Bug 204353
| Summary: | [iOS] Crash in InteractiveUpdateHandler set by ViewGestureController::beginSwipeGesture | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Ali Juma <ajuma> |
| Component: | WebKit2 | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | cdumez, fred.wang, rniwa, simon.fraser, thorton, webkit-bug-importer, wenson_hsieh |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=194083 | ||
Ali Juma
In Chrome for iOS, we're seeing a large number of crashes in the InteractiveUpdateHandler set by ViewGestureController::beginSwipeGesture, with what seems to be a null m_webPageProxyForBackForwardListForCurrentSwipe.
This is similar to bug 194083, but we're still seeing the crash in iOS 13.2 and in iOS 13.3 beta.
As in the previous bug, it seems like something is calling removeSwipeSnapshot() before the InteractiveUpdateHandler is called by UIGestureRecognizer, since removeSwipeSnapshot() clears m_webPageProxyForBackForwardListForCurrentSwipe.
Here's the full stack:
CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000120 ]
0x000000019c276820 (WebKit + 0x002f2820 ) WebKit::ViewGestureController::beginSwipeGesture(_UINavigationInteractiveTransitionBase*, WebKit::ViewGestureController::SwipeDirection)
0x000000019c27681c (WebKit + 0x002f281c ) WebKit::ViewGestureController::beginSwipeGesture(_UINavigationInteractiveTransitionBase*, WebKit::ViewGestureController::SwipeDirection)
0x0000000198387c80 (UIKitCore + 0x00438c80 ) -[_UINavigationInteractiveTransitionBase startInteractiveTransition]
0x0000000198387de0 (UIKitCore + 0x00438de0 ) -[_UINavigationInteractiveTransitionBase handleNavigationTransition:]
0x0000000198563afc (UIKitCore + 0x00614afc ) -[UIGestureRecognizerTarget _sendActionWithGestureRecognizer:]
0x000000019856c29c (UIKitCore + 0x0061d29c ) _UIGestureRecognizerSendTargetActions
0x0000000198569a20 (UIKitCore + 0x0061aa20 ) _UIGestureRecognizerSendActions
0x0000000198568f20 (UIKitCore + 0x00619f20 ) -[UIGestureRecognizer _updateGestureForActiveEvents]
0x000000019855ce18 (UIKitCore + 0x0060de18 ) _UIGestureEnvironmentUpdate
0x000000019855c5d4 (UIKitCore + 0x0060d5d4 ) -[UIGestureEnvironment _deliverEvent:toGestureRecognizers:usingBlock:]
0x000000019855c388 (UIKitCore + 0x0060d388 ) -[UIGestureEnvironment _updateForEvent:window:]
0x00000001989cf1a4 (UIKitCore + 0x00a801a4 ) -[UIWindow sendEvent:]
0x00000001989aad50 (UIKitCore + 0x00a5bd50 ) -[UIApplication sendEvent:]
0x0000000198a2519c (UIKitCore + 0x00ad619c ) __dispatchPreprocessedEventFromEventQueue
0x0000000198a27754 (UIKitCore + 0x00ad8754 ) __handleEventQueueInternal
0x0000000198a208d8 (UIKitCore + 0x00ad18d8 ) __handleHIDEventFetcherDrain
0x0000000194820104 (CoreFoundation + 0x000ae104 ) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x0000000194820058 (CoreFoundation + 0x000ae058 ) __CFRunLoopDoSource0
0x000000019481f7c4 (CoreFoundation + 0x000ad7c4 ) __CFRunLoopDoSources0
0x000000019481a690 (CoreFoundation + 0x000a8690 ) __CFRunLoopRun
0x0000000194819f3c (CoreFoundation + 0x000a7f3c ) CFRunLoopRunSpecific
0x000000019ea95530 (GraphicsServices + 0x00003530 ) GSEventRunModal
0x0000000198991e04 (UIKitCore + 0x00a42e04 ) UIApplicationMain
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/57327675>