[Webkit-unassigned] [Bug 149495] New: SIGSEGV in contentsSizeRespectingOverflow on iOS 9 (UIWebView)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Sep 23 01:34:22 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=149495
Bug ID: 149495
Summary: SIGSEGV in contentsSizeRespectingOverflow on iOS 9
(UIWebView)
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: iOS
OS: iOS 9.0
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: davidkclark at gmail.com
Created attachment 261806
--> https://bugs.webkit.org/attachment.cgi?id=261806&action=review
assembly stacktrace
I am sorry if this is not the right place to post this bug report.
I noticed that not long ago contentsSizeRespectingOverflow was exposed to UIWebView (https://bugs.webkit.org/show_bug.cgi?id=146924). Since then iOS9 has been released which I am assuming has used this newly exposed function, as I am getting crashes with this kind of stack trace:
Exception Type: SIGSEGV
Exception Codes: SEGV_ACCERR at 0x100000057
Thread 0 Crashed:
0 WebCore 0x000000019483bba4 WebCore::FrameView::contentsSizeRespectingOverflow() const + 128
1 WebKitLegacy 0x00000001953ee774 -[WebView(WebPrivate) _contentsSizeRespectingOverflow] + 40
2 UIKit 0x0000000187e2fd00 -[UIWebDocumentView _updateSize] + 496
3 CoreFoundation 0x000000018282e6ac __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ + 16
4 CoreFoundation 0x000000018282decc _CFXRegistrationPost + 392
5 CoreFoundation 0x000000018282dc4c ___CFXNotificationPost_block_invoke + 56
6 CoreFoundation 0x0000000182893434 -[_CFXNotificationRegistrar find:object:observer:enumerator:] + 1528
7 CoreFoundation 0x000000018276e834 _CFXNotificationPost + 364
8 Foundation 0x00000001836da2fc -[NSNotificationCenter postNotificationName:object:userInfo:] + 64
9 CoreFoundation 0x000000018288ea80 __invoking___ + 140
10 CoreFoundation 0x000000018278c5f4 -[NSInvocation invoke] + 280
11 WebCore 0x0000000194401884 HandleDelegateSource(void*) + 104
12 CoreFoundation 0x00000001828405a4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 20
13 CoreFoundation 0x0000000182840038 __CFRunLoopDoSources0 + 536
14 CoreFoundation 0x000000018283dd38 __CFRunLoopRun + 720
15 CoreFoundation 0x000000018276cdc0 CFRunLoopRunSpecific + 380
16 GraphicsServices 0x000000018d8c0088 GSEventRunModal + 176
17 UIKit 0x0000000187e46f60 UIApplicationMain + 200
18 [OurApp] 0x000000010002813c main (main.m:18)
19 libdyld.dylib 0x0000000197ca68b8 start + 0
As you can see, it seems to be in WebCore.
What the UIWebView was doing at the time was loading a page. It is the first page that that instance has loaded, but it is the second instance of UIWebView that the app has used (the first one is still allocated - the new one has been pushed onto the view stack - sorry if these details are too iOS app specific.
If there are any more details that I can give, please let me know. I have a disassembler (I guess that's what it is) stack trace from replicating this in the xcode debugger, but I'm not sure that is any more useful... I'll attach it anyway.
I have made a minimal app that exhibits the problem. It ONLY does it on one specific web page that loads though. I am trying to work through what is on that page to narrow it down to a minimal page that has the issue, but it is proving difficult. Removing a particular script (re-targeting I think) from the body makes the problem go away, but having only that script does not cause the crash. Having that script with a bit of the page (other scripts, google analytics, etc) the crash happens. It seem like it could be a timing issue or something?
I will provide the app code to reproduce if I can get to a point where it is minimal and does not need me to upload any private information.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150923/c6d69043/attachment.html>
More information about the webkit-unassigned
mailing list