133478 – crash cause by css3 or media plugin

NEW 133478

crash cause by css3 or media plugin

https://bugs.webkit.org/show_bug.cgi?id=133478

Summary crash cause by css3 or media plugin

zhouquan.yezq

Reported 2014-06-03 08:39:11 PDT

Process: MobileSafari [60943] Path: /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator7.1.sdk/Applications/MobileSafari.app/MobileSafari Identifier: MobileSafari Version: 7.0 (9537.53) Code Type: X86 (Native) Parent Process: launchd_sim [60542] Responsible: launchd_sim [60542] User ID: 501 Date/Time: 2014-06-03 20:21:43.862 +0800 OS Version: Mac OS X 10.10 (14A238x) Report Version: 11 Anonymous UUID: C2A69219-DE31-F680-70BC-42FEC5D44039 Sleep/Wake UUID: 7AD5082C-433F-453C-B72C-879B596BEB84 Time Awake Since Boot: 6800 seconds Time Since Wake: 5500 seconds Crashed Thread: 4 WebThread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x000000000000000c VM Regions Near 0xc: --> __TEXT 0000000000001000-0000000000180000 [ 1532K] r-x/rwx SM=COW /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator7.1.sdk/Applications/MobileSafari.app/MobileSafari Application Specific Information: iPhone Simulator 463.9.41, iPhone OS 7.1 (iPhone Retina (4-inch)/11D167) Thread 0:: Dispatch queue: com.apple.main-thread 0 libsystem_kernel.dylib 0x05af6a52 mach_msg_trap + 10 1 libsystem_kernel.dylib 0x05af5af4 mach_msg + 68 2 com.apple.CoreFoundation 0x0053cd69 __CFRunLoopServiceMachPort + 169 3 com.apple.CoreFoundation 0x0054235d __CFRunLoopRun + 1341 4 com.apple.CoreFoundation 0x005419d3 CFRunLoopRunSpecific + 467 5 com.apple.CoreFoundation 0x005417eb CFRunLoopRunInMode + 123 6 com.apple.GraphicsServices 0x010af5ee GSEventRunModal + 192 7 com.apple.GraphicsServices 0x010af42b GSEventRun + 104 8 com.apple.UIKit 0x0214ff9b UIApplicationMain + 1225 9 com.apple.mobilesafari 0x0005f1c8 0x1000 + 385480 10 libdyld.dylib 0x059d16d9 start + 1 Thread 1:: Dispatch queue: com.apple.libdispatch-manager 0 libsystem_kernel.dylib 0x05afd8ea kevent64 + 10 1 libdispatch.dylib 0x0578ef36 _dispatch_mgr_invoke + 238 2 libdispatch.dylib 0x0578ec72 _dispatch_mgr_thread + 60 Thread 2: 0 libsystem_kernel.dylib 0x05afceda __workq_kernreturn + 10 1 libsystem_pthread.dylib 0x05ac8890 _pthread_wqthread + 846 2 libsystem_pthread.dylib 0x05ac650a start_wqthread + 30 Thread 3: 0 libsystem_kernel.dylib 0x05afceda __workq_kernreturn + 10 1 libsystem_pthread.dylib 0x05ac8890 _pthread_wqthread + 846 2 libsystem_pthread.dylib 0x05ac650a start_wqthread + 30 Thread 4 Crashed:: WebThread 0 com.apple.WebCore 0x03b6bdb8 WebCore::Node::setNeedsStyleRecalc(WebCore::StyleChangeType) + 8 1 com.apple.WebCore 0x03e5dafc WebCore::SubframeLoader::loadMediaPlayerProxyPlugin(WebCore::Node*, WebCore::KURL const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow> const&) + 844 2 com.apple.WebCore 0x035501f9 WebCore::HTMLMediaElement::updateWidget(WebCore::PluginCreationOption) + 153 3 com.apple.WebCore 0x03495210 WebCore::FrameView::updateWidget(WebCore::RenderObject*) + 272 4 com.apple.WebCore 0x034953a4 WebCore::FrameView::updateWidgets() + 324 5 com.apple.WebCore 0x03490a5e WebCore::FrameView::performPostLayoutTasks() + 430 6 com.apple.WebCore 0x03490312 WebCore::FrameView::layout(bool) + 3346 7 com.apple.WebCore 0x034972cb WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() + 123 8 com.apple.WebKit 0x04f706b7 -[WebView(WebPrivate) _viewWillDrawInternal] + 55 9 com.apple.WebKit 0x04f87590 LayerFlushController::flushLayers() + 64 10 com.apple.WebCore 0x03b07673 WebCore::LayerFlushScheduler::runLoopObserverCallback() + 35 11 com.apple.WebKit 0x04f88f5d WebViewLayerFlushScheduler::runLoopObserverCallback() + 29 12 com.apple.WebCore 0x03b07641 WebCore::LayerFlushScheduler::runLoopObserverCallback(__CFRunLoopObserver*, unsigned long, void*) + 17 13 com.apple.CoreFoundation 0x0056436e __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 30 14 com.apple.CoreFoundation 0x005642bf __CFRunLoopDoObservers + 399 15 com.apple.CoreFoundation 0x005419eb CFRunLoopRunSpecific + 491 16 com.apple.CoreFoundation 0x005417eb CFRunLoopRunInMode + 123 17 com.apple.WebCore 0x03fd4e40 RunWebThread(void*) + 608 18 libsystem_pthread.dylib 0x05ac844f _pthread_body + 138 19 libsystem_pthread.dylib 0x05ac83c5 _pthread_start + 162 20 libsystem_pthread.dylib 0x05ac652e thread_start + 34 Thread 5: 0 libsystem_kernel.dylib 0x05afceda __workq_kernreturn + 10 1 libsystem_pthread.dylib 0x05ac8890 _pthread_wqthread + 846 2 libsystem_pthread.dylib 0x05ac650a start_wqthread + 30

