[Webkit-unassigned] [Bug 251548] New: [iOS] Crashes when WebValidationBubbleViewController is presented twice

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Feb 1 13:54:50 PST 2023 

https://bugs.webkit.org/show_bug.cgi?id=251548

            Bug ID: 251548
           Summary: [iOS] Crashes when WebValidationBubbleViewController
                    is presented twice
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit2
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ajuma at chromium.org
                CC: cdumez at apple.com, gambard at chromium.org,
                    kkinnunen at apple.com, wenson_hsieh at apple.com

Created attachment 464804

  --> https://bugs.webkit.org/attachment.cgi?id=464804&action=review

Sample project

Chrome for iOS is getting a significant number of crash reports from an exception that is triggered when WebValidationBubbleViewController is presented while already being presented ("[Exception] Application tried to present modally a view controller <WebValidationBubbleViewController: 0x#> that is already being presented by <TabGridViewController: 0x#>").

Debugging, it turns out that the logic in ValidationBubble::show to guard against presenting the view controller when it's already presented has a race condition. After the call to  [m_presentingViewController presentViewController:animated:completion:], m_popoverController doesn't immediately have a parentViewController or a presentingViewController, so there's a short period of time where a second call ValidationBubble::show won't early-out, but will instead try to present m_popoverController again, leading to the exception.

See https://github.com/WebKit/WebKit/blob/main/Source/WebCore/platform/ios/ValidationBubbleIOS.mm#L190

In practice ValidationBubble::show can get called multiple times since WebPageProxy::setIsScrollingOrZooming will call m_validationBubble->show() when scrolling/zooming stops, so if this happens multiple times over the lifetime of the same m_validationBubble, we're in trouble. 

I've attached a sample project that reproduces this crash. Steps to reproduce:
1) After the page loads, tap once anywhere. This will cause a green box to slide down.
2) Tap again quickly (before the green box slides away) on the "Se connecter" button to trigger the WebValidationBubble.

A couple potential fixes:
1) In ValidationBubble, add an m_isPresentingBubble bool that is set to true when ValidationBubble::show calls presentViewController and cleared in the completion handler, and early-out in ValidationBubble::show when m_isPresentingBubble is true

2) In WebPageProxy, add an m_waitingToShowValidationBubble bool that is set to true when m_validationBubble, and cleared after calling m_validationBubble->show().

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230201/240ea3c8/attachment.htm>

More information about the webkit-unassigned mailing list