RESOLVED MOVED 212067
STP crash in __NSFrozenArrayM objectAtIndexedSubscript: (twitter, layout?) 
https://bugs.webkit.org/show_bug.cgi?id=212067
Summary STP crash in __NSFrozenArrayM objectAtIndexedSubscript: (twitter, layout?)
Nigel Jones
Reported 2020-05-19 03:03:25 PDT
Created attachment 399726 [details] text file of crash dump Using STN 106 for regular browsing on MacOS 10.15.5 beta 19F83c. Was viewing my twitter stream at the time. Browser window suddenly disappears - crashed. Stacktrace includes: Crashing on exception: *** -[__NSFrozenArrayM objectAtIndexedSubscript:]: index 6 beyond bounds [0 .. 4] Application Specific Backtrace 1: 0 CoreFoundation 0x00007fff3644dbe7 __exceptionPreprocess + 250 1 libobjc.A.dylib 0x00007fff6f2265bf objc_exception_throw + 48 2 CoreFoundation 0x00007fff364fc60e -[__NSCFString characterAtIndex:].cold.1 + 0 3 CoreFoundation 0x00007fff363e4c49 -[__NSFrozenArrayM objectAtIndexedSubscript:] + 116 4 Safari 0x0000000105c43587 -[BrowserWindowTabViewController tabViewItemAtIndex:] + 55 5 Safari 0x0000000105975a35 -[BrowserWindowController functionBarProvider:thumbnailProviderForTabAtIndex:] + 60 6 Safari 0x0000000105d2cd95 -[WindowFunctionBarProvider visualScrubberViewController:contentViewProviderForItemAtIndex:] + 53 7 Safari 0x0000000105ce4a80 -[VisualScrubberViewController _configureScrubberItemView:forUseAtIndex:] + 87 8 Safari 0x0000000105ce452b -[VisualScrubberViewController scrubber:viewForItemAtIndex:] + 154 9 AppKit 0x00007fff33ced25c -[NSScrubberDocumentView createItemViewForIndex:] + 115 10 AppKit 0x00007fff3397dffd -[NSScrubberDocumentView viewForItemAtIndex:creatingIfNeeded:] + 104 11 AppKit 0x00007fff33ce91c7 -[NSScrubberDocumentView applyItemAttributes:startingAttributes:withState:] + 701 12 AppKit 0x00007fff33ce6e0f __57-[NSScrubberDocumentView layoutScrubberContentsAnimated:]_block_invoke.357 + 153 13 AppKit 0x00007fff336774d0 +[NSAnimationContext runAnimationGroup:] + 55 14 AppKit 0x00007fff33ce6b47 -[NSScrubberDocumentView layoutScrubberContentsAnimated:] + 873 15 AppKit 0x00007fff33ce67b5 -[NSScrubberDocumentView layout] + 122 16 AppKit 0x00007fff336b9b9a _NSViewLayout + 600 17 AppKit 0x00007fff336b963e -[NSView _layoutSubtreeWithOldSize:] + 388 but will add full log as attachment. Also opening as 'feedback' item (please advise if one or other is preferable, or if both is good practice - I'm unclear)
Attachments
text file of crash dump (38.48 KB, application/x-gzip)
2020-05-19 03:03 PDT, Nigel Jones 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Nigel Jones
Comment 1 2020-05-19 03:04:46 PDT
Note - I had enabled the following experimental features above the default: Auto HTTPs Link preload responsive LinkPrefetch Capture video in UI process Lazy Image loading IsLoggedIn Ad click attribution NSURL WebSocket
Nigel Jones
Comment 2 2020-05-19 03:10:05 PDT
Apple feedback report id: FB7707262
Simon Fraser (smfr)
Comment 3 2020-05-19 11:17:26 PDT
That's in Safari code. We'll track it internally.
Radar WebKit Bug Importer
Comment 4 2020-05-19 11:17:36 PDT
<rdar://problem/63405388>
Note You need to log in before you can comment on or make changes to this bug.