Attachments
crash log (64.27 KB, text/plain) 2014-06-03 08:41 PDT, zhouquan.yezq	no flags	Details
View All Add attachment proposed patch, testcase, etc.

zhouquan.yezq

Comment 1 2014-06-03 08:41:02 PDT

Created attachment 232425 [details] crash log

Daniel Bates

Comment 2 2014-06-04 14:36:03 PDT

You mentioned in the bug title that you suspect that the crash was caused "by CSS3 or [a] media plugin". Can you elaborate further, especially with respect to your suspicion that CSS3 may be the cause? Are you able to share the URL or markup that caused the crash? If so, please update the URL field of this bug and/or attach a test case with the markup. What were doing at the time of the crash?

zhouquan.yezq

Comment 3 2014-06-05 10:45:01 PDT

you know, the same page , doesn't crash every time. when you clear the cache data and then access the url, it will crash. And I copy the whole page html ,run it as static page , it doesn't crash. it sounds like the mix effect. Any way, I will try my best, find the real killer, attach a test case . (In reply to comment #2) > You mentioned in the bug title that you suspect that the crash was caused "by CSS3 or [a] media plugin". Can you elaborate further, especially with respect to your suspicion that CSS3 may be the cause? Are you able to share the URL or markup that caused the crash? If so, please update the URL field of this bug and/or attach a test case with the markup. What were doing at the time of the crash?

Eric Carlson

Comment 4 2014-06-05 12:04:49 PDT

1 com.apple.WebCore 0x03e5dafc WebCore::SubframeLoader::loadMediaPlayerProxyPlugin(WebCore::Node*, WebCore::KURL const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow> const&) + 844 SubframeLoader::loadMediaPlayerProxyPlugin has been removed from WebKit and the iOS <video> implementation has been substantially rewritten so this specific crash can not happen with TOT WebKit.

zhouquan.yezq

Comment 5 2014-06-05 12:16:04 PDT

wow, cool, thanks, man (In reply to comment #4) > 1 com.apple.WebCore 0x03e5dafc WebCore::SubframeLoader::loadMediaPlayerProxyPlugin(WebCore::Node*, WebCore::KURL const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow> const&) + 844 > > SubframeLoader::loadMediaPlayerProxyPlugin has been removed from WebKit and the iOS <video> implementation has been substantially rewritten so this specific crash can not happen with TOT WebKit.

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware iPhone / iPad

OS iOS 7.0

Product WebKit

Component Media

Assignee

Nobody

Reported

2014-06-03 08:39 PDT

Modified

2014-06-05 12:16 PDT History

CC List

3 users Show

URL

Keywords

Depends on

Blocks