[Webkit-unassigned] [Bug 242857] New: [iOS 16] Crash when tapping on input field opens a new tab

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jul 18 06:37:54 PDT 2022 

https://bugs.webkit.org/show_bug.cgi?id=242857

            Bug ID: 242857
           Summary: [iOS 16] Crash when tapping on input field opens a new
                    tab
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Forms
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ajuma at chromium.org
                CC: cdumez at apple.com, justincohen at google.com,
                    wenson_hsieh at apple.com

Created attachment 460972

  --> https://bugs.webkit.org/attachment.cgi?id=460972&action=review

Test case

The attached test case crashes in both Safari and Chrome in iOS 16 developer beta 2. Tapping on the following input crashes the UIProcess:

<input type="text" name="test" onclick="window.open('https://www.webkit.org')"/>

The crash happens because of an NSInternalInconsistencyException ("Received request for main thread, but there is no current keyboard task executing.").

The relevant portion of the crash stack is:
0   CoreFoundation                  0x1abeaf248 __exceptionPreprocess + 164 (NSException.m:202)
1   libobjc.A.dylib                 0x1abad3098 objc_exception_throw + 60 (objc-exception.mm:356)
2   Foundation                      0x1acf56724 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 188 (NSException.m:242)
3   UIKitCore                       0x1b2d02018 -[UIKeyboardTaskQueue performTaskOnMainThread:waitUntilDone:] + 396 (UIKeyboardTaskQueue.m:323)
4   UIKitCore                       0x1b305dacc -[UIKeyboardTaskQueue performSingleTask:] + 80 (UIKeyboardTaskQueue.m:477)
5   UIKitCore                       0x1b37885ac -[UIKeyboardImpl updateForChangedSelection] + 116 (UIKeyboardImpl.m:9826)
6   UIKitCore                       0x1b377d394 -[UIKeyboardImpl setDelegate:force:fromBecomeFirstResponder:] + 6144 (UIKeyboardImpl.m:6008)
7   UIKitCore                       0x1b34eb5d0 -[UIKeyboardSceneDelegate _reloadInputViewsForKeyWindowSceneResponder:force:fromBecomeFirstResponder:] + 948 (UIKeyboardSceneDelegate.m:1145)
8   UIKitCore                       0x1b34eb1dc -[UIKeyboardSceneDelegate _reloadInputViewsForResponder:force:fromBecomeFirstResponder:] + 128 (UIKeyboardSceneDelegate.m:1067)
9   UIKitCore                       0x1b2e0dc48 -[UIResponder(UIResponderInputViewAdditions) reloadInputViews] + 84 (UIResponder.m:1983)

Also see FB10505050 for full crash logs from Safari and Chrome.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220718/2094b39d/attachment.htm>

More information about the webkit-unassigned mailing list