Bug 187769

Summary: CRASH at WebKit: WebKit::WebFullScreenManagerProxy::saveScrollPosition
Product: WebKit Reporter: Jer Noble <jer.noble>
Component: New BugsAssignee: Jer Noble <jer.noble>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, ddkilzer, eric.carlson, jonlee, thorton, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch thorton: review+

Description Jer Noble 2018-07-18 10:49:50 PDT 
CRASH at WebKit: WebKit::WebFullScreenManagerProxy::saveScrollPosition
Comment 1 Jer Noble 2018-07-18 10:50:13 PDT 
<rdar://problem/42160666>
Comment 2 Jer Noble 2018-07-18 10:52:27 PDT 
Created attachment 345257 [details]
Patch
Comment 3 Jon Lee 2018-07-18 13:51:55 PDT 
Comment on attachment 345257 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=345257&action=review

> Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:495
> +    auto* page = self._webView._page;

Can we clean up the self._webView and webView references?

> Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:720
> +    if (auto* page = [self._webView _page])

not webView?
Comment 4 Jer Noble 2018-07-18 16:30:13 PDT 
Committed r233940: <https://trac.webkit.org/changeset/233940>
Comment 5 Chris Dumez 2018-07-23 14:19:26 PDT 
Comment on attachment 345257 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=345257&action=review

> Source/WebKit/ChangeLog:9
> +        Null-check all uses of _page and _manager in WKFullScreenWindowControllerIOS.

How can WKWebView._page become null? As far as I can tell, _page is initialized in the init function and never null out so I personally do not see how WKWebView._page can be null if the webView is still alive.
Also note that _page is a WebPageProxy and that it OWNS the WebFullScreenManagerProxy, so no page no WebFullScreenManagerProxy.

See rdar://problem/42462494 for related crash.
Comment 6 Chris Dumez 2018-07-23 15:18:43 PDT 
Comment on attachment 345257 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=345257&action=review

>> Source/WebKit/ChangeLog:9
>> +        Null-check all uses of _page and _manager in WKFullScreenWindowControllerIOS.
> 
> How can WKWebView._page become null? As far as I can tell, _page is initialized in the init function and never null out so I personally do not see how WKWebView._page can be null if the webView is still alive.
> Also note that _page is a WebPageProxy and that it OWNS the WebFullScreenManagerProxy, so no page no WebFullScreenManagerProxy.
> 
> See rdar://problem/42462494 for related crash.

WKWebView._page definitely cannot be null since WKWebView's dealloc function dereferences _page unconditionally to call close().
However, WKFullScreenWindowControllerIOS._webView can be null as it is weak and its gets nulled out in some cases. I think we should null check _webView, not _webView._page.