[Webkit-unassigned] [Bug 149495] New: SIGSEGV in contentsSizeRespectingOverflow on iOS 9 (UIWebView)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Sep 23 01:34:22 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=149495

            Bug ID: 149495
           Summary: SIGSEGV in contentsSizeRespectingOverflow on iOS 9
                    (UIWebView)
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: iOS
                OS: iOS 9.0
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: davidkclark at gmail.com

Created attachment 261806
  --> https://bugs.webkit.org/attachment.cgi?id=261806&action=review
assembly stacktrace

I am sorry if this is not the right place to post this bug report.
I noticed that not long ago contentsSizeRespectingOverflow was exposed to UIWebView (https://bugs.webkit.org/show_bug.cgi?id=146924). Since then iOS9 has been released which I am assuming has used this newly exposed function, as I am getting crashes with this kind of stack trace:

Exception Type:  SIGSEGV
Exception Codes: SEGV_ACCERR at 0x100000057

Thread 0 Crashed:
0   WebCore                              0x000000019483bba4 WebCore::FrameView::contentsSizeRespectingOverflow() const + 128
1   WebKitLegacy                         0x00000001953ee774 -[WebView(WebPrivate) _contentsSizeRespectingOverflow] + 40
2   UIKit                                0x0000000187e2fd00 -[UIWebDocumentView _updateSize] + 496
3   CoreFoundation                       0x000000018282e6ac __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ + 16
4   CoreFoundation                       0x000000018282decc _CFXRegistrationPost + 392
5   CoreFoundation                       0x000000018282dc4c ___CFXNotificationPost_block_invoke + 56
6   CoreFoundation                       0x0000000182893434 -[_CFXNotificationRegistrar find:object:observer:enumerator:] + 1528
7   CoreFoundation                       0x000000018276e834 _CFXNotificationPost + 364
8   Foundation                           0x00000001836da2fc -[NSNotificationCenter postNotificationName:object:userInfo:] + 64
9   CoreFoundation                       0x000000018288ea80 __invoking___ + 140
10  CoreFoundation                       0x000000018278c5f4 -[NSInvocation invoke] + 280
11  WebCore                              0x0000000194401884 HandleDelegateSource(void*) + 104
12  CoreFoundation                       0x00000001828405a4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 20
13  CoreFoundation                       0x0000000182840038 __CFRunLoopDoSources0 + 536
14  CoreFoundation                       0x000000018283dd38 __CFRunLoopRun + 720
15  CoreFoundation                       0x000000018276cdc0 CFRunLoopRunSpecific + 380
16  GraphicsServices                     0x000000018d8c0088 GSEventRunModal + 176
17  UIKit                                0x0000000187e46f60 UIApplicationMain + 200
18  [OurApp]                             0x000000010002813c main (main.m:18)
19  libdyld.dylib                        0x0000000197ca68b8 start + 0


As you can see, it seems to be in WebCore.
What the UIWebView was doing at the time was loading a page. It is the first page that that instance has loaded, but it is the second instance of UIWebView that the app has used (the first one is still allocated - the new one has been pushed onto the view stack - sorry if these details are too iOS app specific.

If there are any more details that I can give, please let me know. I have a disassembler (I guess that's what it is) stack trace from replicating this in the xcode debugger, but I'm not sure that is any more useful... I'll attach it anyway.

I have made a minimal app that exhibits the problem. It ONLY does it on one specific web page that loads though. I am trying to work through what is on that page to narrow it down to a minimal page that has the issue, but it is proving difficult. Removing a particular script (re-targeting I think) from the body makes the problem go away, but having only that script does not cause the crash. Having that script with a bit of the page (other scripts, google analytics, etc) the crash happens. It seem like it could be a timing issue or something?

I will provide the app code to reproduce if I can get to a point where it is minimal and does not need me to upload any private information.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150923/c6d69043/attachment.html>

More information about the webkit-unassigned mailing list