Bug 251247

Summary:	ASSERTION FAILED: m_element in WebFullScreenManager::setAnimatingFullScreen
Product:	WebKit	Reporter:	Jean-Yves Avenard [:jya] <jean-yves.avenard>
Component:	Media	Assignee:	Jean-Yves Avenard [:jya] <jean-yves.avenard>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	ryanhaddad, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Jean-Yves Avenard [:jya]

Reported 2023-01-26 21:45:44 PST

STR: - In a debug build, open https://talk.objc.io/episodes/S01E338-attributed-string-builder-part-2 - Press play button to start playback - In the bottom right corner of the video, press the button to go into full screen - Press Esc key Assertion on `ASSERT(m_element)` in void WebFullScreenManager::setAnimatingFullScreen(bool animating) https://searchfox.org/wubkat/rev/b66d5e5ea816cde25864cad0e14941127e725181/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp#327 ``` (lldb) bt * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbbadbeef) frame #0: 0x0000000131c3f2f0 JavaScriptCore`::WTFCrash() at Assertions.cpp:327:35 frame #1: 0x0000000115bafd04 WebKit`WTFCrashWithInfo((null)=326, (null)="/Users/jyavenard/Work/webkit/OpenSource/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp", (null)="void WebKit::WebFullScreenManager::setAnimatingFullScreen(bool)", (null)=3680) at Assertions.h:754:5 * frame #2: 0x0000000117a6e490 WebKit`WebKit::WebFullScreenManager::setAnimatingFullScreen(this=0x000000016852e880, animating=false) at WebFullScreenManager.cpp:326:5 frame #3: 0x000000011825df5c WebKit`auto void IPC::callMemberFunction<WebKit::WebFullScreenManager, WebKit::WebFullScreenManager, void (bool), std::__1::tuple<bool> >(this=0x000000016d9e9950, args=0x000000016d9e99f6)(bool), std::__1::tuple<bool>&&)::'lambda'(auto&&...)::operator()<bool>(auto&&...) const at HandleMessage.h:136:13 frame #4: 0x000000011825de8c WebKit`decltype(__f=0x000000016d9e9950, __args=0x000000016d9e99f6)(std::declval<bool>())) std::__1::__invoke[abi:v15006]<void IPC::callMemberFunction<WebKit::WebFullScreenManager, WebKit::WebFullScreenManager, void (bool), std::__1::tuple<bool> >(WebKit::WebFullScreenManager*, void (WebKit::WebFullScreenManager::*)(bool), std::__1::tuple<bool>&&)::'lambda'(auto&&...), bool>(WebKit::WebFullScreenManager&&, bool&&) at invoke.h:394:23 frame #5: 0x000000011825de5c WebKit`decltype(__f=0x000000016d9e9950, __t=size=1, (null)=__tuple_indices<0UL> @ 0x000000016d9e990f) std::__1::__apply_tuple_impl[abi:v15006]<void IPC::callMemberFunction<WebKit::WebFullScreenManager, WebKit::WebFullScreenManager, void (bool), std::__1::tuple<bool> >(WebKit::WebFullScreenManager*, void (WebKit::WebFullScreenManager::*)(bool), std::__1::tuple<bool>&&)::'lambda'(auto&&...), std::__1::tuple<bool>, 0ul>(WebKit::WebFullScreenManager&&, WebKit::WebFullScreenManager&&, std::__1::__tuple_indices<0ul>) at tuple:1789:1 frame #6: 0x000000011825de1c WebKit`decltype(__f=0x000000016d9e9950, __t=size=1) std::__1::apply[abi:v15006]<void IPC::callMemberFunction<WebKit::WebFullScreenManager, WebKit::WebFullScreenManager, void (bool), std::__1::tuple<bool> >(WebKit::WebFullScreenManager*, void (WebKit::WebFullScreenManager::*)(bool), std::__1::tuple<bool>&&)::'lambda'(auto&&...), std::__1::tuple<bool> >(WebKit::WebFullScreenManager&&, WebKit::WebFullScreenManager&&) at tuple:1798:1 frame #7: 0x000000011825ddec WebKit`void IPC::callMemberFunction<WebKit::WebFullScreenManager, WebKit::WebFullScreenManager, void (bool), std::__1::tuple<bool> >(object=0x000000016852e880, function=0c e4 a6 17 01 80 13 db 00 00 00 00 00 00 00 00, tuple=size=1)(bool), std::__1::tuple<bool>&&) at HandleMessage.h:134:5 frame #8: 0x000000011825caf0 WebKit`void IPC::handleMessage<Messages::WebFullScreenManager::SetAnimatingFullScreen, WebKit::WebFullScreenManager, WebKit::WebFullScreenManager, void (bool)>(connection=0x000000010503ca50, decoder=0x00000001055ae2a0, object=0x000000016852e880, function=0c e4 a6 17 01 80 13 db 00 00 00 00 00 00 00 00)(bool)) at HandleMessage.h:230:5 frame #9: 0x000000011825c1dc WebKit`WebKit::WebFullScreenManager::didReceiveWebFullScreenManagerMessage(this=0x000000016852e880, connection=0x000000010503ca50, decoder=0x00000001055ae2a0) at