[Webkit-unassigned] [Bug 240880] New: [iOS 15.4+] Crash in VideoFullscreenInterfaceAVKit::doEnterFullscreen

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 24 13:48:40 PDT 2022 

https://bugs.webkit.org/show_bug.cgi?id=240880

            Bug ID: 240880
           Summary: [iOS 15.4+] Crash in
                    VideoFullscreenInterfaceAVKit::doEnterFullscreen
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Media
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ajuma at chromium.org

Created attachment 459733

  --> https://bugs.webkit.org/attachment.cgi?id=459733&action=review

Crash log

Chrome for iOS is getting a large number of crash reports on iOS 15.4+ (including on iOS 15.6 beta) for crashes in VideoFullscreenInterfaceAVKit::doEnterFullscreen. We don't have steps to reproduce, but the crash URLs are (unsurprisingly) video streaming sites.

I've attached a crash log. Here's the crashing stack:

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000032
Exception Codes: 0x0000000000000001, 0x0000000000000032
VM Region Info: 0x32 is not in any region.  Bytes before following region: 4329193422
      REGION TYPE                 START - END      [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                   1020a4000-1020a8000 [   16K] r-x/r-x SM=COW  ...le.app/Chrome
Exception Note:  EXC_CORPSE_NOTIFY
Termination Reason: SIGNAL 11 Segmentation fault: 11
Terminating Process: exc handler [30331]

Triggered by Thread:  0


Thread 0 name:
Thread 0 name:
Thread 0 Crashed:
0   WebCore                             0x00000001e9bd5fa4 WebCore::VideoFullscreenInterfaceAVKit::doEnterFullscreen() + 840 (VideoFullscreenInterfaceAVKit.mm:1486)
1   WebCore                             0x00000001e9bd5c9c WebCore::VideoFullscreenInterfaceAVKit::doEnterFullscreen() + 64 (VideoFullscreenInterfaceAVKit.mm:1440)
2   AVKit                               0x00000001f285d918 __96-[AVPlayerViewController _transitionToAttachedFullScreenAnimated:interactive:completionHandler:]_block_invoke + 44 (AVPlayerViewController_Mobile.m:2775)
3   UIKitCore                           0x00000001da8a2210 -[_UIViewControllerTransitionCoordinator _applyBlocks:releaseBlocks:] + 280 (UIViewControllerTransitioning.m:1148)
4   UIKitCore                           0x00000001daad5898 -[_UIViewControllerTransitionContext _runAlongsideCompletions] + 160 (UIViewControllerTransitioning.m:380)
5   UIKitCore                           0x00000001da8739dc -[_UIViewControllerTransitionContext completeTransition:] + 140 (UIViewControllerTransitioning.m:292)
6   AVKit                               0x00000001f289a908 __35-[AVTransition completeTransition:]_block_invoke + 508 (AVTransition.m:513)
7   AVKit                               0x00000001f285b1a4 -[AVPlayerViewController transitionController:transitionWillComplete:continueBlock:] + 788 (AVPlayerViewController_Mobile.m:3256)
8   AVKit                               0x00000001f28b7c28 -[AVTransitionController transitionWillComplete:success:continueBlock:] + 96 (AVTransitionController.m:639)
9   AVKit                               0x00000001f289a6d4 -[AVTransition completeTransition:] + 324 (AVTransition.m:487)
10  UIKitCore                           0x00000001dab64964 -[UIViewPropertyAnimator _executeCompletionHandlerWithFinalPosition:] + 216 (UIViewPropertyAnimator.m:1994)
11  UIKitCore                           0x00000001dac595c8 -[UIViewPropertyAnimator _runCompletions:finished:] + 128 (UIViewPropertyAnimator.m:2008)
12  UIKitCore                           0x00000001da800104 __61-[UIViewPropertyAnimator _setupAssociatedViewAnimationState:]_block_invoke + 180 (UIViewPropertyAnimator.m:1721)
13  UIKitCore                           0x00000001db8dce4c __UIVIEW_IS_EXECUTING_ANIMATION_COMPLETION_BLOCK__ + 36 (UIView.m:14960)
14  UIKitCore                           0x00000001da8f7500 -[UIViewAnimationBlockDelegate _didEndBlockAnimation:finished:context:] + 728 (UIView.m:14993)
15  UIKitCore                           0x00000001da7c33cc -[UIViewAnimationState sendDelegateAnimationDidStop:finished:] + 248 (UIView.m:0)
16  UIKitCore                           0x00000001da7d7bcc -[UIViewAnimationState animationDidStop:finished:] + 244 (UIView.m:2291)
17  QuartzCore                          0x00000001dbfc0824 CA::Layer::run_animation_callbacks(void*) + 280 (CALayer.mm:7203)
18  libdispatch.dylib                   0x00000001d7ec4a2c _dispatch_client_callout + 20 (object.m:560)
19  libdispatch.dylib                   0x00000001d7ed2f48 _dispatch_main_queue_drain + 928 (inline_internal.h:2622)
20  libdispatch.dylib                   0x00000001d7ed2b98 _dispatch_main_queue_callback_4CF + 44 (queue.c:7770)
21  CoreFoundation                      0x00000001d82162f0 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 16 (CFRunLoop.c:1795)
22  CoreFoundation                      0x00000001d81d01f4 __CFRunLoopRun + 2532 (CFRunLoop.c:3144)
23  CoreFoundation                      0x00000001d81e36b8 CFRunLoopRunSpecific + 600 (CFRunLoop.c:3268)
24  GraphicsServices                    0x00000001f427d374 GSEventRunModal + 164 (GSEvent.c:2200)
25  UIKitCore                           0x00000001dab48e88 -[UIApplication _run] + 1100 (UIApplication.m:3511)
26  UIKitCore                           0x00000001da8ca5ec UIApplicationMain + 364 (UIApplication.m:5064)
27  Chrome                              0x00000001020a8270 0x1020a4000 + 17008
28  dyld                                0x000000010408dce4 start + 520 (dyldMain.cpp:879)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220524/85492057/attachment.htm>

More information about the webkit-unassigned mailing list