Bug 133478 - crash cause by css3 or media plugin
Summary: crash cause by css3 or media plugin
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: Media (show other bugs)
Version: 528+ (Nightly build)
Hardware: iPhone / iPad iOS 7.0
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-06-03 08:39 PDT by zhouquan.yezq
Modified: 2014-06-05 12:16 PDT (History)
3 users (show)

See Also:

Attachments
crash log (64.27 KB, text/plain)
2014-06-03 08:41 PDT, zhouquan.yezq 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description zhouquan.yezq 2014-06-03 08:39:11 PDT 
Process:               MobileSafari [60943]
Path:                  /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator7.1.sdk/Applications/MobileSafari.app/MobileSafari
Identifier:            MobileSafari
Version:               7.0 (9537.53)
Code Type:             X86 (Native)
Parent Process:        launchd_sim [60542]
Responsible:           launchd_sim [60542]
User ID:               501

Date/Time:             2014-06-03 20:21:43.862 +0800
OS Version:            Mac OS X 10.10 (14A238x)
Report Version:        11
Anonymous UUID:        C2A69219-DE31-F680-70BC-42FEC5D44039

Sleep/Wake UUID:       7AD5082C-433F-453C-B72C-879B596BEB84

Time Awake Since Boot: 6800 seconds
Time Since Wake:       5500 seconds

Crashed Thread:        4  WebThread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x000000000000000c

VM Regions Near 0xc:
--> 
    __TEXT                 0000000000001000-0000000000180000 [ 1532K] r-x/rwx SM=COW  /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator7.1.sdk/Applications/MobileSafari.app/MobileSafari

Application Specific Information:
iPhone Simulator 463.9.41, iPhone OS 7.1 (iPhone Retina (4-inch)/11D167)
 

Thread 0:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib        	0x05af6a52 mach_msg_trap + 10
1   libsystem_kernel.dylib        	0x05af5af4 mach_msg + 68
2   com.apple.CoreFoundation      	0x0053cd69 __CFRunLoopServiceMachPort + 169
3   com.apple.CoreFoundation      	0x0054235d __CFRunLoopRun + 1341
4   com.apple.CoreFoundation      	0x005419d3 CFRunLoopRunSpecific + 467
5   com.apple.CoreFoundation      	0x005417eb CFRunLoopRunInMode + 123
6   com.apple.GraphicsServices    	0x010af5ee GSEventRunModal + 192
7   com.apple.GraphicsServices    	0x010af42b GSEventRun + 104
8   com.apple.UIKit               	0x0214ff9b UIApplicationMain + 1225
9   com.apple.mobilesafari        	0x0005f1c8 0x1000 + 385480
10  libdyld.dylib                 	0x059d16d9 start + 1

Thread 1:: Dispatch queue: com.apple.libdispatch-manager
0   libsystem_kernel.dylib        	0x05afd8ea kevent64 + 10
1   libdispatch.dylib             	0x0578ef36 _dispatch_mgr_invoke + 238
2   libdispatch.dylib             	0x0578ec72 _dispatch_mgr_thread + 60

Thread 2:
0   libsystem_kernel.dylib        	0x05afceda __workq_kernreturn + 10
1   libsystem_pthread.dylib       	0x05ac8890 _pthread_wqthread + 846
2   libsystem_pthread.dylib       	0x05ac650a start_wqthread + 30

Thread 3:
0   libsystem_kernel.dylib        	0x05afceda __workq_kernreturn + 10
1   libsystem_pthread.dylib       	0x05ac8890 _pthread_wqthread + 846
2   libsystem_pthread.dylib       	0x05ac650a start_wqthread + 30

