c7033bc) at
/Users/avi/Source/chrome/src/chrome/common/message_router.cc:30
#37 0x004bd8e5 in ChildThread::OnMessageReceived (this=0x5514e64,
m...@0x1c7033bc) at
/Users/avi/Source/chrome/src/chrome/common/child_thread.cc:72
#38 0x004d6b18 in IPC::ChannelProxy::Context::OnDispatchMessage
(this=0x5514c70, messa...@0x1c7033bc) at
/Users/avi/Source/chrome/src/chrome/common/ipc_channel_proxy.cc:174
#39 0x004d8adb in DispatchToMethod<IPC::ChannelProxy::Context, void
(IPC::ChannelProxy::Context::*)(IPC::Message const&), IPC::Message>
(obj=0x5514c70, method={__pfn = 0x4d6a7a
<IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&)>,
__delta = 0}, a...@0x1c7033bc) at tuple.h:393
#40 0x004d8b39 in RunnableMethod<IPC::ChannelProxy::Context, void
(IPC::ChannelProxy::Context::*)(IPC::Message const&), Tuple1<IPC::Message>
> ::Run (this=0x1c7033a0) at task.h:308
#41 0x000555c3 in MessageLoop::RunTask (this=0xb01a2d88, task=0x1c7033a0)
at /Users/avi/Source/chrome/src/base/message_loop.cc:308
#42 0x00055a8b in MessageLoop::DeferOrRunPendingTask (this=0xb01a2d88,
pending_ta...@0xb01a2a88) at
/Users/avi/Source/chrome/src/base/message_loop.cc:316
#43 0x00055fb9 in MessageLoop::DoWork (this=0xb01a2d88) at
/Users/avi/Source/chrome/src/base/message_loop.cc:408
#44 0x00063116 in base::MessagePumpDefault::Run (this=0x5515420,
delegate=0xb01a2d88) at
/Users/avi/Source/chrome/src/base/message_pump_default.cc:23
#45 0x000569a9 in MessageLoop::RunInternal (this=0xb01a2d88) at
/Users/avi/Source/chrome/src/base/message_loop.cc:197
#46 0x000569e7 in MessageLoop::RunHandler (this=0xb01a2d88) at
/Users/avi/Source/chrome/src/base/message_loop.cc:180
#47 0x00056ab6 in MessageLoop::Run (this=0xb01a2d88) at
/Users/avi/Source/chrome/src/base/message_loop.cc:154
#48 0x000ae703 in base::Thread::ThreadMain (this=0x5514e6c) at
/Users/avi/Source/chrome/src/base/thread.cc:156
#49 0x0007415e in ThreadFunc (closure=0x5514e6c) at
/Users/avi/Source/chrome/src/base/platform_thread_posix.cc:26
#50 0x93f52095 in _pthread_start ()
#51 0x93f51f52 in thread_start ()


--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---

[chromium-bugs] Issue 8019 in chromium: Gmail crashes on returns/deletes

Reply via email to