Bug 228559

Summary:

[iOS 15] Crash in createFallbackTargetedPreview

Product:

WebKit

Reporter:

Ali Juma <ajuma>

Component:

UI Events

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED DUPLICATE

Severity:

Normal

CC:

bdakin, gsnedders, hi, justincohen, thorton, webkit-bug-importer, wenson_hsieh

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Crash report	none

Description Ali Juma 2021-07-28 11:28:16 PDT

Chrome for iOS is seeing an increase in crash reports inside createFallbackTargetedPreview. The crash is an uncaught NSException ("Invalid parameter not satisfying: view != nil").

It looks like a call to -[UIView resizableSnapshotViewFromRect:afterScreenUpdates:withCapInsets:] is returning nil here: https://github.com/WebKit/WebKit/blob/main/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm#L8617

These crashes are happening after the app has been backgrounded, so perhaps users are triggering the context menu and then backgrounding the app before the logic to display the context menu is reached.

Here's the crash stack:

0x000000018899fe00	(CoreFoundation + 0x000d0e00)		__exceptionPreprocess
0x000000019f9b30d4	(libobjc.A.dylib + 0x0001a0d4)		objc_exception_throw
0x000000018a0f2e84	(Foundation + 0x0010ee84)		-[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:]
0x000000018b4e6b4c	(UIKitCore + 0x0090bb4c)		-[UITargetedPreview initWithView:parameters:target:]
0x0000000196bf3578	(WebKit + 0x0075f578)		createFallbackTargetedPreview(UIView*, UIView*, WebCore::FloatRect const&, UIColor*)
0x0000000196bf3354	(WebKit + 0x0075f354)		-[WKContentView(WKInteraction) _createTargetedContextMenuHintPreviewForFocusedElement]
0x000000018bdcd2fc	(UIKitCore + 0x00000000011f22fc)		-[UIContextMenuInteraction _delegate_previewForHighlightingForConfiguration:]
0x000000018bdc8fd0	(UIKitCore + 0x00000000011edfd0)		-[UIContextMenuInteraction clickPresentationInteraction:previewForHighlightingAtLocation:]
0x000000018b984830	(UIKitCore + 0x00da9830)		-[_UIClickPresentationInteraction _prepareInteractionEffect]
0x000000018b981af8	(UIKitCore + 0x00da6af8)		-[_UIClickPresentationInteraction _performPreviewPresentation]
0x000000018bdc8cb8	(UIKitCore + 0x00000000011edcb8)		__51-[UIContextMenuInteraction _presentMenuAtLocation:]_block_invoke
0x000000018bdcd1fc	(UIKitCore + 0x00000000011f21fc)		__73-[UIContextMenuInteraction _interactionShouldBeginAtLocation:completion:]_block_invoke
0x000000018b17bf60	(UIKitCore + 0x005a0f60)		-[UIContextMenuInteraction _interactionShouldBeginAtLocation:completion:]
0x000000018bdc8c64	(UIKitCore + 0x00000000011edc64)		-[UIContextMenuInteraction _presentMenuAtLocation:]
0x0000000196bed45c	(WebKit + 0x0075945c)		-[WKContentView(WKInteraction) _elementDidFocus:userIsInteracting:blurPreviousNode:activityStateChanges:userObject:]
0x00000001968b763c	(WebKit + 0x0042363c)		WebKit::WebPageProxy::elementDidFocus(WebKit::FocusedElementInformation const&, bool, bool, WTF::OptionSet<WebCore::ActivityState::Flag>, WebKit::UserData const&)
0x0000000196b617a0	(WebKit + 0x006cd7a0)		WebKit::WebPageProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
0x00000001964e7a48	(WebKit + 0x00053a48)		IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&)
0x000000019687dcc0	(WebKit + 0x003e9cc0)		WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
0x00000001964c528c	(WebKit + 0x0003128c)		IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)
0x00000001964c4a70	(WebKit + 0x00030a70)		IPC::Connection::dispatchIncomingMessages()
0x0000000193fa3d50	(JavaScriptCore + 0x00f21d50)		WTF::RunLoop::performWork()
0x0000000193fa4bf0	(JavaScriptCore + 0x00f22bf0)		WTF::RunLoop::performWork(void*)
0x000000018896e1e4	(CoreFoundation + 0x0009f1e4)		__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x00000001889be2f4	(CoreFoundation + 0x000ef2f4)		__CFRunLoopDoSource0
0x000000018892d068	(CoreFoundation + 0x0005e068)		__CFRunLoopDoSources0
0x000000018893ce54	(CoreFoundation + 0x0006de54)		__CFRunLoopRun
0x0000000188949dd8	(CoreFoundation + 0x0007add8)		CFRunLoopRunSpecific
0x00000001a29cdaf8	(GraphicsServices + 0x00003af8)		GSEventRunModal
0x000000018af8bd6c	(UIKitCore + 0x003b0d6c)		-[UIApplication _run]
0x000000018af8b7f4	(UIKitCore + 0x003b07f4)		UIApplicationMain

Comment 1 Radar WebKit Bug Importer 2021-07-29 05:39:57 PDT

<rdar://problem/81267144>

Comment 2 Ali Juma 2022-01-25 11:29:55 PST

Created attachment 449947 [details]
Crash report

We're still getting a lot of these crashes, including on iOS 15.3.

I've attached a sample crash report.

A disproportionate number of these crashes are on https://medicareplan.com and https://www.fedex.com/apps/onlineclaims/?locale=en_US

Comment 3 Wenson Hsieh 2022-01-25 11:31:20 PST

Dupe of https://bugs.webkit.org/show_bug.cgi?id=235248?

(Note that we have not released the fix for that bug in a public beta yet)

Comment 4 Ali Juma 2022-01-25 11:38:37 PST

(In reply to Wenson Hsieh from comment #3)
> Dupe of https://bugs.webkit.org/show_bug.cgi?id=235248?
> 
> (Note that we have not released the fix for that bug in a public beta yet)

Thanks, that does look like the same bug!

*** This bug has been marked as a duplicate of bug 235248 ***