[Webkit-unassigned] [Bug 221565] New: [iOS] Crash in ValidationBubble::show()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Feb 8 12:17:04 PST 2021 

https://bugs.webkit.org/show_bug.cgi?id=221565

            Bug ID: 221565
           Summary: [iOS] Crash in ValidationBubble::show()
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ajuma at chromium.org
                CC: bfulgham at webkit.org, simon.fraser at apple.com,
                    wenson_hsieh at apple.com, zalan at apple.com

Chrome for iOS is getting large number of crash reports in ValidationBubble::show(), all in iOS 14.

The crash stack is:

Thread 0  (id: 0x00000407) CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x72657473 ]
0x00000001b173d468(libobjc.A.dylib + 0x00002468)objc_msgSend
0x00000001aa5886c0(WebCore + 0x00ba46c0)WebCore::ValidationBubble::show()
0x00000001a93f2798(WebKit + 0x003c1798)WebKit::WebPageProxy::showValidationMessage(WebCore::IntRect const&, WTF::String const&)
0x00000001a960cda4(WebKit + 0x005dbda4)WebKit::WebPageProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
0x00000001a907d668(WebKit + 0x0004c668)IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&)
0x00000001a938b580(WebKit + 0x0035a580)WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
0x00000001a9061214(WebKit + 0x00030214)IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)
0x00000001a9060b58(WebKit + 0x0002fb58)IPC::Connection::dispatchIncomingMessages()
0x00000001a6ecfbc8(JavaScriptCore + 0x00dc6bc8)WTF::RunLoop::performWork()
0x00000001a6ed0714(JavaScriptCore + 0x00dc7714)WTF::RunLoop::performWork(void*)
0x000000019d33bbec(CoreFoundation + 0x0009abec)__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x000000019d33baec(CoreFoundation + 0x0009aaec)__CFRunLoopDoSource0
0x000000019d33ae34(CoreFoundation + 0x00099e34)__CFRunLoopDoSources0
0x000000019d3353dc(CoreFoundation + 0x000943dc)__CFRunLoopRun
0x000000019d334b9c(CoreFoundation + 0x00093b9c)CFRunLoopRunSpecific
0x00000001b409d594(GraphicsServices + 0x00003594)GSEventRunModal
0x000000019fc262f0(UIKitCore + 0x00b2e2f0)-[UIApplication _run]
0x000000019fc2b870(UIKitCore + 0x00b33870)UIApplicationMain
0x0000000104baa4ec(Chrome -chrome_exe_main.mm:71)main
0x000000019d013564(libdyld.dylib + 0x00001564)start

The crash URLs seem to mostly be sign-in pages like:
https://schoolzone.epsb.ca/cf/index.cfm
https://myaccount.uscis.gov/
https://www.bigideasmath.com/BIM/login

Looking through changes that might have caused this, https://bugs.webkit.org/show_bug.cgi?id=208472 is the only thing I could find in ValidationBubble-related code that's new in iOS 14.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210208/1df9ccf6/attachment.htm>

More information about the webkit-unassigned mailing list