<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - SIGSEGV in contentsSizeRespectingOverflow on iOS 9 (UIWebView)"
href="https://bugs.webkit.org/show_bug.cgi?id=149495">149495</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>SIGSEGV in contentsSizeRespectingOverflow on iOS 9 (UIWebView)
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Nightly Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>iOS
</td>
</tr>
<tr>
<th>OS</th>
<td>iOS 9.0
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>WebCore Misc.
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>davidkclark@gmail.com
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=261806" name="attach_261806" title="assembly stacktrace">attachment 261806</a> <a href="attachment.cgi?id=261806&action=edit" title="assembly stacktrace">[details]</a></span>
assembly stacktrace
I am sorry if this is not the right place to post this bug report.
I noticed that not long ago contentsSizeRespectingOverflow was exposed to UIWebView (<a class="bz_bug_link
bz_status_NEW "
title="NEW - [iOS] Expose contentsSizeRespectingOverflow() via WebView so UIWebView can use it"
href="show_bug.cgi?id=146924">https://bugs.webkit.org/show_bug.cgi?id=146924</a>). Since then iOS9 has been released which I am assuming has used this newly exposed function, as I am getting crashes with this kind of stack trace:
Exception Type: SIGSEGV
Exception Codes: SEGV_ACCERR at 0x100000057
Thread 0 Crashed:
0 WebCore 0x000000019483bba4 WebCore::FrameView::contentsSizeRespectingOverflow() const + 128
1 WebKitLegacy 0x00000001953ee774 -[WebView(WebPrivate) _contentsSizeRespectingOverflow] + 40
2 UIKit 0x0000000187e2fd00 -[UIWebDocumentView _updateSize] + 496
3 CoreFoundation 0x000000018282e6ac __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ + 16
4 CoreFoundation 0x000000018282decc _CFXRegistrationPost + 392
5 CoreFoundation 0x000000018282dc4c ___CFXNotificationPost_block_invoke + 56
6 CoreFoundation 0x0000000182893434 -[_CFXNotificationRegistrar find:object:observer:enumerator:] + 1528
7 CoreFoundation 0x000000018276e834 _CFXNotificationPost + 364
8 Foundation 0x00000001836da2fc -[NSNotificationCenter postNotificationName:object:userInfo:] + 64
9 CoreFoundation 0x000000018288ea80 __invoking___ + 140
10 CoreFoundation 0x000000018278c5f4 -[NSInvocation invoke] + 280
11 WebCore 0x0000000194401884 HandleDelegateSource(void*) + 104
12 CoreFoundation 0x00000001828405a4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 20
13 CoreFoundation 0x0000000182840038 __CFRunLoopDoSources0 + 536
14 CoreFoundation 0x000000018283dd38 __CFRunLoopRun + 720
15 CoreFoundation 0x000000018276cdc0 CFRunLoopRunSpecific + 380
16 GraphicsServices 0x000000018d8c0088 GSEventRunModal + 176
17 UIKit 0x0000000187e46f60 UIApplicationMain + 200
18 [OurApp] 0x000000010002813c main (main.m:18)
19 libdyld.dylib 0x0000000197ca68b8 start + 0
As you can see, it seems to be in WebCore.
What the UIWebView was doing at the time was loading a page. It is the first page that that instance has loaded, but it is the second instance of UIWebView that the app has used (the first one is still allocated - the new one has been pushed onto the view stack - sorry if these details are too iOS app specific.
If there are any more details that I can give, please let me know. I have a disassembler (I guess that's what it is) stack trace from replicating this in the xcode debugger, but I'm not sure that is any more useful... I'll attach it anyway.
I have made a minimal app that exhibits the problem. It ONLY does it on one specific web page that loads though. I am trying to work through what is on that page to narrow it down to a minimal page that has the issue, but it is proving difficult. Removing a particular script (re-targeting I think) from the body makes the problem go away, but having only that script does not cause the crash. Having that script with a bit of the page (other scripts, google analytics, etc) the crash happens. It seem like it could be a timing issue or something?
I will provide the app code to reproduce if I can get to a point where it is minimal and does not need me to upload any private information.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>