Bug 236941

Summary: [QuickLook] WKPasswordView crash when re-enter password.
Product: WebKit Reporter: yianzhou <yianzhou2>
Component: WebKit2Assignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: achristensen, ggaren, kkinnunen, thorton, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: iPhone / iPad   
OS: All   
Attachments:
Description Flags
backtrace
none
Screen recording the crash
none
The password is 1234 none

yianzhou
Reported 2022-02-20 05:29:18 PST
Created attachment 452692 [details] backtrace The way to reproduce: 1. Use iPhone WKWebView to open a document need password. 2. When the WKPasswordView has shown, enter the right password. Now the WebKit is about to navigate. 3. Enter the password again immediately. Crash happens with "EXC_BAD_ACCESS". There is a property in WKPasswordView: `@property (nonatomic, copy) void (^userDidEnterPassword)(NSString *);` Things the block `userDidEnterPassword` captured were released after the user enter the right password. If the user enter the password again in a short time, execute the `userDidEnterPassword` block again triggered the "EXC_BAD_ACCESS" crash. Attachment is the backtrace.
Attachments
backtrace (2.02 MB, image/png)
2022-02-20 05:29 PST, yianzhou 		no flags
Details
Screen recording the crash (6.91 MB, video/mp4)
2022-02-23 06:19 PST, yianzhou 		no flags
Details
The password is 1234 (96.00 KB, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet)
2022-02-23 06:27 PST, yianzhou 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2022-02-21 10:20:09 PST
I do not understand the steps to reproduce. How can one enter the password again immediately? This just sounds like it's not a WebKit bug, but a bug in the application that invokes -userDidEnterPassword:forPasswordView: twice. The title contains "[QuickLook]", can you please clarify how QuickLook is involved? Perhaps it would be easiest to attach a screen recording of steps to reproduce. For Apple employees, this is the same stack trace as: rdar://69366428
yianzhou
Comment 2 2022-02-23 06:19:59 PST
Created attachment 452974 [details] Screen recording the crash
yianzhou
Comment 3 2022-02-23 06:22:51 PST
Hello Alexey, I agree with you that it's a bug that invokes `-userDidEnterPassword:forPasswordView:` twice. I think UIKit pass a block to WebKit, and WKPassword retain the block as property `userDidEnterPassword`. When the user double enter the password, it will crash. I just upload a screen recording to reproduce the issue. Please check. Thanks.
yianzhou
Comment 4 2022-02-23 06:23:04 PST
(In reply to Alexey Proskuryakov from comment #1) > I do not understand the steps to reproduce. How can one enter the password > again immediately? This just sounds like it's not a WebKit bug, but a bug in > the application that invokes -userDidEnterPassword:forPasswordView: twice. > > The title contains "[QuickLook]", can you please clarify how QuickLook is > involved? > > Perhaps it would be easiest to attach a screen recording of steps to > reproduce. > > For Apple employees, this is the same stack trace as: > > rdar://69366428 Hello Alexey, I agree with you that it's a bug that invokes `-userDidEnterPassword:forPasswordView:` twice. I think UIKit pass a block to WebKit, and WKPassword retain the block as property `userDidEnterPassword`. When the user double enter the password, it will crash. I just upload a screen recording to reproduce the issue. Please check. Thanks.
yianzhou
Comment 5 2022-02-23 06:26:45 PST
As you see in the screen recording, I created a new project just show a single WKWebView to load a password-protected document from main bundle. So firstly I enter the correct password "1234", it works. And maybe somehow WebKit was trying to navigate to the document content. At the moment, I click the text field and enter a random password, it crashes!
yianzhou
Comment 6 2022-02-23 06:27:58 PST
Created attachment 452975 [details] The password is 1234
yianzhou
Comment 7 2022-02-23 06:28:21 PST
AS you may need, I also upload a password-protected document for your test.
Note You need to log in before you can comment on or make changes to this bug.