139934 – Safari build crashes when "zooming into"/choosing a tab from tab view

Bug 139934 - Safari build crashes when "zooming into"/choosing a tab from tab view

Summary: Safari build crashes when "zooming into"/choosing a tab from tab view

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Mac (Intel) OS X 10.10

Importance:	P1 Critical
Assignee:	Conrad Shultz

URL:
Keywords:	InRadar

Duplicates (1):	139952 (view as bug list)
Depends on:
Blocks:

Reported:	2014-12-23 23:27 PST by Chris Aljoudi
Modified:	2014-12-27 13:48 PST (History)
CC List:	6 users (show)

See Also:

Attachments
Full crash backtrace (90.03 KB, text/plain) 2014-12-23 23:27 PST, Chris Aljoudi	no flags	Details
Patch (1.63 KB, patch) 2014-12-26 20:44 PST, Conrad Shultz	mitz: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Aljoudi 2014-12-23 23:27:29 PST

Created attachment 243728 [details]
Full crash backtrace

Nightly builds of WebKit (SafariForWebKitDevelopment) have started exhibiting a consistent crash when choosing a tab from the all-tabs view (the "bird's-eye view").

Steps to reproduce:

* Open Safari, with any page (homepage even if blank is sufficient)
* Pinch with trackpad (OR click "Show All Tabs" button in top right in toolbar).
* Observe tab in a scaled-down thumbnail in bird's-eye view (tab view).
* Click on the tab to go back in.

Expected behavior:

Safari should zoom back into the tab, making the content active again. No crash.

Actual behavior:

Safari crashes completely.

Thoughts:

I think this is the most relevant part of the backtrace:

*** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** -[__NSArrayM insertObject:atIndex:]: object cannot be nil'
abort() called
terminating with uncaught exception of type NSException

Application Specific Backtrace 1:
0   CoreFoundation                      0x00007fff8b9b566c __exceptionPreprocess + 172
1   libobjc.A.dylib                     0x00007fff9268e76e objc_exception_throw + 43
2   CoreFoundation                      0x00007fff8b861f39 -[__NSArrayM insertObject:atIndex:] + 1033
3   AppKit                              0x00007fff8c41c50f -[NSView addGestureRecognizer:] + 220
4   WebKit                              0x00000001064a2950 -[_WKThumbnailView _viewWasUnparented] + 59
5   AppKit                              0x00007fff8bd24bf7 -[NSView _setWindow:] + 3274
6   CoreFoundation                      0x00007fff8b8d6385 __53-[__NSArrayM enumerateObjectsWithOptions:usingBlock:]_block_invoke + 133


I've attached the full backtrace (which has more sys info).

Comment 1 Radar WebKit Bug Importer 2014-12-24 10:37:31 PST

<rdar://problem/19343307>

Comment 2 Conrad Shultz 2014-12-26 20:44:42 PST

Created attachment 243773 [details]
Patch

Comment 3 Alexey Proskuryakov 2014-12-26 20:54:48 PST

*** Bug 139952 has been marked as a duplicate of this bug. ***

Comment 4 Conrad Shultz 2014-12-26 21:46:34 PST

Committed r177754: <http://trac.webkit.org/changeset/177754>

Comment 5 Sam Weinig 2014-12-27 13:48:00 PST

Any reason this can't be API tested?