Bug 219843

Summary: REGRESSION (iOS 14): Bad access crash in ShareableBitmap::makeCGImageCopy() under assignLegacyDataForContextMenuInteraction()
Product: WebKit Reporter: xiao_chengyi
Component: ImagesAssignee: Wenson Hsieh <wenson_hsieh>
Status: RESOLVED FIXED    
Severity: Normal CC: ggaren, megan_gardner, sabouhallawa, simon.fraser, thorton, webkit-bug-importer, wenson_hsieh
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: iPhone / iPad   
OS: iOS 14   
Attachments:
Description Flags
symbolicated crash report
none
symbolicated crash report
none
Patch none

xiao_chengyi
Reported 2020-12-13 19:23:20 PST
Created attachment 416132 [details] symbolicated crash report Since iOS14 released , this crash keeps happening. It seems that this crash happens when user long press an image. The symbolicated crash report is attached. Any feedbacks would be appreciated.Thanks.
Attachments
symbolicated crash report (4.17 KB, text/plain)
2020-12-13 19:23 PST, xiao_chengyi 		no flags
Details
symbolicated crash report (153.75 KB, text/plain)
2020-12-15 19:50 PST, xiao_chengyi 		no flags
Details
Patch (3.70 KB, patch)
2020-12-21 14:37 PST, Wenson Hsieh 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2020-12-14 17:19:13 PST
Do you have a native crash log that you could attach? The attached report lacks a lot of information available in Apple crash logs. Do you have steps to reproduce that we could follow?
xiao_chengyi
Comment 2 2020-12-15 19:50:46 PST
Created attachment 416311 [details] symbolicated crash report
xiao_chengyi
Comment 3 2020-12-15 19:51:31 PST
(In reply to Alexey Proskuryakov from comment #1) > Do you have a native crash log that you could attach? The attached report > lacks a lot of information available in Apple crash logs. > > Do you have steps to reproduce that we could follow? HI,I uploaded the full report.
Simon Fraser (smfr)
Comment 4 2020-12-15 19:59:33 PST
Does this happen on every image? Do you have reproducible steps?
Wenson Hsieh
Comment 5 2020-12-15 20:02:52 PST
(In reply to xiao_chengyi from comment #3) > (In reply to Alexey Proskuryakov from comment #1) > > Do you have a native crash log that you could attach? The attached report > > lacks a lot of information available in Apple crash logs. > > > > Do you have steps to reproduce that we could follow? > > HI,I uploaded the full report. Thanks for the crash logs! Do you know of any steps we can use to consistently reproduce this?
xiao_chengyi
Comment 6 2020-12-16 19:48:52 PST
(In reply to Wenson Hsieh from comment #5) > (In reply to xiao_chengyi from comment #3) > > (In reply to Alexey Proskuryakov from comment #1) > > > Do you have a native crash log that you could attach? The attached report > > > lacks a lot of information available in Apple crash logs. > > > > > > Do you have steps to reproduce that we could follow? > > > > HI,I uploaded the full report. > > Thanks for the crash logs! > > Do you know of any steps we can use to consistently reproduce this? It happens randomly and I could not find the step to consistently reproduce this crash.
Radar WebKit Bug Importer
Comment 7 2020-12-20 19:24:17 PST
<rdar://problem/72537059>
Wenson Hsieh
Comment 8 2020-12-21 12:47:25 PST
From code inspection, this could happen if we take either of these early returns in imagePositionInformation(WebPage&, Element&, const InteractionInformationRequest&, InteractionInformationAtPosition&): ``` auto sharedBitmap = ShareableBitmap::createShareable(IntSize(bitmapSize), bitmapConfiguration); if (!sharedBitmap) return; auto graphicsContext = sharedBitmap->createGraphicsContext(); if (!graphicsContext) return; ``` I'm not 100% sure this is the scenario that's triggering the bug here, but it's one potential cause. At any rate, it probably makes sense to teach the UI process to be robust in the case where position information's `isImage` flag is set but the `image` itself is null, since data coming from the web content process should (generally speaking) be vetted before making assumptions that could cause crashes, hangs, etc.
Wenson Hsieh
Comment 9 2020-12-21 14:37:50 PST
Created attachment 416633 [details] Patch
Geoffrey Garen
Comment 10 2020-12-21 16:19:19 PST
Comment on attachment 416633 [details] Patch r=me
Wenson Hsieh
Comment 11 2020-12-21 16:31:12 PST
Comment on attachment 416633 [details] Patch Thanks for the review!
EWS
Comment 12 2020-12-21 16:57:57 PST
Committed r271045: <https://trac.webkit.org/changeset/271045> All reviewed patches have been landed. Closing bug and clearing flags on attachment 416633 [details].
Note You need to log in before you can comment on or make changes to this bug.