NEW 154454
Crash in -[WebAVPlayerController isPictureInPicturePossible] 
https://bugs.webkit.org/show_bug.cgi?id=154454
Summary Crash in -[WebAVPlayerController isPictureInPicturePossible]
Louis Romero
Reported 2016-02-19 08:47:30 PST
I get this crash: Thread 23 CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000080 ] MAGIC SIGNATURE THREAD 0x0000000198148c04 (WebCore + 0x00e3cc04 ) -[WebAVPlayerController isPictureInPicturePossible] 0x0000000198148c00 (WebCore + 0x00e3cc00 ) -[WebAVPlayerController isPictureInPicturePossible] 0x0000000183cf3154 (AVKit + 0x00027154 ) -[AVPictureInPictureController isPictureInPicturePossible] 0x0000000183cf39a0 (AVKit + 0x000279a0 ) -[AVPictureInPictureController _updatePictureInPictureShouldStartWhenEnteringBackground] 0x0000000183cf3958 (AVKit + 0x00027958 ) -[AVPictureInPictureController _checkIsFullScreenAndUpdatePictureInPictureShouldStartWhenEnteringBackground] 0x0000000183cf3ff8 (AVKit + 0x00027ff8 ) __79-[AVPictureInPictureController observeValueForKeyPath:ofObject:change:context:]_block_invoke 0x000000019a9a96a4 (libdispatch.dylib + 0x000016a4 ) _dispatch_client_callout 0x000000019a9c02b8 (libdispatch.dylib + 0x000182b8 ) _dispatch_source_latch_and_call 0x000000019a9abb98 (libdispatch.dylib + 0x00003b98 ) _dispatch_source_invoke 0x000000019a9b75b8 (libdispatch.dylib + 0x0000f5b8 ) _dispatch_root_queue_drain 0x000000019a9b72d8 (libdispatch.dylib + 0x0000f2d8 ) _dispatch_worker_thread3 0x000000019abc946c (libsystem_pthread.dylib + 0x0000146c ) _pthread_wqthread 0x000000019abc901c (libsystem_pthread.dylib + 0x0000101c ) start_wqthread Looking at the source: https://github.com/WebKit/webkit/blob/master/Source/WebCore/platform/ios/WebVideoFullscreenInterfaceAVKit.mm#L617 it seems that self.fullscreenInterface is nil and calling the function on it is what crashes. Seems that this class already had similar issues with its delegate, see https://bugs.webkit.org/show_bug.cgi?id=140893.
Attachments
Add attachment proposed patch, testcase, etc.
Louis Romero
Comment 1 2016-06-01 02:34:33 PDT
This is still an issue. Could this be triaged? Thanks!
Radar WebKit Bug Importer
Comment 2 2016-06-01 08:11:00 PDT
<rdar://problem/26576576>
Jer Noble
Comment 3 2016-06-01 08:18:29 PDT
I suspect by the backtrace that WebAVPlayerController has been destroyed, but AVPictureInPictureController is holding a stale pointer to freed memory.
Jer Noble
Comment 4 2016-06-01 08:39:15 PDT
Louis, can you attach the full crashlog to this bug?
Louis Romero
Comment 5 2016-06-02 01:42:58 PDT
Jer, I can't reproduce myself. This is showing in our reports from users, for which I don't have full crash logs.
Jer Noble
Comment 6 2016-06-02 09:24:43 PDT
(In reply to comment #5) > Jer, I can't reproduce myself. This is showing in our reports from users, > for which I don't have full crash logs. Understood. The full crashlog would help us correlate the crash your users are seeing against crashes reported directly to Apple. I.e., helpful, but we can probably figure this out without them.
Louis Romero
Comment 7 2016-06-19 07:37:07 PDT
Is WebKit impacted by Apple's iOS releases? Should I check if this crash is seen on iOS 10? Thank you!
Jer Noble
Comment 8 2016-06-19 09:15:12 PDT
(In reply to comment #7) > Is WebKit impacted by Apple's iOS releases? Should I check if this crash is > seen on iOS 10? > Yes, iOS 10 includes an updated version of WebKit. It would absolutely be a good idea to see if the crash reproduce there.
Louis Romero
Comment 9 2016-06-19 10:34:46 PDT
Thanks! I will keep an eye on the reports.
Louis Romero
Comment 10 2016-10-03 01:40:51 PDT
I don't see any reports from iOS 9.4 nor iOS 10. Was this fixed in iOS 9.4?
Jer Noble
Comment 11 2016-10-03 09:31:09 PDT
(In reply to comment #10) > I don't see any reports from iOS 9.4 nor iOS 10. Was this fixed in iOS 9.4? I was never able to find the underlying cause, but it's certainly possible that a change in AVKit fixed this in iOS 9.4.
Note You need to log in before you can comment on or make changes to this bug.