Bug 228559

Summary: [iOS 15] Crash in createFallbackTargetedPreview
Product: WebKit Reporter: Ali Juma <ajuma>
Component: UI EventsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: bdakin, gsnedders, hi, justincohen, thorton, webkit-bug-importer, wenson_hsieh
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Crash report none

Ali Juma
Reported 2021-07-28 11:28:16 PDT
Chrome for iOS is seeing an increase in crash reports inside createFallbackTargetedPreview. The crash is an uncaught NSException ("Invalid parameter not satisfying: view != nil"). It looks like a call to -[UIView resizableSnapshotViewFromRect:afterScreenUpdates:withCapInsets:] is returning nil here: https://github.com/WebKit/WebKit/blob/main/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm#L8617 These crashes are happening after the app has been backgrounded, so perhaps users are triggering the context menu and then backgrounding the app before the logic to display the context menu is reached. Here's the crash stack: 0x000000018899fe00 (CoreFoundation + 0x000d0e00) __exceptionPreprocess 0x000000019f9b30d4 (libobjc.A.dylib + 0x0001a0d4) objc_exception_throw 0x000000018a0f2e84 (Foundation + 0x0010ee84) -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] 0x000000018b4e6b4c (UIKitCore + 0x0090bb4c) -[UITargetedPreview initWithView:parameters:target:] 0x0000000196bf3578 (WebKit + 0x0075f578) createFallbackTargetedPreview(UIView*, UIView*, WebCore::FloatRect const&, UIColor*) 0x0000000196bf3354 (WebKit + 0x0075f354) -[WKContentView(WKInteraction) _createTargetedContextMenuHintPreviewForFocusedElement] 0x000000018bdcd2fc (UIKitCore + 0x00000000011f22fc) -[UIContextMenuInteraction _delegate_previewForHighlightingForConfiguration:] 0x000000018bdc8fd0 (UIKitCore + 0x00000000011edfd0) -[UIContextMenuInteraction clickPresentationInteraction:previewForHighlightingAtLocation:] 0x000000018b984830 (UIKitCore + 0x00da9830) -[_UIClickPresentationInteraction _prepareInteractionEffect] 0x000000018b981af8 (UIKitCore + 0x00da6af8) -[_UIClickPresentationInteraction _performPreviewPresentation] 0x000000018bdc8cb8 (UIKitCore + 0x00000000011edcb8) __51-[UIContextMenuInteraction _presentMenuAtLocation:]_block_invoke 0x000000018bdcd1fc (UIKitCore + 0x00000000011f21fc) __73-[UIContextMenuInteraction _interactionShouldBeginAtLocation:completion:]_block_invoke 0x000000018b17bf60 (UIKitCore + 0x005a0f60) -[UIContextMenuInteraction _interactionShouldBeginAtLocation:completion:] 0x000000018bdc8c64 (UIKitCore + 0x00000000011edc64) -[UIContextMenuInteraction _presentMenuAtLocation:] 0x0000000196bed45c (WebKit + 0x0075945c) -[WKContentView(WKInteraction) _elementDidFocus:userIsInteracting:blurPreviousNode:activityStateChanges:userObject:] 0x00000001968b763c (WebKit + 0x0042363c) WebKit::WebPageProxy::elementDidFocus(WebKit::FocusedElementInformation const&, bool, bool, WTF::OptionSet<WebCore::ActivityState::Flag>, WebKit::UserData const&) 0x0000000196b617a0 (WebKit + 0x006cd7a0) WebKit::WebPageProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 0x00000001964e7a48 (WebKit + 0x00053a48) IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) 0x000000019687dcc0 (WebKit + 0x003e9cc0) WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 0x00000001964c528c (WebKit + 0x0003128c) IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) 0x00000001964c4a70 (WebKit + 0x00030a70) IPC::Connection::dispatchIncomingMessages() 0x0000000193fa3d50 (JavaScriptCore + 0x00f21d50) WTF::RunLoop::performWork() 0x0000000193fa4bf0 (JavaScriptCore + 0x00f22bf0) WTF::RunLoop::performWork(void*) 0x000000018896e1e4 (CoreFoundation + 0x0009f1e4) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x00000001889be2f4 (CoreFoundation + 0x000ef2f4) __CFRunLoopDoSource0 0x000000018892d068 (CoreFoundation + 0x0005e068) __CFRunLoopDoSources0 0x000000018893ce54 (CoreFoundation + 0x0006de54) __CFRunLoopRun 0x0000000188949dd8 (CoreFoundation + 0x0007add8) CFRunLoopRunSpecific 0x00000001a29cdaf8 (GraphicsServices + 0x00003af8) GSEventRunModal 0x000000018af8bd6c (UIKitCore + 0x003b0d6c) -[UIApplication _run] 0x000000018af8b7f4 (UIKitCore + 0x003b07f4) UIApplicationMain
Attachments
Crash report (29.90 KB, text/plain)
2022-01-25 11:29 PST, Ali Juma 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-07-29 05:39:57 PDT
<rdar://problem/81267144>
Ali Juma
Comment 2 2022-01-25 11:29:55 PST
Created attachment 449947 [details] Crash report We're still getting a lot of these crashes, including on iOS 15.3. I've attached a sample crash report. A disproportionate number of these crashes are on https://medicareplan.com and https://www.fedex.com/apps/onlineclaims/?locale=en_US
Wenson Hsieh
Comment 3 2022-01-25 11:31:20 PST
Dupe of https://bugs.webkit.org/show_bug.cgi?id=235248? (Note that we have not released the fix for that bug in a public beta yet)
Ali Juma
Comment 4 2022-01-25 11:38:37 PST
(In reply to Wenson Hsieh from comment #3) > Dupe of https://bugs.webkit.org/show_bug.cgi?id=235248? > > (Note that we have not released the fix for that bug in a public beta yet) Thanks, that does look like the same bug! *** This bug has been marked as a duplicate of bug 235248 ***
Note You need to log in before you can comment on or make changes to this bug.