146201 2015-06-22 04:41:42 -0700 Crash replacing TabDocument in MobileSafari at WebKit: -[WKWebView(WKPrivate) _beginAnimatedResizeWithUpdates:] 2015-06-22 07:34:10 -0700 1 1 1 Unclassified WebKit WebKit2 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 koivisto webkit-unassigned benjamin ddkilzer oldest_to_newest 1103802 0 koivisto 2015-06-22 04:41:42 -0700 Application Specific Information: *** Terminating app due to uncaught exception 'CALayerInvalidGeometry', reason: 'CALayer bounds contains NaN: [nan -64; 375 667]' terminating with uncaught exception of type NSException abort() called Last Exception Backtrace: 0 CoreFoundation 0x18216bf44 __exceptionPreprocess + 124 (NSException.m:162) 1 libobjc.A.dylib 0x197d23f2c objc_exception_throw + 56 (objc-exception.mm:531) 2 CoreFoundation 0x18216be8c -[NSException initWithCoder:] + 0 (NSException.m:143) 3 QuartzCore 0x186e904e0 CA::Layer::set_bounds(CA::Rect const&, bool) + 200 (CALayer.mm:3946) 4 QuartzCore 0x186e90380 -[CALayer setBounds:] + 100 (CALayer.mm:3986) 5 UIKit 0x187691558 -[UIView(Geometry) setBounds:] + 308 (UIView.m:6309) 6 UIKit 0x18769fb38 -[UIScrollView setBounds:] + 1072 (UIScrollView.m:1387) 7 UIKit 0x187660008 -[UIScrollView setContentOffset:] + 424 (UIScrollView.m:1458) 8 WebKit 0x1884939cc -[WKWebView(WKPrivate) _beginAnimatedResizeWithUpdates:] + 1768 (WKWebView.mm:2642) 9 WebKit 0x188493e3c -[WKWebView(WKPrivate) _resizeWhileHidingContentWithUpdates:] + 28 (WKWebView.mm:2698) 10 MobileSafari 0x100084130 -[BrowserController setWebView:] + 592 (BrowserController.mm:4854) 11 MobileSafari 0x1000842b4 -[BrowserController setWebViewFromTabDocument:] + 104 (BrowserController.mm:4866) 12 MobileSafari 0x10008c9f0 -[BrowserController(BrowserControllerTabs) switchFromTabDocument:toTabDocument:] + 772 (BrowserControllerTabs.m:388) 13 MobileSafari 0x10008cca4 -[BrowserController(BrowserControllerTabs) tabController:didSwitchFromTabDocument:toTabDocument:] + 100 (BrowserControllerTabs.m:422) 14 MobileSafari 0x1000ece2c -[TabController _switchActiveTabDocumentFromTabDocument:toTabDocument:] + 208 (TabController.m:292) 15 MobileSafari 0x1000ecd3c -[TabController setActiveTabDocument:animated:deferActivation:] + 408 (TabController.m:275) 16 MobileSafari 0x1000ee7e4 -[TabController replaceTabDocument:withTabDocument:] + 196 (TabController.m:566) 17 MobileSafari 0x10007a3a8 -[BrowserController _replaceActiveDocument:withSpeculativeDocument:] + 104 (BrowserController.mm:3100) 18 MobileSafari 0x100084ef4 -[BrowserController _commitToSpeculativeLoadForDocument:] + 108 (BrowserController.mm:5025) 19 MobileSafari 0x10007a2a8 -[BrowserController _commitToSpeculativeLoad] + 128 (BrowserController.mm:3087) 20 MobileSafari 0x100078c78 -[BrowserController _commitSpeculativeLoadForURL:] + 76 (BrowserController.mm:2736) 21 MobileSafari 0x100078d3c -[BrowserController goToAddress:] + 140 (BrowserController.mm:2745) 22 MobileSafari 0x100075934 -[BrowserController catalogViewController:didSelectAddress:] + 48 (BrowserController.mm:2062) 23 MobileSafari 0x10014aca8 -[CatalogViewController unifiedField:didEndEditingWithAddress:] + 208 (CatalogViewController.m:888) 24 MobileSafari 0x1000cfc2c -[UnifiedField _endEditingWithCurrentText] + 228 (UnifiedField.m:185) 25 UIKit 0x187678f18 -[UIApplication sendAction:to:from:forEvent:] + 140 (UIApplication.m:3892) 26 UIKit 0x187678e60 -[UIApplication sendAction:toTarget:fromSender:forEvent:] + 92 (UIApplication.m:3878) 27 UIKit 0x187678df0 -[UIControl sendAction:to:forEvent:] + 80 (UIControl.m:572) 28 UIKit 0x1876617a0 -[UIControl _sendActionsForEvents:withEvent:] + 364 (UIControl.m:651) 29 UIKit 0x187994a88 -[UIFieldEditor insertFilteredText:] + 268 (UIFieldEditor.m:1124) 30 UIKit 0x187ed6b34 -[UITextField insertFilteredText:] + 104 (UITextField.m:5339) 31 UIKit 0x1878162b0 -[UIKeyboardImpl insertText:] + 136 (UIKeyboardImpl.m:5032) 32 UIKit 0x187a2e390 -[UIKeyboardImpl performKeyboardOutput:] + 496 (UIKeyboardImpl.m:4098) 33 UIKit 0x187a2e050 __55-[UIKeyboardImpl handleKeyboardInput:executionContext:]_block_invoke_2 + 140 (UIKeyboardImpl.m:4055) 34 UIKit 0x18766c7fc -[UIKeyboardTaskQueue continueExecutionOnMainThread] + 344 (UIKeyboardTaskQueue.m:252) 35 Foundation 0x1830cd9bc __NSThreadPerformPerform + 340 (NSThread.m:1219) 36 CoreFoundation 0x18212402c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 (CFRunLoop.c:1767) 37 CoreFoundation 0x182123ac0 __CFRunLoopDoSources0 + 540 (CFRunLoop.c:1811) 38 CoreFoundation 0x182121794 __CFRunLoopRun + 724 (CFRunLoop.c:2540) 39 CoreFoundation 0x18204d0c0 CFRunLoopRunSpecific + 384 (CFRunLoop.c:2818) 40 GraphicsServices 0x18d4ef170 GSEventRunModal + 180 (GSEvent.c:2247) 41 UIKit 0x1876aa5b8 UIApplicationMain + 204 (UIApplication.m:3478) 42 MobileSafari 0x10004dd48 main + 2252 (main.m:204) 43 libdyld.dylib 0x19855e9e8 start + 4 (start_glue.s:80) 1103803 1 koivisto 2015-06-22 04:42:02 -0700 <rdar://problem/18904930> 1103832 2 255351 koivisto 2015-06-22 07:13:52 -0700 Created attachment 255351 patch 1103833 3 255351 mitz 2015-06-22 07:19:05 -0700 Comment on attachment 255351 patch View in context: https://bugs.webkit.org/attachment.cgi?id=255351&action=review > Source/WebKit2/ChangeLog:14 > + No repro but if for some reason [_contentView bounds] width is empty we'll compute +Inf targetScale > + and then NaN contentOffset.x. Verified in lldb that this gives the exact crash signature seen. > + > + Fix by checking that [_contentView bounds] is not empty like is done with other inputs. Weird indentation 1103835 4 koivisto 2015-06-22 07:34:10 -0700 https://trac.webkit.org/r185827 255351 2015-06-22 07:13:52 -0700 2015-06-22 07:19:05 -0700 patch beginAnimatedResizeWithUpdates-crash.patch text/plain 2928 koivisto SW5kZXg6IFNvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi S2l0Mi9DaGFuZ2VMb2cJKHJldmlzaW9uIDE4NTgyNikKKysrIFNvdXJjZS9XZWJLaXQyL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE4IEBACisyMDE1LTA2LTIyICBBbnR0aSBL b2l2aXN0byAgPGFudHRpQGFwcGxlLmNvbT4KKworICAgICAgICBDcmFzaCByZXBsYWNpbmcgVGFi RG9jdW1lbnQgaW4gTW9iaWxlU2FmYXJpIGF0IFdlYktpdDogLVtXS1dlYlZpZXcoV0tQcml2YXRl KSBfYmVnaW5BbmltYXRlZFJlc2l6ZVdpdGhVcGRhdGVzOl0KKyAgICAgICAgaHR0cHM6Ly9idWdz LndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE0NjIwMQorCisgICAgICAgIFJldmlld2VkIGJ5 IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgICogVUlQcm9jZXNzL0FQSS9Db2NvYS9XS1dlYlZp ZXcubW06CisgICAgICAgICgtW1dLV2ViVmlldyBfYmVnaW5BbmltYXRlZFJlc2l6ZVdpdGhVcGRh dGVzOl0pOgorCisgICAgICAgICAgICBObyByZXBybyBidXQgaWYgZm9yIHNvbWUgcmVhc29uIFtf Y29udGVudFZpZXcgYm91bmRzXSB3aWR0aCBpcyBlbXB0eSB3ZSdsbCBjb21wdXRlICtJbmYgdGFy Z2V0U2NhbGUKKyAgICAgICAgICAgIGFuZCB0aGVuIE5hTiBjb250ZW50T2Zmc2V0LnguIFZlcmlm aWVkIGluIGxsZGIgdGhhdCB0aGlzIGdpdmVzIHRoZSBleGFjdCBjcmFzaCBzaWduYXR1cmUgc2Vl bi4KKworICAgICAgICAgICAgRml4IGJ5IGNoZWNraW5nIHRoYXQgW19jb250ZW50VmlldyBib3Vu ZHNdIGlzIG5vdCBlbXB0eSBsaWtlIGlzIGRvbmUgd2l0aCBvdGhlciBpbnB1dHMuCisKIDIwMTUt MDYtMjIgIENhcmxvcyBHYXJjaWEgQ2FtcG9zICA8Y2dhcmNpYUBpZ2FsaWEuY29tPgogCiAgICAg ICAgIFJFR1JFU1NJT04ocjE4MjMwMyk6IFtHVEtdIENvbnRleHQgbWVudSBBUEkgaXMgYnJva2Vu IHNpbmNlIHIxODIzMDMKSW5kZXg6IFNvdXJjZS9XZWJLaXQyL1VJUHJvY2Vzcy9BUEkvQ29jb2Ev