Bug 146201 - Crash replacing TabDocument in MobileSafari at WebKit: -[WKWebView(WKPrivate) _beginAnimatedResizeWithUpdates:]
Summary: Crash replacing TabDocument in MobileSafari at WebKit: -[WKWebView(WKPrivate)...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2015-06-22 04:41 PDT by Antti Koivisto
Modified: 2015-06-22 07:34 PDT (History)
2 users (show)

See Also:


Attachments
patch (2.86 KB, patch)
2015-06-22 07:13 PDT, Antti Koivisto
mitz: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Antti Koivisto 2015-06-22 04:41:42 PDT
Application Specific Information:
*** Terminating app due to uncaught exception 'CALayerInvalidGeometry', reason: 'CALayer bounds contains NaN: [nan -64; 375 667]'
terminating with uncaught exception of type NSException
abort() called

Last Exception Backtrace:
0   CoreFoundation                     0x18216bf44 __exceptionPreprocess + 124 (NSException.m:162)
1   libobjc.A.dylib                    0x197d23f2c objc_exception_throw + 56 (objc-exception.mm:531)
2   CoreFoundation                     0x18216be8c -[NSException initWithCoder:] + 0 (NSException.m:143)
3   QuartzCore                         0x186e904e0 CA::Layer::set_bounds(CA::Rect const&, bool) + 200 (CALayer.mm:3946)
4   QuartzCore                         0x186e90380 -[CALayer setBounds:] + 100 (CALayer.mm:3986)
5   UIKit                              0x187691558 -[UIView(Geometry) setBounds:] + 308 (UIView.m:6309)
6   UIKit                              0x18769fb38 -[UIScrollView setBounds:] + 1072 (UIScrollView.m:1387)
7   UIKit                              0x187660008 -[UIScrollView setContentOffset:] + 424 (UIScrollView.m:1458)
8   WebKit                             0x1884939cc -[WKWebView(WKPrivate) _beginAnimatedResizeWithUpdates:] + 1768 (WKWebView.mm:2642)
9   WebKit                             0x188493e3c -[WKWebView(WKPrivate) _resizeWhileHidingContentWithUpdates:] + 28 (WKWebView.mm:2698)
10  MobileSafari                       0x100084130 -[BrowserController setWebView:] + 592 (BrowserController.mm:4854)
11  MobileSafari                       0x1000842b4 -[BrowserController setWebViewFromTabDocument:] + 104 (BrowserController.mm:4866)
12  MobileSafari                       0x10008c9f0 -[BrowserController(BrowserControllerTabs) switchFromTabDocument:toTabDocument:] + 772 (BrowserControllerTabs.m:388)
13  MobileSafari                       0x10008cca4 -[BrowserController(BrowserControllerTabs) tabController:didSwitchFromTabDocument:toTabDocument:] + 100 (BrowserControllerTabs.m:422)
14  MobileSafari                       0x1000ece2c -[TabController _switchActiveTabDocumentFromTabDocument:toTabDocument:] + 208 (TabController.m:292)
15  MobileSafari                       0x1000ecd3c -[TabController setActiveTabDocument:animated:deferActivation:] + 408 (TabController.m:275)
16  MobileSafari                       0x1000ee7e4 -[TabController replaceTabDocument:withTabDocument:] + 196 (TabController.m:566)
17  MobileSafari                       0x10007a3a8 -[BrowserController _replaceActiveDocument:withSpeculativeDocument:] + 104 (BrowserController.mm:3100)
18  MobileSafari                       0x100084ef4 -[BrowserController _commitToSpeculativeLoadForDocument:] + 108 (BrowserController.mm:5025)
19  MobileSafari                       0x10007a2a8 -[BrowserController _commitToSpeculativeLoad] + 128 (BrowserController.mm:3087)
20  MobileSafari                       0x100078c78 -[BrowserController _commitSpeculativeLoadForURL:] + 76 (BrowserController.mm:2736)
