[Webkit-unassigned] [Bug 233217] New: [iOS 15] Nullptr crashes in ShareableBitmap::createGraphicsContext, mostly on twitter.com

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 16 14:50:10 PST 2021 

https://bugs.webkit.org/show_bug.cgi?id=233217

            Bug ID: 233217
           Summary: [iOS 15] Nullptr crashes in
                    ShareableBitmap::createGraphicsContext, mostly on
                    twitter.com
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Images
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ajuma at chromium.org
                CC: heycam at apple.com, sabouhallawa at apple.com,
                    wenson_hsieh at apple.com

Chrome for iOS is getting crash reports in ShareableBitmap::createGraphicsContext, mostly (> 50%) on twitter.com pages with large images. This is new in iOS 15.0, and is still occurring on iOS 15.2.

Looking for recent changes in the call stack, I wonder if this is related to r281661.

Here's the stack:
CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000018 ] 
0x00000001923179a8 (WebKit + 0x003569a8)        WebKit::wantsExtendedRange(WebKit::ShareableBitmap::Configuration const&)
0x0000000192317a08 (WebKit + 0x00356a08)        WebKit::ShareableBitmap::createGraphicsContext()
0x0000000192317a08 (WebKit + 0x00356a08)        WebKit::ShareableBitmap::createGraphicsContext()
0x0000000192317b58 (WebKit + 0x00356b58)        WebKit::ShareableBitmap::makeCGImageCopy()
0x00000001923ad30c (WebKit + 0x003ec30c)        WebKit::PageClientImpl::startDrag(WebCore::DragItem const&, WebKit::ShareableBitmap::Handle const&)
0x000000019274aba0 (WebKit + 0x00789ba0)        WebKit::WebPageProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
0x00000001920192cc (WebKit + 0x000582cc)        IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&)
0x0000000192421a68 (WebKit + 0x00460a68)        WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
0x0000000191ff700c (WebKit + 0x0003600c)        IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)
0x0000000191ff661c (WebKit + 0x0003561c)        IPC::Connection::dispatchIncomingMessages()
0x000000018f914778 (JavaScriptCore + 0x01133778)        WTF::RunLoop::performWork()
0x000000018f9158e8 (JavaScriptCore + 0x011348e8)        WTF::RunLoop::performWork(void*)
0x000000018395102c (CoreFoundation + 0x000bb02c)        __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x0000000183961cec (CoreFoundation + 0x000cbcec)        __CFRunLoopDoSource0
0x000000018389bff4 (CoreFoundation + 0x00005ff4)        __CFRunLoopDoSources0
0x00000001838a1800 (CoreFoundation + 0x0000b800)        __CFRunLoopRun
0x00000001838b53c4 (CoreFoundation + 0x0001f3c4)        CFRunLoopRunSpecific
0x000000019f0c6388 (GraphicsServices + 0x00001388)      GSEventRunModal
0x000000018625b05c (UIKitCore + 0x0051b05c)     -[UIApplication _run]
0x0000000185fd8b88 (UIKitCore + 0x00298b88)     UIApplicationMain

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211116/e720d528/attachment.htm>

More information about the webkit-unassigned mailing list