Bug 139934

Summary: Safari build crashes when "zooming into"/choosing a tab from tab view
Product: WebKit Reporter: Chris Aljoudi <chris>
Component: WebKit2Assignee: Conrad Shultz <conrad_shultz>
Status: RESOLVED FIXED    
Severity: Critical CC: chris, conrad_shultz, sam, svetloslav, thorton, webkit-bug-importer
Priority: P1 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Mac (Intel)   
OS: OS X 10.10   
Attachments:
Description Flags
Full crash backtrace
none
Patch mitz: review+

Description Chris Aljoudi 2014-12-23 23:27:29 PST 
Created attachment 243728 [details]
Full crash backtrace

Nightly builds of WebKit (SafariForWebKitDevelopment) have started exhibiting a consistent crash when choosing a tab from the all-tabs view (the "bird's-eye view").

Steps to reproduce:

* Open Safari, with any page (homepage even if blank is sufficient)
* Pinch with trackpad (OR click "Show All Tabs" button in top right in toolbar).
* Observe tab in a scaled-down thumbnail in bird's-eye view (tab view).
* Click on the tab to go back in.

Expected behavior:

Safari should zoom back into the tab, making the content active again. No crash.

Actual behavior:

Safari crashes completely.

Thoughts:

I think this is the most relevant part of the backtrace:

*** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** -[__NSArrayM insertObject:atIndex:]: object cannot be nil'
abort() called
terminating with uncaught exception of type NSException

Application Specific Backtrace 1:
0   CoreFoundation                      0x00007fff8b9b566c __exceptionPreprocess + 172
1   libobjc.A.dylib                     0x00007fff9268e76e objc_exception_throw + 43
2   CoreFoundation                      0x00007fff8b861f39 -[__NSArrayM insertObject:atIndex:] + 1033
3   AppKit                              0x00007fff8c41c50f -[NSView addGestureRecognizer:] + 220
4   WebKit                              0x00000001064a2950 -[_WKThumbnailView _viewWasUnparented] + 59
5   AppKit                              0x00007fff8bd24bf7 -[NSView _setWindow:] + 3274
6   CoreFoundation                      0x00007fff8b8d6385 __53-[__NSArrayM enumerateObjectsWithOptions:usingBlock:]_block_invoke + 133


I've attached the full backtrace (which has more sys info).
Comment 1 Radar WebKit Bug Importer 2014-12-24 10:37:31 PST 
<rdar://problem/19343307>
Comment 2 Conrad Shultz 2014-12-26 20:44:42 PST 
Created attachment 243773 [details]
Patch
Comment 3 Alexey Proskuryakov 2014-12-26 20:54:48 PST 
*** Bug 139952 has been marked as a duplicate of this bug. ***
Comment 4 Conrad Shultz 2014-12-26 21:46:34 PST 
Committed r177754: <http://trac.webkit.org/changeset/177754>
Comment 5 Sam Weinig 2014-12-27 13:48:00 PST 
Any reason this can't be API tested?