<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - big images crash UIWebView after CA::Render::create_image_by_copying"
href="https://bugs.webkit.org/show_bug.cgi?id=158150">158150</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>big images crash UIWebView after CA::Render::create_image_by_copying
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>Other
</td>
</tr>
<tr>
<th>Hardware</th>
<td>iOS
</td>
</tr>
<tr>
<th>OS</th>
<td>iOS 9.3
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>Images
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>danielo@opera.com
</td>
</tr></table>
<p>
<div>
<pre>Clicking a link to a big size (big enough) image in UIWebView leads to an OOM crash.
I didn't find a way to recover by freeing the web view from didReceiveMemoryWarning.
In some cases didReceiveMemoryWarning is not even called.
A sample project with a big image is attached.
Start it on a device with 1 Gb RAM, and you'll probably get a crash.
Debugging this in Instruments (with Allocations template) shows 2 related call stacks.
Stack 1 (inverted):
22 libsystem_pthread.dylib 948.78 MB start_wqthread
21 libsystem_pthread.dylib 948.78 MB _pthread_wqthread
20 libdispatch.dylib 948.78 MB _dispatch_worker_thread3
19 libdispatch.dylib 948.78 MB _dispatch_root_queue_drain
18 libdispatch.dylib 948.23 MB _dispatch_queue_invoke
17 libdispatch.dylib 948.23 MB _dispatch_queue_drain
16 libdispatch.dylib 948.22 MB _dispatch_client_callout
15 QuartzCore 948.15 MB CA::CG::Queue::render_callback(void*)
14 libdispatch.dylib 948.15 MB _dispatch_sync_f_invoke
13 libdispatch.dylib 948.15 MB _dispatch_client_callout
12 QuartzCore 948.15 MB CA::CG::Queue::parallel_render_callback(void*)
11 QuartzCore 948.15 MB CA::CG::DrawOp::render(CA::CG::Renderer&) const
10 QuartzCore 948.14 MB CA::CG::DrawImage::draw_image(CA::CG::Renderer&, bool) const
9 QuartzCore 948.14 MB CA::CG::fill_image(CA::CG::Renderer&, CGImage*, CA::Rect const&, CA::Mat2<double> const&, bool, bool, CGInterpolationQuality, CA::Bounds const*)
8 QuartzCore 948.14 MB CA::Render::copy_image(CGImage*, CGColorSpace*, unsigned int, double)
7 QuartzCore 948.14 MB CA::Render::create_image(CGImage*, CGColorSpace*, unsigned int)
6 QuartzCore 948.13 MB CA::Render::(anonymous namespace)::create_image_by_copying(unsigned int, unsigned int, CGColorSpace*, CGDataProvider*, void const*, unsigned long, unsigned int, unsigned int)
5 CoreGraphics 475.20 MB imageProvider_getBytes
4 CoreGraphics 475.20 MB CGImageProviderCopyImageBlockSet
3 ImageIO 475.20 MB ImageProviderCopyImageBlockSetCallback
2 ImageIO 475.20 MB copyImageBlockSetAppleJPEG
1 ImageIO 473.00 MB ImageIO_Malloc
0 libsystem_kernel.dylib 472.95 MB mmap
Stack 2 (inverted):
18 libsystem_pthread.dylib 948.78 MB start_wqthread
17 libsystem_pthread.dylib 948.78 MB _pthread_wqthread
16 libdispatch.dylib 948.78 MB _dispatch_worker_thread3
15 libdispatch.dylib 948.78 MB _dispatch_root_queue_drain
14 libdispatch.dylib 948.23 MB _dispatch_queue_invoke
13 libdispatch.dylib 948.23 MB _dispatch_queue_drain
12 libdispatch.dylib 948.22 MB _dispatch_client_callout
11 QuartzCore 948.15 MB CA::CG::Queue::render_callback(void*)
10 libdispatch.dylib 948.15 MB _dispatch_sync_f_invoke
9 libdispatch.dylib 948.15 MB _dispatch_client_callout
8 QuartzCore 948.15 MB CA::CG::Queue::parallel_render_callback(void*)
7 QuartzCore 948.15 MB CA::CG::DrawOp::render(CA::CG::Renderer&) const
6 QuartzCore 948.14 MB CA::CG::DrawImage::draw_image(CA::CG::Renderer&, bool) const
5 QuartzCore 948.14 MB CA::CG::fill_image(CA::CG::Renderer&, CGImage*, CA::Rect const&, CA::Mat2<double> const&, bool, bool, CGInterpolationQuality, CA::Bounds const*)
4 QuartzCore 948.14 MB CA::Render::copy_image(CGImage*, CGColorSpace*, unsigned int, double)
3 QuartzCore 948.14 MB CA::Render::create_image(CGImage*, CGColorSpace*, unsigned int)
2 QuartzCore 948.13 MB CA::Render::(anonymous namespace)::create_image_by_copying(unsigned int, unsigned int, CGColorSpace*, CGDataProvider*, void const*, unsigned long, unsigned int, unsigned int)
1 QuartzCore 472.94 MB CA::Render::aligned_malloc(unsigned long, void**)
0 libsystem_kernel.dylib 472.94 MB mmap</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>