21  MobileSafari                       0x100078d3c -[BrowserController goToAddress:] + 140 (BrowserController.mm:2745)
22  MobileSafari                       0x100075934 -[BrowserController catalogViewController:didSelectAddress:] + 48 (BrowserController.mm:2062)
23  MobileSafari                       0x10014aca8 -[CatalogViewController unifiedField:didEndEditingWithAddress:] + 208 (CatalogViewController.m:888)
24  MobileSafari                       0x1000cfc2c -[UnifiedField _endEditingWithCurrentText] + 228 (UnifiedField.m:185)
25  UIKit                              0x187678f18 -[UIApplication sendAction:to:from:forEvent:] + 140 (UIApplication.m:3892)
26  UIKit                              0x187678e60 -[UIApplication sendAction:toTarget:fromSender:forEvent:] + 92 (UIApplication.m:3878)
27  UIKit                              0x187678df0 -[UIControl sendAction:to:forEvent:] + 80 (UIControl.m:572)
28  UIKit                              0x1876617a0 -[UIControl _sendActionsForEvents:withEvent:] + 364 (UIControl.m:651)
29  UIKit                              0x187994a88 -[UIFieldEditor insertFilteredText:] + 268 (UIFieldEditor.m:1124)
30  UIKit                              0x187ed6b34 -[UITextField insertFilteredText:] + 104 (UITextField.m:5339)
31  UIKit                              0x1878162b0 -[UIKeyboardImpl insertText:] + 136 (UIKeyboardImpl.m:5032)
32  UIKit                              0x187a2e390 -[UIKeyboardImpl performKeyboardOutput:] + 496 (UIKeyboardImpl.m:4098)
33  UIKit                              0x187a2e050 __55-[UIKeyboardImpl handleKeyboardInput:executionContext:]_block_invoke_2 + 140 (UIKeyboardImpl.m:4055)
34  UIKit                              0x18766c7fc -[UIKeyboardTaskQueue continueExecutionOnMainThread] + 344 (UIKeyboardTaskQueue.m:252)
35  Foundation                         0x1830cd9bc __NSThreadPerformPerform + 340 (NSThread.m:1219)
36  CoreFoundation                     0x18212402c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 (CFRunLoop.c:1767)
37  CoreFoundation                     0x182123ac0 __CFRunLoopDoSources0 + 540 (CFRunLoop.c:1811)
38  CoreFoundation                     0x182121794 __CFRunLoopRun + 724 (CFRunLoop.c:2540)
39  CoreFoundation                     0x18204d0c0 CFRunLoopRunSpecific + 384 (CFRunLoop.c:2818)
40  GraphicsServices                   0x18d4ef170 GSEventRunModal + 180 (GSEvent.c:2247)
41  UIKit                              0x1876aa5b8 UIApplicationMain + 204 (UIApplication.m:3478)
42  MobileSafari                       0x10004dd48 main + 2252 (main.m:204)
43  libdyld.dylib                      0x19855e9e8 start + 4 (start_glue.s:80)
Comment 1 Antti Koivisto 2015-06-22 04:42:02 PDT
<rdar://problem/18904930>
Comment 2 Antti Koivisto 2015-06-22 07:13:52 PDT
Created attachment 255351 [details]
patch
Comment 3 mitz 2015-06-22 07:19:05 PDT
Comment on attachment 255351 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=255351&action=review

> Source/WebKit2/ChangeLog:14
> +            No repro but if for some reason [_contentView bounds] width is empty we'll compute +Inf targetScale
> +            and then NaN contentOffset.x. Verified in lldb that this gives the exact crash signature seen.
> +
> +            Fix by checking that [_contentView bounds] is not empty like is done with other inputs.

Weird indentation
Comment 4 Antti Koivisto 2015-06-22 07:34:10 PDT
https://trac.webkit.org/r185827