| Summary: | REGRESSION (iOS 14): Bad access crash in ShareableBitmap::makeCGImageCopy() under assignLegacyDataForContextMenuInteraction() | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | xiao_chengyi | ||||||||
| Component: | Images | Assignee: | Wenson Hsieh <wenson_hsieh> | ||||||||
| Status: | RESOLVED FIXED | ||||||||||
| Severity: | Normal | CC: | ggaren, megan_gardner, sabouhallawa, simon.fraser, thorton, webkit-bug-importer, wenson_hsieh | ||||||||
| Priority: | P2 | Keywords: | InRadar | ||||||||
| Version: | Other | ||||||||||
| Hardware: | iPhone / iPad | ||||||||||
| OS: | iOS 14 | ||||||||||
| Attachments: |
|
||||||||||
Do you have a native crash log that you could attach? The attached report lacks a lot of information available in Apple crash logs. Do you have steps to reproduce that we could follow? Created attachment 416311 [details]
symbolicated crash report
(In reply to Alexey Proskuryakov from comment #1) > Do you have a native crash log that you could attach? The attached report > lacks a lot of information available in Apple crash logs. > > Do you have steps to reproduce that we could follow? HI,I uploaded the full report. Does this happen on every image? Do you have reproducible steps? (In reply to xiao_chengyi from comment #3) > (In reply to Alexey Proskuryakov from comment #1) > > Do you have a native crash log that you could attach? The attached report > > lacks a lot of information available in Apple crash logs. > > > > Do you have steps to reproduce that we could follow? > > HI,I uploaded the full report. Thanks for the crash logs! Do you know of any steps we can use to consistently reproduce this? (In reply to Wenson Hsieh from comment #5) > (In reply to xiao_chengyi from comment #3) > > (In reply to Alexey Proskuryakov from comment #1) > > > Do you have a native crash log that you could attach? The attached report > > > lacks a lot of information available in Apple crash logs. > > > > > > Do you have steps to reproduce that we could follow? > > > > HI,I uploaded the full report. > > Thanks for the crash logs! > > Do you know of any steps we can use to consistently reproduce this? It happens randomly and I could not find the step to consistently reproduce this crash. From code inspection, this could happen if we take either of these early returns in imagePositionInformation(WebPage&, Element&, const InteractionInformationRequest&, InteractionInformationAtPosition&):
```
auto sharedBitmap = ShareableBitmap::createShareable(IntSize(bitmapSize), bitmapConfiguration);
if (!sharedBitmap)
return;
auto graphicsContext = sharedBitmap->createGraphicsContext();
if (!graphicsContext)
return;
```
I'm not 100% sure this is the scenario that's triggering the bug here, but it's one potential cause.
At any rate, it probably makes sense to teach the UI process to be robust in the case where position information's `isImage` flag is set but the `image` itself is null, since data coming from the web content process should (generally speaking) be vetted before making assumptions that could cause crashes, hangs, etc.
Created attachment 416633 [details]
Patch
Comment on attachment 416633 [details]
Patch
r=me
Comment on attachment 416633 [details]
Patch
Thanks for the review!
Committed r271045: <https://trac.webkit.org/changeset/271045> All reviewed patches have been landed. Closing bug and clearing flags on attachment 416633 [details]. |
Created attachment 416132 [details] symbolicated crash report Since iOS14 released , this crash keeps happening. It seems that this crash happens when user long press an image. The symbolicated crash report is attached. Any feedbacks would be appreciated.Thanks.