Bug 293591

Summary: com.apple.WebKit.WebContent crash at com.apple.WebCore: WebCore::preferredExtensionForImageType
Product: WebKit Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: ImagesAssignee: David Kilzer (:ddkilzer) <ddkilzer>
Status: RESOLVED FIXED    
Severity: Normal CC: sabouhallawa, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 256867    
Bug Blocks:    

David Kilzer (:ddkilzer)
Reported 2025-05-26 12:21:21 PDT
com.apple.WebKit.WebContent crash at com.apple.WebCore: WebCore::preferredExtensionForImageType due to release assertion. In Bug 256867, a release assert was added to verify that the value of `UTTypeCopyPreferredTagWithClass()` matched the value of `+[UTType typeWithIdentifier:]`, but in all the cases where we crash, the `UTType` method returns a valid file extension while `UTTypeCopyPreferredTagWithClass()` returned a null/empty string, so we can just switch to using the `UTType` method. ``` Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x10834f77c WTFCrashWithInfoImpl(int, char const*, char const*, int, unsigned long long, unsigned long long, unsigned long long, unsigned long long, unsigned long long, unsigned long long) 1 com.apple.WebCore 0x119c5c818 WebCore::preferredExtensionForImageType(WTF::String const&) 2 com.apple.WebCore 0x11ae6a0a0 WebCore::ImageDecoderCG::filenameExtension() const 3 com.apple.WebCore 0x11ad5ec18 WTF::String WebCore::BitmapImageDescriptor::imageMetadata<WTF::String>(WTF::String&, WTF::String const&, WebCore::BitmapImageDescriptor::CachedFlag, WTF::String (WebCore::ImageDecoder::*)() const) const 4 com.apple.WebCore 0x11ad5eccc WebCore::BitmapImageDescriptor::filenameExtension() const 5 com.apple.WebKit 0x10b311884 WebKit::WebDragClient::declareAndWriteDragImage(WTF::String const&, WebCore::Element&, WTF::URL const&, WTF::String const&, WebCore::LocalFrame*) 6 com.apple.WebCore 0x11ab4fc90 WebCore::DragController::startDrag(WebCore::LocalFrame&, WebCore::DragState const&, WTF::OptionSet<WebCore::DragOperation>, WebCore::PlatformMouseEvent const&, WebCore::IntPoint const&, WebCore::HasNonDefaultPasteboardData) 7 com.apple.WebCore 0x11ab60324 WebCore::EventHandler::handleDrag(WebCore::MouseEventWithHitTestResults const&, WebCore::CheckDragHysteresis) 8 com.apple.WebCore 0x11ab5f774 WebCore::EventHandler::handleMouseDraggedEvent(WebCore::MouseEventWithHitTestResults const&, WebCore::CheckDragHysteresis) 9 com.apple.WebCore 0x11ab66d44 WebCore::EventHandler::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&, WebCore::HitTestResult*, bool) 10 com.apple.WebCore 0x11ab6621c WebCore::EventHandler::mouseMoved(WebCore::PlatformMouseEvent const&) 11 com.apple.WebKit 0x10b6faf84 WebKit::WebFrame::handleMouseEvent(WebKit::WebMouseEvent const&) 12 com.apple.WebKit 0x10b70c10c WebKit::WebPage::mouseEvent(WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebKit::WebMouseEvent const&, std::__1::optional<WTF::Vector<WebKit::SandboxExtensionHandle, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>>&&) 13 com.apple.WebKit 0x10af3ce50 void IPC::handleMessage<Messages::WebPage::MouseEvent, IPC::Connection, WebKit::WebPage, WebKit::WebPage, void (WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebKit::WebMouseEvent const&, std::__1::optional<WTF::Vector<WebKit::SandboxExtensionHandle, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>>&&)>(IPC::Connection&, IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebKit::WebMouseEvent const&, std::__1::optional<WTF::Vector<WebKit::SandboxExtensionHandle, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>>&&)) 14 com.apple.WebKit 0x10af395dc WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 15 com.apple.WebKit 0x10b93ce48 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) 16 com.apple.WebKit 0x10b258ddc WebKit::AuxiliaryProcess::dispatchMessage(IPC::Connection&, IPC::Decoder&) 17 com.apple.WebKit 0x10ae5639c WebKit::AuxiliaryProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 18 com.apple.WebKit 0x10b937550 IPC::Connection::dispatchMessage(WTF::UniqueRef<IPC::Decoder>) 19 com.apple.WebKit 0x10b937700 IPC::Connection::dispatchOneIncomingMessage() 20 com.apple.JavaScriptCore 0x1083a1c04 WTF::RunLoop::performWork() [...] ``` <rdar://132707082>
Attachments
Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2025-05-26 12:41:23 PDT
Pull request: https://github.com/WebKit/WebKit/pull/45921
EWS
Comment 2 2025-05-27 09:22:28 PDT
Committed 295449@main (3f5ad67c9783): <https://commits.webkit.org/295449@main> Reviewed commits have been landed. Closing PR #45921 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.