Thread 4 Crashed:: WebThread
0   com.apple.WebCore             	0x03b6bdb8 WebCore::Node::setNeedsStyleRecalc(WebCore::StyleChangeType) + 8
1   com.apple.WebCore             	0x03e5dafc WebCore::SubframeLoader::loadMediaPlayerProxyPlugin(WebCore::Node*, WebCore::KURL const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow> const&) + 844
2   com.apple.WebCore             	0x035501f9 WebCore::HTMLMediaElement::updateWidget(WebCore::PluginCreationOption) + 153
3   com.apple.WebCore             	0x03495210 WebCore::FrameView::updateWidget(WebCore::RenderObject*) + 272
4   com.apple.WebCore             	0x034953a4 WebCore::FrameView::updateWidgets() + 324
5   com.apple.WebCore             	0x03490a5e WebCore::FrameView::performPostLayoutTasks() + 430
6   com.apple.WebCore             	0x03490312 WebCore::FrameView::layout(bool) + 3346
7   com.apple.WebCore             	0x034972cb WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() + 123
8   com.apple.WebKit              	0x04f706b7 -[WebView(WebPrivate) _viewWillDrawInternal] + 55
9   com.apple.WebKit              	0x04f87590 LayerFlushController::flushLayers() + 64
10  com.apple.WebCore             	0x03b07673 WebCore::LayerFlushScheduler::runLoopObserverCallback() + 35
11  com.apple.WebKit              	0x04f88f5d WebViewLayerFlushScheduler::runLoopObserverCallback() + 29
12  com.apple.WebCore             	0x03b07641 WebCore::LayerFlushScheduler::runLoopObserverCallback(__CFRunLoopObserver*, unsigned long, void*) + 17
13  com.apple.CoreFoundation      	0x0056436e __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 30
14  com.apple.CoreFoundation      	0x005642bf __CFRunLoopDoObservers + 399
15  com.apple.CoreFoundation      	0x005419eb CFRunLoopRunSpecific + 491
16  com.apple.CoreFoundation      	0x005417eb CFRunLoopRunInMode + 123
17  com.apple.WebCore             	0x03fd4e40 RunWebThread(void*) + 608
18  libsystem_pthread.dylib       	0x05ac844f _pthread_body + 138
19  libsystem_pthread.dylib       	0x05ac83c5 _pthread_start + 162
20  libsystem_pthread.dylib       	0x05ac652e thread_start + 34

Thread 5:
0   libsystem_kernel.dylib        	0x05afceda __workq_kernreturn + 10
1   libsystem_pthread.dylib       	0x05ac8890 _pthread_wqthread + 846
2   libsystem_pthread.dylib       	0x05ac650a start_wqthread + 30
Comment 1 zhouquan.yezq 2014-06-03 08:41:02 PDT 
Created attachment 232425 [details]
crash log
Comment 2 Daniel Bates 2014-06-04 14:36:03 PDT 
You mentioned in the bug title that you suspect that the crash was caused "by CSS3 or [a] media plugin". Can you elaborate further, especially with respect to your suspicion that CSS3 may be the cause? Are you able to share the URL or markup that caused the crash? If so, please update the URL field of this bug and/or attach a test case with the markup. What were doing at the time of the crash?
Comment 3 zhouquan.yezq 2014-06-05 10:45:01 PDT 
you know, the same page , doesn't crash every time. when you clear the cache data and then access the url, it will crash. And I copy the whole page html ,run it as static page , it doesn't crash. 
it sounds like the mix effect. Any way, I will try my best, find the real killer, attach a test case . 
(In reply to comment #2)
> You mentioned in the bug title that you suspect that the crash was caused "by CSS3 or [a] media plugin". Can you elaborate further, especially with respect to your suspicion that CSS3 may be the cause? Are you able to share the URL or markup that caused the crash? If so, please update the URL field of this bug and/or attach a test case with the markup. What were doing at the time of the crash?
Comment 4 Eric Carlson 2014-06-05 12:04:49 PDT 
1   com.apple.WebCore                 0x03e5dafc WebCore::SubframeLoader::loadMediaPlayerProxyPlugin(WebCore::Node*, WebCore::KURL const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow> const&) + 844

SubframeLoader::loadMediaPlayerProxyPlugin has been removed from WebKit and the iOS <video> implementation has been substantially rewritten so this specific crash can not happen with TOT WebKit.
Comment 5 zhouquan.yezq 2014-06-05 12:16:04 PDT 
wow, cool, thanks, man (In reply to comment #4)
> 1   com.apple.WebCore                 0x03e5dafc WebCore::SubframeLoader::loadMediaPlayerProxyPlugin(WebCore::Node*, WebCore::KURL const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow> const&) + 844
> 
> SubframeLoader::loadMediaPlayerProxyPlugin has been removed from WebKit and the iOS <video> implementation has been substantially rewritten so this specific crash can not happen with TOT WebKit.