[Webkit-unassigned] [Bug 228559] New: [iOS 15] Crash in createFallbackTargetedPreview

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jul 28 11:28:16 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=228559

            Bug ID: 228559
           Summary: [iOS 15] Crash in createFallbackTargetedPreview
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: UI Events
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ajuma at chromium.org
                CC: thorton at apple.com, wenson_hsieh at apple.com

Chrome for iOS is seeing an increase in crash reports inside createFallbackTargetedPreview. The crash is an uncaught NSException ("Invalid parameter not satisfying: view != nil").

It looks like a call to -[UIView resizableSnapshotViewFromRect:afterScreenUpdates:withCapInsets:] is returning nil here: https://github.com/WebKit/WebKit/blob/main/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm#L8617

These crashes are happening after the app has been backgrounded, so perhaps users are triggering the context menu and then backgrounding the app before the logic to display the context menu is reached.

Here's the crash stack:

0x000000018899fe00      (CoreFoundation + 0x000d0e00)           __exceptionPreprocess
0x000000019f9b30d4      (libobjc.A.dylib + 0x0001a0d4)          objc_exception_throw
0x000000018a0f2e84      (Foundation + 0x0010ee84)               -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:]
0x000000018b4e6b4c      (UIKitCore + 0x0090bb4c)                -[UITargetedPreview initWithView:parameters:target:]
0x0000000196bf3578      (WebKit + 0x0075f578)           createFallbackTargetedPreview(UIView*, UIView*, WebCore::FloatRect const&, UIColor*)
0x0000000196bf3354      (WebKit + 0x0075f354)           -[WKContentView(WKInteraction) _createTargetedContextMenuHintPreviewForFocusedElement]
0x000000018bdcd2fc      (UIKitCore + 0x00000000011f22fc)                -[UIContextMenuInteraction _delegate_previewForHighlightingForConfiguration:]
0x000000018bdc8fd0      (UIKitCore + 0x00000000011edfd0)                -[UIContextMenuInteraction clickPresentationInteraction:previewForHighlightingAtLocation:]
0x000000018b984830      (UIKitCore + 0x00da9830)                -[_UIClickPresentationInteraction _prepareInteractionEffect]
0x000000018b981af8      (UIKitCore + 0x00da6af8)                -[_UIClickPresentationInteraction _performPreviewPresentation]
0x000000018bdc8cb8      (UIKitCore + 0x00000000011edcb8)                __51-[UIContextMenuInteraction _presentMenuAtLocation:]_block_invoke
0x000000018bdcd1fc      (UIKitCore + 0x00000000011f21fc)                __73-[UIContextMenuInteraction _interactionShouldBeginAtLocation:completion:]_block_invoke
0x000000018b17bf60      (UIKitCore + 0x005a0f60)                -[UIContextMenuInteraction _interactionShouldBeginAtLocation:completion:]
0x000000018bdc8c64      (UIKitCore + 0x00000000011edc64)                -[UIContextMenuInteraction _presentMenuAtLocation:]
0x0000000196bed45c      (WebKit + 0x0075945c)           -[WKContentView(WKInteraction) _elementDidFocus:userIsInteracting:blurPreviousNode:activityStateChanges:userObject:]
0x00000001968b763c      (WebKit + 0x0042363c)           WebKit::WebPageProxy::elementDidFocus(WebKit::FocusedElementInformation const&, bool, bool, WTF::OptionSet<WebCore::ActivityState::Flag>, WebKit::UserData const&)
0x0000000196b617a0      (WebKit + 0x006cd7a0)           WebKit::WebPageProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
0x00000001964e7a48      (WebKit + 0x00053a48)           IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&)
0x000000019687dcc0      (WebKit + 0x003e9cc0)           WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
0x00000001964c528c      (WebKit + 0x0003128c)           IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)
0x00000001964c4a70      (WebKit + 0x00030a70)           IPC::Connection::dispatchIncomingMessages()
0x0000000193fa3d50      (JavaScriptCore + 0x00f21d50)           WTF::RunLoop::performWork()
0x0000000193fa4bf0      (JavaScriptCore + 0x00f22bf0)           WTF::RunLoop::performWork(void*)
0x000000018896e1e4      (CoreFoundation + 0x0009f1e4)           __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x00000001889be2f4      (CoreFoundation + 0x000ef2f4)           __CFRunLoopDoSource0
0x000000018892d068      (CoreFoundation + 0x0005e068)           __CFRunLoopDoSources0
0x000000018893ce54      (CoreFoundation + 0x0006de54)           __CFRunLoopRun
0x0000000188949dd8      (CoreFoundation + 0x0007add8)           CFRunLoopRunSpecific
0x00000001a29cdaf8      (GraphicsServices + 0x00003af8)         GSEventRunModal
0x000000018af8bd6c      (UIKitCore + 0x003b0d6c)                -[UIApplication _run]
0x000000018af8b7f4      (UIKitCore + 0x003b07f4)                UIApplicationMain

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210728/2d2eaa56/attachment.htm>

More information about the webkit-unassigned mailing list