[Webkit-unassigned] [Bug 259723] New: After iOS 15.4, setting the overflow property to scroll or auto and quickly creating and releasing webviews can cause crashes.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 1 23:29:26 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=259723
Bug ID: 259723
Summary: After iOS 15.4, setting the overflow property to
scroll or auto and quickly creating and releasing
webviews can cause crashes.
Product: WebKit
Version: Safari 16
Hardware: iPhone / iPad
OS: iOS 16
Status: NEW
Severity: Normal
Priority: P2
Component: CSS
Assignee: webkit-unassigned at lists.webkit.org
Reporter: 904936148 at qq.com
After iOS 15.4, I found that when using the CSS overflow:scroll property, there would be a crash when quickly creating and destroying webviews. Recently, this issue has occurred on iOS 16.4, iOS 16.4.1, iOS 16.5, iOS 16.5.1, and iOS 16.6. The crash stack trace is as follows:
----------------------------------------------------------------------------
WebCore/WebCore::ScrollingTreeScrollingNode::wasScrolledByDelegatedScrolling(WebCore::FloatPoint const&, std::__1::optional<WebCore::FloatRect>, WebCore::ScrollingLayerPositionAction) + 328
OS Version: iOS 16.6 (20G75)
Report Version: 104
Monitor Type: Mach Exception
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
Crashed Thread: 0
Pthread id: 2934709
Thread 0 Crashed:
0 WebKit WebKit::RemoteScrollingTree::scrollingTreeNodeDidScroll(WebCore::ScrollingTreeScrollingNode&, WebCore::ScrollingLayerPositionAction) + 180
1 WebKit WebKit::RemoteScrollingTree::scrollingTreeNodeDidScroll(WebCore::ScrollingTreeScrollingNode&, WebCore::ScrollingLayerPositionAction) + 140
2 WebCore WebCore::ScrollingTreeScrollingNode::wasScrolledByDelegatedScrolling(WebCore::FloatPoint const&, std::__1::optional<WebCore::FloatRect>, WebCore::ScrollingLayerPositionAction) + 328
3 WebKit WebKit::ScrollingTreeScrollingNodeDelegateIOS::scrollViewDidScroll(WebCore::FloatPoint const&, bool) + 112
4 WebKit -[WKScrollingNodeScrollViewDelegate scrollViewDidScroll:] + 68
5 UIKitCore -[UIScrollView _notifyDidScroll] + 72
6 UIKitCore -[UIScrollView setContentOffset:] + 1032
7 UIKitCore -[UIScrollViewScrollAnimation setProgress:] + 276
8 UIKitCore -[UIAnimator _advanceAnimationsOnScreenWithIdentifier:withTimestamp:] + 184
9 UIKitCore _UIUpdateSequenceRun + 84
10 UIKitCore schedulerStepScheduledMainSection + 144
11 UIKitCore runloopSourceCallback + 92
12 CoreFoundation __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28
13 CoreFoundation __CFRunLoopDoSource0 + 176
14 CoreFoundation __CFRunLoopDoSources0 + 244
15 CoreFoundation __CFRunLoopRun + 828
16 CoreFoundation CFRunLoopRunSpecific + 612
17 GraphicsServices GSEventRunModal + 164
18 UIKitCore -[UIApplication _run] + 888
19 UIKitCore UIApplicationMain + 340
20 imeituan main (main.m:41)
21 (null) 0x00000001e7718dec 0x0 + 8177946092
----------------------------------------------------------------------------
On iOS 15.4 and iOS 15.4.1, the crash stack trace is as follows:
----------------------------------------------------------------------------
WebCore/WebCore::ScrollingTreeScrollingNode::wasScrolledByDelegatedScrolling(WebCore::FloatPoint const&, std::__1::optional<WebCore::FloatRect>, WebCore::ScrollingLayerPositionAction) + 308
OS Version: iOS 15.4.1 (19E258)
Report Version: 104
Monitor Type: Mach Exception
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
Crashed Thread: 0
Pthread id: 3104660
Thread 0 Crashed:
0 WebKit WebKit::RemoteScrollingTree::scrollingTreeNodeDidScroll(WebCore::ScrollingTreeScrollingNode&, WebCore::ScrollingLayerPositionAction) + 104
1 WebCore WebCore::ScrollingTreeScrollingNode::wasScrolledByDelegatedScrolling(WebCore::FloatPoint const&, std::__1::optional<WebCore::FloatRect>, WebCore::ScrollingLayerPositionAction) + 308
2 WebCore WebCore::ScrollingTreeScrollingNode::wasScrolledByDelegatedScrolling(WebCore::FloatPoint const&, std::__1::optional<WebCore::FloatRect>, WebCore::ScrollingLayerPositionAction) + 308
3 WebKit WebKit::ScrollingTreeScrollingNodeDelegateIOS::scrollViewDidScroll(WebCore::FloatPoint const&, bool) + 112
4 WebKit -[WKScrollingNodeScrollViewDelegate scrollViewDidScroll:] + 76
5 UIKitCore -[UIScrollView _notifyDidScroll] + 80
6 UIKitCore -[UIScrollView setContentOffset:] + 1224
7 UIKitCore -[UIScrollViewScrollAnimation setProgress:] + 320
8 UIKitCore -[UIAnimator _advanceAnimationsOfType:withTimestamp:] + 280
9 QuartzCore CA::Display::DisplayLink::dispatch_items(unsigned long long, unsigned long long, unsigned long long) + 748
10 QuartzCore display_timer_callback(__CFMachPort*, void*, long, void*) + 372
11 CoreFoundation __CFMachPortPerform + 176
12 CoreFoundation __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ + 60
13 CoreFoundation __CFRunLoopDoSource1 + 604
14 CoreFoundation __CFRunLoopRun + 2372
15 CoreFoundation CFRunLoopRunSpecific + 600
16 GraphicsServices GSEventRunModal + 164
17 UIKitCore -[UIApplication _run] + 1100
18 UIKitCore UIApplicationMain + 364
19 imeituan main (main.m:41)
20 (null) 0x000000010ace9ce4 0x0 + 4476280036
----------------------------------------------------------------------------
I'm having trouble reproducing the issue myself, but there are related crashes happening on the production environment. Could you please take a look at the stack trace and see if there is any relevant information? The issue seems to occur when the overflow property is set to scroll or auto.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230802/8b98e59b/attachment-0001.htm>
More information about the webkit-unassigned
mailing list