<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - SIGSEGV in contentsSizeRespectingOverflow on iOS 9 (UIWebView)"

   href="https://bugs.webkit.org/show_bug.cgi?id=149495">149495</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>SIGSEGV in contentsSizeRespectingOverflow on iOS 9 (UIWebView)

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>WebKit

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>WebKit Nightly Build

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>iOS

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>iOS 9.0

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>Normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P2

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>WebCore Misc.

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>webkit-unassigned&#64;lists.webkit.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>davidkclark&#64;gmail.com

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=261806" name="attach_261806" title="assembly stacktrace">attachment 261806</a> <a href="attachment.cgi?id=261806&amp;action=edit" title="assembly stacktrace">[details]</a></span>

assembly stacktrace

I am sorry if this is not the right place to post this bug report.

I noticed that not long ago contentsSizeRespectingOverflow was exposed to UIWebView (<a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - [iOS] Expose contentsSizeRespectingOverflow() via WebView so UIWebView can use it"

   href="show_bug.cgi?id=146924">https://bugs.webkit.org/show_bug.cgi?id=146924</a>). Since then iOS9 has been released which I am assuming has used this newly exposed function, as I am getting crashes with this kind of stack trace:

Exception Type:  SIGSEGV

Exception Codes: SEGV_ACCERR at 0x100000057

Thread 0 Crashed:

0   WebCore                              0x000000019483bba4 WebCore::FrameView::contentsSizeRespectingOverflow() const + 128

1   WebKitLegacy                         0x00000001953ee774 -[WebView(WebPrivate) _contentsSizeRespectingOverflow] + 40

2   UIKit                                0x0000000187e2fd00 -[UIWebDocumentView _updateSize] + 496

3   CoreFoundation                       0x000000018282e6ac __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ + 16

4   CoreFoundation                       0x000000018282decc _CFXRegistrationPost + 392

5   CoreFoundation                       0x000000018282dc4c ___CFXNotificationPost_block_invoke + 56

6   CoreFoundation                       0x0000000182893434 -[_CFXNotificationRegistrar find:object:observer:enumerator:] + 1528

7   CoreFoundation                       0x000000018276e834 _CFXNotificationPost + 364

8   Foundation                           0x00000001836da2fc -[NSNotificationCenter postNotificationName:object:userInfo:] + 64

9   CoreFoundation                       0x000000018288ea80 __invoking___ + 140

10  CoreFoundation                       0x000000018278c5f4 -[NSInvocation invoke] + 280

11  WebCore                              0x0000000194401884 HandleDelegateSource(void*) + 104

12  CoreFoundation                       0x00000001828405a4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 20

13  CoreFoundation                       0x0000000182840038 __CFRunLoopDoSources0 + 536

14  CoreFoundation                       0x000000018283dd38 __CFRunLoopRun + 720

15  CoreFoundation                       0x000000018276cdc0 CFRunLoopRunSpecific + 380

16  GraphicsServices                     0x000000018d8c0088 GSEventRunModal + 176

17  UIKit                                0x0000000187e46f60 UIApplicationMain + 200

18  [OurApp]                             0x000000010002813c main (main.m:18)

19  libdyld.dylib                        0x0000000197ca68b8 start + 0

As you can see, it seems to be in WebCore.

What the UIWebView was doing at the time was loading a page. It is the first page that that instance has loaded, but it is the second instance of UIWebView that the app has used (the first one is still allocated - the new one has been pushed onto the view stack - sorry if these details are too iOS app specific.

If there are any more details that I can give, please let me know. I have a disassembler (I guess that's what it is) stack trace from replicating this in the xcode debugger, but I'm not sure that is any more useful... I'll attach it anyway.

I have made a minimal app that exhibits the problem. It ONLY does it on one specific web page that loads though. I am trying to work through what is on that page to narrow it down to a minimal page that has the issue, but it is proving difficult. Removing a particular script (re-targeting I think) from the body makes the problem go away, but having only that script does not cause the crash. Having that script with a bit of the page (other scripts, google analytics, etc) the crash happens. It seem like it could be a timing issue or something?

I will provide the app code to reproduce if I can get to a point where it is minimal and does not need me to upload any private information.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>