WebFullScreenManagerMessageReceiver.cpp:58:16 frame #10: 0x0000000117a6cb6c WebKit`WebKit::WebFullScreenManager::didReceiveMessage(this=0x000000016852e880, connection=0x000000010503ca50, decoder=0x00000001055ae2a0) at WebFullScreenManager.cpp:133:5 frame #11: 0x00000001182c8778 WebKit`WebKit::WebPage::didReceiveMessage(this=0x000000010980b208, connection=0x000000010503ca50, decoder=0x00000001055ae2a0) at WebPage.cpp:5458:30 frame #12: 0x0000000118866060 WebKit`IPC::MessageReceiverMap::dispatchMessage(this=0x00000001050409c8, connection=0x000000010503ca50, decoder=0x00000001055ae2a0) at MessageReceiverMap.cpp:129:26 frame #13: 0x00000001179e92d8 WebKit`WebKit::WebProcess::didReceiveMessage(this=0x0000000105040990, connection=0x000000010503ca50, decoder=0x00000001055ae2a0) at WebProcess.cpp:933:30 frame #14: 0x0000000118839f24 WebKit`IPC::Connection::dispatchMessage(this=0x000000010503ca50, decoder=0x00000001055ae2a0) at Connection.cpp:1197:15 frame #15: 0x000000011883a3e4 WebKit`IPC::Connection::dispatchMessage(this=0x000000010503ca50, message=IPC::Decoder @ 0x00000001055ae2a0) at Connection.cpp:1245:9 frame #16: 0x000000011883a758 WebKit`IPC::Connection::dispatchOneIncomingMessage(this=0x000000010503ca50) at Connection.cpp:1310:5 frame #17: 0x00000001188585ec WebKit`IPC::Connection::enqueueIncomingMessage(this=0x00000001054841d8)::$_17::operator()() const at Connection.cpp:1159:28 frame #18: 0x000000011885852c WebKit`WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_17, void>::call(this=0x00000001054841d0) at Function.h:53:39 frame #19: 0x0000000131c68290 JavaScriptCore`WTF::Function<void ()>::operator(this=0x000000016d9e9fa0)() const at Function.h:82:35 frame #20: 0x0000000131d009f0 JavaScriptCore`WTF::RunLoop::performWork(this=0x0000000105010100) at RunLoop.cpp:147:9 frame #21: 0x0000000131d05038 JavaScriptCore`WTF::RunLoop::performWork(context=0x0000000105010100) at RunLoopCF.cpp:46:37 frame #22: 0x000000019b8f69f8 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 frame #23: 0x000000019b8f698c CoreFoundation`__CFRunLoopDoSource0 + 176 frame #24: 0x000000019b8f66fc CoreFoundation`__CFRunLoopDoSources0 + 244 frame #25: 0x000000019b8f5304 CoreFoundation`__CFRunLoopRun + 828 frame #26: 0x000000019b8f4874 CoreFoundation`CFRunLoopRunSpecific + 612 frame #27: 0x000000019c868f0c Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 frame #28: 0x000000019c8e18cc Foundation`-[NSRunLoop(NSRunLoop) run] + 64 frame #29: 0x000000019b566594 libxpc.dylib`_xpc_objc_main + 860 frame #30: 0x000000019b565eb4 libxpc.dylib`xpc_main + 108 frame #31: 0x00000001167e5a4c WebKit`WebKit::XPCServiceMain((null)=1, (null)=0x000000016d9eb468) at XPCServiceMain.mm:207:5 frame #32: 0x000000011880a834 WebKit`WKXPCServiceMain(argc=1, argv=0x000000016d9eb468) at WKMain.mm:35:12 frame #33: 0x0000000102417f9c com.apple.WebKit.WebContent.Development`main(argc=1, argv=0x000000016d9eb468) at AuxiliaryProcessMain.cpp:30:12 frame #34: 0x000000019b4bff28 dyld`start + 2236 (lldb) ```

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2023-01-26 21:46:26 PST

<rdar://problem/104728830>

Jean-Yves Avenard [:jya]

Comment 2 2023-01-26 21:56:57 PST

In WKFullScreenWindowController finishedExitFullScreenAnimationAndExitImmediately, we have: ``` // These messages must be sent after the swap or flashing will occur during forceRepaint: [self _manager]->didExitFullScreen(); [self _manager]->setAnimatingFullScreen(false); ``` which calls via IPC: WebFullScreenManager::didExitFullScreen() which will call `WebFullScreenManager ::clearElement();` which sets m_element to nullptr followed by WebFullScreenManager::setAnimatingFullScreen() which asserts that m_element isn't null. This is a regression from bug 247991

Jean-Yves Avenard [:jya]

Comment 3 2023-01-26 23:00:43 PST

Pull request: https://github.com/WebKit/WebKit/pull/9208

Ryan Haddad

Comment 4 2023-01-27 14:41:48 PST

*** Bug 248093 has been marked as a duplicate of this bug. ***

EWS

Comment 5 2023-01-27 16:09:33 PST

Committed 259513@main (4bbaaeffdd01): <https://commits.webkit.org/259513@main> Reviewed commits have been landed. Closing PR #9208 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.