V0tXZWJWaWV3Lm1tCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJLaXQyL1VJUHJvY2Vzcy9BUEkv Q29jb2EvV0tXZWJWaWV3Lm1tCShyZXZpc2lvbiAxODU4MjIpCisrKyBTb3VyY2UvV2ViS2l0Mi9V SVByb2Nlc3MvQVBJL0NvY29hL1dLV2ViVmlldy5tbQkod29ya2luZyBjb3B5KQpAQCAtMjYyMiw5 ICsyNjIyLDEwIEBAIC0gKHZvaWQpX2JlZ2luQW5pbWF0ZWRSZXNpemVXaXRoVXBkYXRlczoKICAg ICBpbnQzMl90IG5ld09yaWVudGF0aW9uID0gYWN0aXZlT3JpZW50YXRpb24oc2VsZik7CiAgICAg VUlFZGdlSW5zZXRzIG5ld09ic2N1cmVkSW5zZXRzID0gX29ic2N1cmVkSW5zZXRzOwogICAgIENH UmVjdCBmdXR1cmVVbm9ic2N1cmVkUmVjdEluU2VsZkNvb3JkaW5hdGVzID0gVUlFZGdlSW5zZXRz SW5zZXRSZWN0KG5ld0JvdW5kcywgX29ic2N1cmVkSW5zZXRzKTsKKyAgICBDR1JlY3QgY29udGVu dFZpZXdCb3VuZHMgPSBbX2NvbnRlbnRWaWV3IGJvdW5kc107CiAKICAgICBBU1NFUlRfV0lUSF9N RVNTQUdFKCEoX292ZXJyaWRlc01pbmltdW1MYXlvdXRTaXplICYmIG5ld01pbmltdW1MYXlvdXRT aXplLmlzRW1wdHkoKSksICJDbGllbnRzIGNvbnRyb2xsaW5nIHRoZSBsYXlvdXQgc2l6ZSBzaG91 bGQgbWFpbnRhaW4gYSB2YWxpZCBsYXlvdXQgc2l6ZSB0byBtaW5pbWl6ZSBsYXlvdXRzLiIpOwot ICAgIGlmIChDR1JlY3RJc0VtcHR5KG5ld0JvdW5kcykgfHwgbmV3TWluaW11bUxheW91dFNpemUu aXNFbXB0eSgpIHx8IENHUmVjdElzRW1wdHkoZnV0dXJlVW5vYnNjdXJlZFJlY3RJblNlbGZDb29y ZGluYXRlcykpIHsKKyAgICBpZiAoQ0dSZWN0SXNFbXB0eShuZXdCb3VuZHMpIHx8IG5ld01pbmlt dW1MYXlvdXRTaXplLmlzRW1wdHkoKSB8fCBDR1JlY3RJc0VtcHR5KGZ1dHVyZVVub2JzY3VyZWRS ZWN0SW5TZWxmQ29vcmRpbmF0ZXMpIHx8IENHUmVjdElzRW1wdHkoY29udGVudFZpZXdCb3VuZHMp KSB7CiAgICAgICAgIF9keW5hbWljVmlld3BvcnRVcGRhdGVNb2RlID0gRHluYW1pY1ZpZXdwb3J0 VXBkYXRlTW9kZTo6Tm90UmVzaXppbmc7CiAgICAgICAgIFtzZWxmIF9mcmFtZU9yQm91bmRzQ2hh bmdlZF07CiAgICAgICAgIGlmIChfb3ZlcnJpZGVzTWluaW11bUxheW91dFNpemUpCkBAIC0yNjU1 LDcgKzI2NTYsNyBAQCAtICh2b2lkKV9iZWdpbkFuaW1hdGVkUmVzaXplV2l0aFVwZGF0ZXM6CiAg ICAgW19yZXNpemVBbmltYXRpb25WaWV3IGFkZFN1YnZpZXc6X2NvbnRlbnRWaWV3LmdldCgpXTsK ICAgICBbX3Jlc2l6ZUFuaW1hdGlvblZpZXcgYWRkU3VidmlldzpbX2NvbnRlbnRWaWV3IHVuc2Nh bGVkVmlld11dOwogCi0gICAgQ0dTaXplIGNvbnRlbnRTaXplSW5Db250ZW50Vmlld0Nvb3JkaW5h dGVzID0gW19jb250ZW50VmlldyBib3VuZHNdLnNpemU7CisgICAgQ0dTaXplIGNvbnRlbnRTaXpl SW5Db250ZW50Vmlld0Nvb3JkaW5hdGVzID0gY29udGVudFZpZXdCb3VuZHMuc2l6ZTsKICAgICBb X3Njcm9sbFZpZXcgc2V0TWluaW11bVpvb21TY2FsZTpzdGQ6Om1pbihuZXdNaW5pbXVtTGF5b3V0 U2l6ZS53aWR0aCgpIC8gY29udGVudFNpemVJbkNvbnRlbnRWaWV3Q29vcmRpbmF0ZXMud2lkdGgs IFtfc2Nyb2xsVmlldyBtaW5pbXVtWm9vbVNjYWxlXSldOwogICAgIFtfc2Nyb2xsVmlldyBzZXRN YXhpbXVtWm9vbVNjYWxlOnN0ZDo6bWF4KG5ld01pbmltdW1MYXlvdXRTaXplLndpZHRoKCkgLyBj b250ZW50U2l6ZUluQ29udGVudFZpZXdDb29yZGluYXRlcy53aWR0aCwgW19zY3JvbGxWaWV3IG1h eGltdW1ab29tU2NhbGVdKV07CiAK