RESOLVED FIXED 215931
REGRESSION(r266187): ARGUMENT BAD: WebIconUtilities.mm(138) : RetainPtr<UIImage> WebKit::iconForFile(NSURL *) file, [file isFileURL] 
https://bugs.webkit.org/show_bug.cgi?id=215931
Summary REGRESSION(r266187): ARGUMENT BAD: WebIconUtilities.mm(138) : RetainPtr<UIIma...
Hector Lopez
Reported 2020-08-28 09:46:00 PDT
7 Tests are constantly crashing after revision r266187 on iOS wk2 Debug. imported/w3c/web-platform-tests/FileAPI/file/send-file-form-iso-2022-jp.tentative.html https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2FFileAPI%2Ffile%2Fsend-file-form-iso-2022-jp.tentative.html&platform=ios&style=debug imported/w3c/web-platform-tests/FileAPI/file/send-file-form-utf-8.html https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2FFileAPI%2Ffile%2Fsend-file-form-utf-8.html&platform=ios&style=debug imported/w3c/web-platform-tests/FileAPI/file/send-file-form-windows-1252.tentative.html https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2FFileAPI%2Ffile%2Fsend-file-form-windows-1252.tentative.html&platform=ios&style=debug imported/w3c/web-platform-tests/FileAPI/file/send-file-form-x-user-defined.tentative.html https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2FFileAPI%2Ffile%2Fsend-file-form-x-user-defined.tentative.html&platform=ios&style=debug imported/w3c/web-platform-tests/FileAPI/file/send-file-form.html https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2FFileAPI%2Ffile%2Fsend-file-form.html&style=debug&platform=ios imported/w3c/web-platform-tests/html/semantics/forms/form-submission-0/submit-file.sub.html https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2Fhtml%2Fsemantics%2Fforms%2Fform-submission-0%2Fsubmit-file.sub.html&platform=ios&style=debug imported/w3c/web-platform-tests/service-workers/service-worker/data-transfer-files.https.html https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2Fservice-workers%2Fservice-worker%2Fdata-transfer-files.https.html&platform=ios&style=debug Crash log: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x0000000235beea0e WTFCrash + 14 (Assertions.cpp:295) 1 com.apple.WebKit 0x00000002209d27ee WebKit::iconForFile(NSURL*) + 94 (WebIconUtilities.mm:138) 2 com.apple.WebKit 0x0000000221258a2e WebKit::WebChromeClient::createIconForFiles(WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) + 158 (WebChromeClientIOS.mm:157) 3 com.apple.WebKit 0x00000002216a0240 WebKit::WebChromeClient::loadIconForFiles(WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::FileIconLoader&) + 48 (WebChromeClient.cpp:807) 4 com.apple.WebCore 0x0000000240bc8fa0 WebCore::Chrome::loadIconForFiles(WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::FileIconLoader&) + 48 (Chrome.cpp:478) 5 com.apple.WebCore 0x000000024025c18f WebCore::FileInputType::requestIcon(WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) + 319 (FileInputType.cpp:331) Stderr: ARGUMENT BAD: file, [file isFileURL] /Volumes/Data/slave/ios-simulator-13-debug/build/Source/WebKit/Shared/ios/WebIconUtilities.mm(138) : RetainPtr<UIImage> WebKit::iconForFile(NSURL *) 1 0x3b5beea09 WTFCrash 2 0x3a09d27ee WebKit::iconForFile(NSURL*) 3 0x3a1258a2e WebKit::WebChromeClient::createIconForFiles(WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) 4 0x3a16a0240 WebKit::WebChromeClient::loadIconForFiles(WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::FileIconLoader&) 5 0x3c0bc8fa0 WebCore::Chrome::loadIconForFiles(WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::FileIconLoader&) 6 0x3c025c18f WebCore::FileInputType::requestIcon(WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) 7 0x3c025c97e WebCore::FileInputType::setFiles(WTF::RefPtr<WebCore::FileList, WTF::DumbPtrTraits<WebCore::FileList> >&&, WebCore::FileInputType::RequestIcon) 8 0x3c025c6d2 WebCore::FileInputType::setFiles(WTF::RefPtr<WebCore::FileList, WTF::DumbPtrTraits<WebCore::FileList> >&&) 9 0x3c0323ba2 WebCore::HTMLInputElement::setFiles(WTF::RefPtr<WebCore::FileList, WTF::DumbPtrTraits<WebCore::FileList> >&&) 10 0x3be158d9c WebCore::setJSHTMLInputElementFilesSetter(JSC::JSGlobalObject&, WebCore::JSHTMLInputElement&, JSC::JSValue)::'lambda'()::operator()() const 11 0x3be158b2d std::__1::enable_if<std::is_same<void, decltype(fp1())>::value, void>::type WebCore::AttributeSetter::call<WebCore::setJSHTMLInputElementFilesSetter(JSC::JSGlobalObject&, WebCore::JSHTMLInputElement&, JSC::JSValue)::'lambda'()>(JSC::JSGlobalObject&, JSC::ThrowScope&, WebCore::setJSHTMLInputElementFilesSetter(JSC::JSGlobalObject&, WebCore::JSHTMLInputElement&, JSC::JSValue)::'lambda'()&&) 12 0x3be158a93 WebCore::setJSHTMLInputElementFilesSetter(JSC::JSGlobalObject&, WebCore::JSHTMLInputElement&, JSC::JSValue) 13 0x3be07975e bool WebCore::IDLAttribute<WebCore::JSHTMLInputElement>::set<&(WebCore::setJSHTMLInputElementFilesSetter(JSC::JSGlobalObject&, WebCore::JSHTMLInputElement&, JSC::JSValue)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, long long, long long, char const*) 14 0x3be0795fc WebCore::setJSHTMLInputElementFiles(JSC::JSGlobalObject*, long long, long long) 15 0x3b73c704e JSC::callCustomSetter(JSC::JSGlobalObject*, bool (*)(JSC::JSGlobalObject*, long long, long long), bool, JSC::JSValue, JSC::JSValue) 16 0x3b73c7122 JSC::callCustomSetter(JSC::JSGlobalObject*, JSC::JSValue, bool, JSC::JSObject*, JSC::JSValue, JSC::JSValue) 17 0x3b75bf30e JSC::JSObject::putInlineSlow(JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) 18 0x3b7310d31 JSC::JSObject::putInlineForJSObject(JSC::JSCell*, JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) 19 0x3b6c75338 JSC::JSCell::putInline(JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) 20 0x3b6c76a33 JSC::JSValue::putInline(JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) 21 0x3b71219cb llint_slow_path_put_by_id 22 0x3b6164c31 llint_entry 23 0x3b6179f85 llint_entry 24 0x3b6179f85 llint_entry 25 0x3b617a028 llint_entry 26 0x3b6179f85 llint_entry 27 0x3b6159943 vmEntryToJavaScript 28 0x3b6feaa9b JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 29 0x3b6feb257 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 30 0x3b737e8dd JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 31 0x3b737ebb3 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) LEAK: 2 WebPageProxy
Attachments
Patch (1.99 KB, patch)
2020-08-28 10:47 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2020-08-28 09:46:22 PDT
<rdar://problem/67945906>
Alex Christensen
Comment 2 2020-08-28 10:47:27 PDT
Created attachment 407483 [details] Patch
EWS
Comment 3 2020-08-28 11:33:57 PDT
Committed r266287: <https://trac.webkit.org/changeset/266287> All reviewed patches have been landed. Closing bug and clearing flags on attachment 407483 [details].
Note You need to log in before you can comment on or make changes to this bug.