187769 – CRASH at WebKit: WebKit::WebFullScreenManagerProxy::saveScrollPosition

Bug 187769 - CRASH at WebKit: WebKit::WebFullScreenManagerProxy::saveScrollPosition

Summary: CRASH at WebKit: WebKit::WebFullScreenManagerProxy::saveScrollPosition

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Jer Noble

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2018-07-18 10:49 PDT by Jer Noble
Modified:	2018-07-23 15:18 PDT (History)
CC List:	6 users (show)

See Also:

Attachments
Patch (6.10 KB, patch) 2018-07-18 10:52 PDT, Jer Noble	thorton: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jer Noble 2018-07-18 10:49:50 PDT

CRASH at WebKit: WebKit::WebFullScreenManagerProxy::saveScrollPosition

Comment 1 Jer Noble 2018-07-18 10:50:13 PDT

<rdar://problem/42160666>

Comment 2 Jer Noble 2018-07-18 10:52:27 PDT

Created attachment 345257 [details]
Patch

Comment 3 Jon Lee 2018-07-18 13:51:55 PDT

Comment on attachment 345257 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=345257&action=review

> Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:495
> +    auto* page = self._webView._page;

Can we clean up the self._webView and webView references?

> Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:720
> +    if (auto* page = [self._webView _page])

not webView?

Comment 4 Jer Noble 2018-07-18 16:30:13 PDT

Committed r233940: <https://trac.webkit.org/changeset/233940>

Comment 5 Chris Dumez 2018-07-23 14:19:26 PDT

Comment on attachment 345257 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=345257&action=review

> Source/WebKit/ChangeLog:9
> +        Null-check all uses of _page and _manager in WKFullScreenWindowControllerIOS.

How can WKWebView._page become null? As far as I can tell, _page is initialized in the init function and never null out so I personally do not see how WKWebView._page can be null if the webView is still alive.
Also note that _page is a WebPageProxy and that it OWNS the WebFullScreenManagerProxy, so no page no WebFullScreenManagerProxy.

See rdar://problem/42462494 for related crash.

Comment 6 Chris Dumez 2018-07-23 15:18:43 PDT

Comment on attachment 345257 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=345257&action=review

>> Source/WebKit/ChangeLog:9
>> +        Null-check all uses of _page and _manager in WKFullScreenWindowControllerIOS.
> 
> How can WKWebView._page become null? As far as I can tell, _page is initialized in the init function and never null out so I personally do not see how WKWebView._page can be null if the webView is still alive.
> Also note that _page is a WebPageProxy and that it OWNS the WebFullScreenManagerProxy, so no page no WebFullScreenManagerProxy.
> 
> See rdar://problem/42462494 for related crash.

WKWebView._page definitely cannot be null since WKWebView's dealloc function dereferences _page unconditionally to call close().
However, WKFullScreenWindowControllerIOS._webView can be null as it is weak and its gets nulled out in some cases. I think we should null check _webView, not _webView._page.