[Webkit-unassigned] [Bug 158150] New: big images crash UIWebView after CA::Render::create_image_by_copying

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri May 27 04:31:50 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=158150

            Bug ID: 158150
           Summary: big images crash UIWebView after
                    CA::Render::create_image_by_copying
    Classification: Unclassified
           Product: WebKit
           Version: Other
          Hardware: iOS
                OS: iOS 9.3
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Images
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: danielo at opera.com

Clicking a link to a big size (big enough) image in UIWebView leads to an OOM crash.
I didn't find a way to recover by freeing the web view from didReceiveMemoryWarning.
In some cases didReceiveMemoryWarning is not even called.

A sample project with a big image is attached.
Start it on a device with 1 Gb RAM, and you'll probably get a crash.

Debugging this in Instruments (with Allocations template) shows 2 related call stacks.

Stack 1 (inverted):
  22 libsystem_pthread.dylib  948.78 MB     start_wqthread
  21 libsystem_pthread.dylib  948.78 MB     _pthread_wqthread
  20 libdispatch.dylib  948.78 MB     _dispatch_worker_thread3
  19 libdispatch.dylib  948.78 MB     _dispatch_root_queue_drain
  18 libdispatch.dylib  948.23 MB     _dispatch_queue_invoke
  17 libdispatch.dylib  948.23 MB     _dispatch_queue_drain
  16 libdispatch.dylib  948.22 MB     _dispatch_client_callout
  15 QuartzCore  948.15 MB     CA::CG::Queue::render_callback(void*)
  14 libdispatch.dylib  948.15 MB     _dispatch_sync_f_invoke
  13 libdispatch.dylib  948.15 MB     _dispatch_client_callout
  12 QuartzCore  948.15 MB     CA::CG::Queue::parallel_render_callback(void*)
  11 QuartzCore  948.15 MB     CA::CG::DrawOp::render(CA::CG::Renderer&) const
  10 QuartzCore  948.14 MB     CA::CG::DrawImage::draw_image(CA::CG::Renderer&, bool) const
   9 QuartzCore  948.14 MB     CA::CG::fill_image(CA::CG::Renderer&, CGImage*, CA::Rect const&, CA::Mat2<double> const&, bool, bool, CGInterpolationQuality, CA::Bounds const*)
   8 QuartzCore  948.14 MB     CA::Render::copy_image(CGImage*, CGColorSpace*, unsigned int, double)
   7 QuartzCore  948.14 MB     CA::Render::create_image(CGImage*, CGColorSpace*, unsigned int)
   6 QuartzCore  948.13 MB     CA::Render::(anonymous namespace)::create_image_by_copying(unsigned int, unsigned int, CGColorSpace*, CGDataProvider*, void const*, unsigned long, unsigned int, unsigned int)
   5 CoreGraphics  475.20 MB     imageProvider_getBytes
   4 CoreGraphics  475.20 MB     CGImageProviderCopyImageBlockSet
   3 ImageIO  475.20 MB     ImageProviderCopyImageBlockSetCallback
   2 ImageIO  475.20 MB     copyImageBlockSetAppleJPEG
   1 ImageIO  473.00 MB     ImageIO_Malloc
   0 libsystem_kernel.dylib  472.95 MB     mmap

Stack 2 (inverted):
  18 libsystem_pthread.dylib  948.78 MB     start_wqthread
  17 libsystem_pthread.dylib  948.78 MB     _pthread_wqthread
  16 libdispatch.dylib  948.78 MB     _dispatch_worker_thread3
  15 libdispatch.dylib  948.78 MB     _dispatch_root_queue_drain
  14 libdispatch.dylib  948.23 MB     _dispatch_queue_invoke
  13 libdispatch.dylib  948.23 MB     _dispatch_queue_drain
  12 libdispatch.dylib  948.22 MB     _dispatch_client_callout
  11 QuartzCore  948.15 MB     CA::CG::Queue::render_callback(void*)
  10 libdispatch.dylib  948.15 MB     _dispatch_sync_f_invoke
   9 libdispatch.dylib  948.15 MB     _dispatch_client_callout
   8 QuartzCore  948.15 MB     CA::CG::Queue::parallel_render_callback(void*)
   7 QuartzCore  948.15 MB     CA::CG::DrawOp::render(CA::CG::Renderer&) const
   6 QuartzCore  948.14 MB     CA::CG::DrawImage::draw_image(CA::CG::Renderer&, bool) const
   5 QuartzCore  948.14 MB     CA::CG::fill_image(CA::CG::Renderer&, CGImage*, CA::Rect const&, CA::Mat2<double> const&, bool, bool, CGInterpolationQuality, CA::Bounds const*)
   4 QuartzCore  948.14 MB     CA::Render::copy_image(CGImage*, CGColorSpace*, unsigned int, double)
   3 QuartzCore  948.14 MB     CA::Render::create_image(CGImage*, CGColorSpace*, unsigned int)
   2 QuartzCore  948.13 MB     CA::Render::(anonymous namespace)::create_image_by_copying(unsigned int, unsigned int, CGColorSpace*, CGDataProvider*, void const*, unsigned long, unsigned int, unsigned int)
   1 QuartzCore  472.94 MB     CA::Render::aligned_malloc(unsigned long, void**)
   0 libsystem_kernel.dylib  472.94 MB     mmap

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160527/056f2b88/attachment.html>

More information about the webkit-unassigned mailing list