234301 2021-12-14 09:18:20 -0800 RELEASE_ASSERT in WTF::Deque<WebKit::NativeWebKeyboardEvent, 0ul>::first() 2021-12-15 13:27:17 -0800 1 1 1 Unclassified WebKit UI Events WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 ajuma cdumez cdumez ggaren thorton webkit-bug-importer wenson_hsieh oldest_to_newest 1824020 0 ajuma 2021-12-14 09:18:20 -0800 Chrome for iOS is getting crash reports from a release assert triggered when calling WTF::Deque<WebKit::NativeWebKeyboardEvent, 0ul>::first() on an empty Deque. This happens primarily on https://www.elgiganten.dk/ and https://www.alaskaair.com/ though we don't have steps to reproduce beyond that. Here's the stack: 0x000000018edf92dc (WebKit + 0x000172dc) WTFCrashWithInfo(int, char const*, char const*, int) 0x000000018f20aab4 (WebKit + 0x00428ab4) WTF::Deque<WebKit::NativeWebKeyboardEvent, 0ul>::first() 0x000000018f27fd20 (WebKit + 0x0049dd20) WebKit::WebPageProxy::interpretKeyEvent(WebKit::EditorState const&, bool, WTF::CompletionHandler<void (bool)>&&) 0x000000018f57f6c4 (WebKit + 0x0079d6c4) WebKit::WebPageProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) 0x000000018ee3af58 (WebKit + 0x00058f58) IPC::MessageReceiverMap::dispatchSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) 0x000000018f24c8d0 (WebKit + 0x0046a8d0) WebKit::WebProcessProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) 0x000000018ee188dc (WebKit + 0x000368dc) IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) 0x000000018ee1a05c (WebKit + 0x0003805c) WTF::Detail::CallableWrapper<IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >&)::$_2, void>::call() 0x000000018c70f070 (JavaScriptCore + 0x0000000001140070) WTF::RunLoop::performWork() 0x000000018c7101e0 (JavaScriptCore + 0x00000000011411e0) WTF::RunLoop::performWork(void*) 0x00000001806fc01c (CoreFoundation + 0x000bb01c) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x000000018070ccdc (CoreFoundation + 0x000cbcdc) __CFRunLoopDoSource0 0x0000000180646fe4 (CoreFoundation + 0x00005fe4) __CFRunLoopDoSources0 0x000000018064c7f0 (CoreFoundation + 0x0000b7f0) __CFRunLoopRun 0x00000001806603b4 (CoreFoundation + 0x0001f3b4) CFRunLoopRunSpecific 0x000000019bff0388 (GraphicsServices + 0x00001388) GSEventRunModal 0x00000001830006a4 (UIKitCore + 0x005196a4) -[UIApplication _run] 0x0000000182d7f7f0 (UIKitCore + 0x002987f0) UIApplicationMain 0x00000001040ec26c (Chrome -chrome_exe_main.mm:65) main 1824027 1 cdumez 2021-12-14 09:29:34 -0800 m_keyEventQueue is empty when m_keyEventQueue.first() is called. WebPageProxy::interpretKeyEvent() seems to assume m_keyEventQueue cannot be empty. I am not sure yet why it makes this assumption. 1824402 2 447248 cdumez 2021-12-15 09:57:42 -0800 Created attachment 447248 Patch 1824432 3 447248 ggaren 2021-12-15 10:55:52 -0800 Comment on attachment 447248 Patch r=me 1824521 4 ews-feeder 2021-12-15 13:26:03 -0800 Committed r287103 (245292@main): <https://commits.webkit.org/245292@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 447248. 