[Webkit-unassigned] [Bug 138961] crash in CAAnimation dealloc (CA::release_objects X::List)

Fri Dec 5 07:55:15 PST 2014

https://bugs.webkit.org/show_bug.cgi?id=138961

Andrei Palchys <andrei_palchys at epam.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |andrei_palchys at epam.com

--- Comment #6 from Andrei Palchys <andrei_palchys at epam.com> ---
(In reply to comment #0)
> Crashed: WebThread
> EXC_BAD_ACCESS KERN_INVALID_ADDRESS at 0xf000000c
> See the stack below.
> 
> This crash existed since 2013, but it increased a lot since iOS 8 release.
> 40% of the time it happens on iPhone 5s.
> 
> Stack:
> 
> Thread : Crashed: WebThread (com.apple.root.default-qos.overcommit)
> 0  libobjc.A.dylib                0x3a507f46 objc_msgSend + 5
> 1  CoreFoundation                 0x2cc2ee5d CFRelease + 600
> 2  QuartzCore                     0x2fc0ba65
> CA::release_objects(X::List<void const*>*) + 16
> 3  QuartzCore                     0x2fc10dc7 -[CAAnimation dealloc] + 54
> 4  libobjc.A.dylib                0x3a515d5f
> objc_object::sidetable_release(bool) + 166
> 5  libobjc.A.dylib                0x3a5161a9 (anonymous
> namespace)::AutoreleasePoolPage::pop(void*) + 404
> 6  CoreFoundation                 0x2cc39f99 _CFAutoreleasePoolPop + 16
> 7  Foundation                     0x2d9780ff -[NSAutoreleasePool drain] + 122
> 8  CFNetwork                      0x2c84f9d1
> AutoAutoreleasePool::~AutoAutoreleasePool() + 24
> 9  CFNetwork                      0x2c833a43
> ___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP
> 16_CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2 + 166
> 10 CFNetwork                      0x2c78834d
> RunloopBlockContext::_invoke_block(void const*, void*) + 60
> 11 CoreFoundation                 0x2cc39c7d CFArrayApplyFunction + 36
> 12 CFNetwork                      0x2c788207 RunloopBlockContext::perform()
> + 182
> 13 CFNetwork                      0x2c7880cd MultiplexerSource::perform() +
> 216
> 14 CFNetwork                      0x2c787f61
> MultiplexerSource::_perform(void*) + 48
> 15 CoreFoundation                 0x2ccee377
> __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 14
> 16 CoreFoundation                 0x2cced787 __CFRunLoopDoSources0 + 218
> 17 CoreFoundation                 0x2ccebded __CFRunLoopRun + 772
> 18 CoreFoundation                 0x2cc3a211 CFRunLoopRunSpecific + 476
> 19 CoreFoundation                 0x2cc3a023 CFRunLoopRunInMode + 106
> 20 WebCore                        0x38061ec3 RunWebThread(void*) + 418
> 21 libsystem_pthread.dylib        0x3abbee93 _pthread_body + 138
> 22 libsystem_pthread.dylib        0x3abbee07 _pthread_start + 118
> 
> Some related info:
> http://stackoverflow.com/questions/26656342/uiwebview-random-crash-at-
> uiviewanimationstate-release-message-sent-to-deallo
> Sample project:
> https://github.com/crarau/WebViewCrash
> 
> Sites that can crash with this:
> http://www.amazon.com
> http://www.yandex.ru
> http://m.vk.com

We see this crash very often in our UIWebView-based application (Cordova). I noticed if we reduce size of JS file that we load on the startup, it almost disappears but still exist.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141205/1eb833b0/attachment-0002.html>