Bug 187769

Summary: CRASH at WebKit: WebKit::WebFullScreenManagerProxy::saveScrollPosition
Product: WebKit Reporter: Jer Noble <jer.noble>
Component: New BugsAssignee: Jer Noble <jer.noble>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, ddkilzer, eric.carlson, jonlee, thorton, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch thorton: review+

Jer Noble
Reported 2018-07-18 10:49:50 PDT
CRASH at WebKit: WebKit::WebFullScreenManagerProxy::saveScrollPosition
Attachments
Patch (6.10 KB, patch)
2018-07-18 10:52 PDT, Jer Noble 		thorton: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Jer Noble
Comment 1 2018-07-18 10:50:13 PDT
<rdar://problem/42160666>
Jer Noble
Comment 2 2018-07-18 10:52:27 PDT
Created attachment 345257 [details] Patch
Jon Lee
Comment 3 2018-07-18 13:51:55 PDT
Comment on attachment 345257 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=345257&action=review > Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:495 > + auto* page = self._webView._page; Can we clean up the self._webView and webView references? > Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:720 > + if (auto* page = [self._webView _page]) not webView?
Jer Noble
Comment 4 2018-07-18 16:30:13 PDT
Committed r233940: <https://trac.webkit.org/changeset/233940>
Chris Dumez
Comment 5 2018-07-23 14:19:26 PDT
Comment on attachment 345257 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=345257&action=review > Source/WebKit/ChangeLog:9 > + Null-check all uses of _page and _manager in WKFullScreenWindowControllerIOS. How can WKWebView._page become null? As far as I can tell, _page is initialized in the init function and never null out so I personally do not see how WKWebView._page can be null if the webView is still alive. Also note that _page is a WebPageProxy and that it OWNS the WebFullScreenManagerProxy, so no page no WebFullScreenManagerProxy. See rdar://problem/42462494 for related crash.
Chris Dumez
Comment 6 2018-07-23 15:18:43 PDT
Comment on attachment 345257 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=345257&action=review >> Source/WebKit/ChangeLog:9 >> + Null-check all uses of _page and _manager in WKFullScreenWindowControllerIOS. > > How can WKWebView._page become null? As far as I can tell, _page is initialized in the init function and never null out so I personally do not see how WKWebView._page can be null if the webView is still alive. > Also note that _page is a WebPageProxy and that it OWNS the WebFullScreenManagerProxy, so no page no WebFullScreenManagerProxy. > > See rdar://problem/42462494 for related crash. WKWebView._page definitely cannot be null since WKWebView's dealloc function dereferences _page unconditionally to call close(). However, WKFullScreenWindowControllerIOS._webView can be null as it is weak and its gets nulled out in some cases. I think we should null check _webView, not _webView._page.
Note You need to log in before you can comment on or make changes to this bug.