1824523 5 webkit-bug-importer 2021-12-15 13:27:17 -0800 <rdar://problem/86540001> 447248 2021-12-15 09:57:42 -0800 2021-12-15 13:26:06 -0800 Patch bug-234301-20211215095741.patch text/plain 2168 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMjg3MDc5CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0L0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCmluZGV4IDNhY2EwYzhmMGZjYjcwYjZj MGFhN2IyNWY5OTBiYjc2NWM5NTUxOGEuLjk0NjhiNGNiN2ZkOTM0M2QzMTUyYTk4ODc0Mzc4OWYw NTIxYWY0YjMgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCisrKyBiL1NvdXJj ZS9XZWJLaXQvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjIgQEAKKzIwMjEtMTItMTUgIENocmlzIER1 bWV6ICA8Y2R1bWV6QGFwcGxlLmNvbT4KKworICAgICAgICBSRUxFQVNFX0FTU0VSVCBpbiBXVEY6 OkRlcXVlPFdlYktpdDo6TmF0aXZlV2ViS2V5Ym9hcmRFdmVudCwgMHVsPjo6Zmlyc3QoKQorICAg ICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjM0MzAxCisKKyAg ICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgV2ViUGFnZVByb3h5 OjppbnRlcnByZXRLZXlFdmVudCgpIGdldHMgY2FsbGVkIGFzIHRoZSByZXN1bHQgb2YgSVBDIGZy b20gdGhlIFdlYlByb2Nlc3MKKyAgICAgICAgYW5kIGFzc3VtZXMgdGhhdCBXZWJQYWdlUHJveHk6 Om1fa2V5RXZlbnRRdWV1ZSBpcyBub24tZW1wdHkuIFdlIGhhdmUgZXZpZGVuY2UgYmFzZWQgb24K KyAgICAgICAgdGhlIENocm9tZSBjcmFzaCByZXBvcnQgdGhhdCB0aGlzIGFzc2VydGlvbiBkb2Vz bid0IGFsd2F5cyBob2xkLiBBbHNvLCB0aGUgV2ViUHJvY2VzcworICAgICAgICBpcyBub3QgYSB0 cnVzdGVkIHByb2Nlc3Mgc28gd2Ugc2hvdWxkbid0IGJlIG1ha2luZyBzdWNoIGFzc3VtcHRpb25z IGluIHRoZSBmaXJzdCBwbGFjZS4KKworICAgICAgICBBZGQgYSBjaGVjayBpbiBXZWJQYWdlUHJv eHk6OmludGVycHJldEtleUV2ZW50KCkgdG8gcHJvcGVybHkgZGVhbCB3aXRoIGFuIGVtcHR5IHF1 ZXVlLgorCisgICAgICAgIE5vIG5ldyB0ZXN0cywgdW5rbm93biBob3cgdG8gcmVwcm9kdWNlLgor CisgICAgICAgICogVUlQcm9jZXNzL2lvcy9XZWJQYWdlUHJveHlJT1MubW06CisgICAgICAgIChX ZWJLaXQ6OldlYlBhZ2VQcm94eTo6aW50ZXJwcmV0S2V5RXZlbnQpOgorCiAyMDIxLTEyLTE1ICBZ b3Vlbm4gRmFibGV0ICA8eW91ZW5uQGFwcGxlLmNvbT4KIAogICAgICAgICBSZW1vdGVBdWRpb01l ZGlhU3RyZWFtVHJhY2tSZW5kZXJlckludGVybmFsVW5pdE1hbmFnZXI6OlVuaXQgc2hvdWxkIG9u bHkgcmVzZXQgb25jZQpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYktpdC9VSVByb2Nlc3MvaW9zL1dl YlBhZ2VQcm94eUlPUy5tbSBiL1NvdXJjZS9XZWJLaXQvVUlQcm9jZXNzL2lvcy9XZWJQYWdlUHJv eHlJT1MubW0KaW5kZXggZGQ4Mjk1M2I5MGY0ZjEzYmRiOGNhNzZjNDI4ZDBjMDcyYzBjNWRiOS4u MTI4YWEzOTQzNzQ0OTAyODMwMGI4OWY2MDFhOThhODEzN2NkZDYwYiAxMDA2NDQKLS0tIGEvU291 cmNlL1dlYktpdC9VSVByb2Nlc3MvaW9zL1dlYlBhZ2VQcm94eUlPUy5tbQorKysgYi9Tb3VyY2Uv V2ViS2l0L1VJUHJvY2Vzcy9pb3MvV2ViUGFnZVByb3h5SU9TLm1tCkBAIC03MjMsNyArNzIzLDEw IEBAIHZvaWQgV2ViUGFnZVByb3h5Ojptb3ZlU2VsZWN0aW9uQnlPZmZzZXQoaW50MzJfdCBvZmZz ZXQsIENvbXBsZXRpb25IYW5kbGVyPHZvaWQoCiB2b2lkIFdlYlBhZ2VQcm94eTo6aW50ZXJwcmV0 S2V5RXZlbnQoY29uc3QgRWRpdG9yU3RhdGUmIHN0YXRlLCBib29sIGlzQ2hhckV2ZW50LCBDb21w bGV0aW9uSGFuZGxlcjx2b2lkKGJvb2wpPiYmIGNvbXBsZXRpb25IYW5kbGVyKQogewogICAgIG1f ZWRpdG9yU3RhdGUgPSBzdGF0ZTsKLSAgICBjb21wbGV0aW9uSGFuZGxlcihwYWdlQ2xpZW50KCku aW50ZXJwcmV0S2V5RXZlbnQobV9rZXlFdmVudFF1ZXVlLmZpcnN0KCksIGlzQ2hhckV2ZW50KSk7 CisgICAgaWYgKG1fa2V5RXZlbnRRdWV1ZS5pc0VtcHR5KCkpCisgICAgICAgIGNvbXBsZXRpb25I YW5kbGVyKGZhbHNlKTsKKyAgICBlbHNlCisgICAgICAgIGNvbXBsZXRpb25IYW5kbGVyKHBhZ2VD bGllbnQoKS5pbnRlcnByZXRLZXlFdmVudChtX2tleUV2ZW50UXVldWUuZmlyc3QoKSwgaXNDaGFy RXZlbnQpKTsKIH0KIAogLy8gQ29tcGxleCB0ZXh0IGlucHV0IHN1cHBvcnQgZm9yIHBsdWctaW5z Lgo=