[Webkit-unassigned] [Bug 219843] REGRESSION (iOS 14): Bad access crash in ShareableBitmap::makeCGImageCopy() under assignLegacyDataForContextMenuInteraction()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Dec 21 12:47:25 PST 2020
https://bugs.webkit.org/show_bug.cgi?id=219843
--- Comment #8 from Wenson Hsieh <wenson_hsieh at apple.com> ---
>From code inspection, this could happen if we take either of these early returns in imagePositionInformation(WebPage&, Element&, const InteractionInformationRequest&, InteractionInformationAtPosition&):
```
auto sharedBitmap = ShareableBitmap::createShareable(IntSize(bitmapSize), bitmapConfiguration);
if (!sharedBitmap)
return;
auto graphicsContext = sharedBitmap->createGraphicsContext();
if (!graphicsContext)
return;
```
I'm not 100% sure this is the scenario that's triggering the bug here, but it's one potential cause.
At any rate, it probably makes sense to teach the UI process to be robust in the case where position information's `isImage` flag is set but the `image` itself is null, since data coming from the web content process should (generally speaking) be vetted before making assumptions that could cause crashes, hangs, etc.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201221/8ea15848/attachment-0001.htm>
More information about the webkit-unassigned
mailing list