Bug 215931 - REGRESSION(r266187): ARGUMENT BAD: WebIconUtilities.mm(138) : RetainPtr<UIImage> WebKit::iconForFile(NSURL *) file, [file isFileURL]
Summary: REGRESSION(r266187): ARGUMENT BAD: WebIconUtilities.mm(138) : RetainPtr<UIIma...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Alex Christensen
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-08-28 09:46 PDT by Hector Lopez
Modified: 2020-08-28 11:33 PDT (History)
4 users (show)

See Also:

Attachments
Patch (1.99 KB, patch)
2020-08-28 10:47 PDT, Alex Christensen 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hector Lopez 2020-08-28 09:46:00 PDT 
7 Tests are constantly crashing after revision r266187 on iOS wk2 Debug.

imported/w3c/web-platform-tests/FileAPI/file/send-file-form-iso-2022-jp.tentative.html
https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2FFileAPI%2Ffile%2Fsend-file-form-iso-2022-jp.tentative.html&platform=ios&style=debug

imported/w3c/web-platform-tests/FileAPI/file/send-file-form-utf-8.html
https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2FFileAPI%2Ffile%2Fsend-file-form-utf-8.html&platform=ios&style=debug

imported/w3c/web-platform-tests/FileAPI/file/send-file-form-windows-1252.tentative.html
https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2FFileAPI%2Ffile%2Fsend-file-form-windows-1252.tentative.html&platform=ios&style=debug

imported/w3c/web-platform-tests/FileAPI/file/send-file-form-x-user-defined.tentative.html
https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2FFileAPI%2Ffile%2Fsend-file-form-x-user-defined.tentative.html&platform=ios&style=debug

imported/w3c/web-platform-tests/FileAPI/file/send-file-form.html
https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2FFileAPI%2Ffile%2Fsend-file-form.html&style=debug&platform=ios

imported/w3c/web-platform-tests/html/semantics/forms/form-submission-0/submit-file.sub.html
https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2Fhtml%2Fsemantics%2Fforms%2Fform-submission-0%2Fsubmit-file.sub.html&platform=ios&style=debug

imported/w3c/web-platform-tests/service-workers/service-worker/data-transfer-files.https.html
https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2Fservice-workers%2Fservice-worker%2Fdata-transfer-files.https.html&platform=ios&style=debug


Crash log:
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x0000000235beea0e WTFCrash + 14 (Assertions.cpp:295)
1   com.apple.WebKit              	0x00000002209d27ee WebKit::iconForFile(NSURL*) + 94 (WebIconUtilities.mm:138)
2   com.apple.WebKit              	0x0000000221258a2e WebKit::WebChromeClient::createIconForFiles(WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) + 158 (WebChromeClientIOS.mm:157)
3   com.apple.WebKit              	0x00000002216a0240 WebKit::WebChromeClient::loadIconForFiles(WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::FileIconLoader&) + 48 (WebChromeClient.cpp:807)
4   com.apple.WebCore             	0x0000000240bc8fa0 WebCore::Chrome::loadIconForFiles(WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::FileIconLoader&) + 48 (Chrome.cpp:478)
5   com.apple.WebCore             	0x000000024025c18f WebCore::FileInputType::requestIcon(WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) + 319 (FileInputType.cpp:331)

Stderr:
ARGUMENT BAD: file, [file isFileURL]
/Volumes/Data/slave/ios-simulator-13-debug/build/Source/WebKit/Shared/ios/WebIconUtilities.mm(138) : RetainPtr<UIImage> WebKit::iconForFile(NSURL *)
1   0x3b5beea09 WTFCrash
2   0x3a09d27ee WebKit::iconForFile(NSURL*)
3   0x3a1258a2e WebKit::WebChromeClient::createIconForFiles(WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)
4   0x3a16a0240 WebKit::WebChromeClient::loadIconForFiles(WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::FileIconLoader&)
5   0x3c0bc8fa0 WebCore::Chrome::loadIconForFiles(WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::FileIconLoader&)
6   0x3c025c18f WebCore::FileInputType::requestIcon(WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)
7   0x3c025c97e WebCore::FileInputType::setFiles(WTF::RefPtr<WebCore::FileList, WTF::DumbPtrTraits<WebCore::FileList> >&&, WebCore::FileInputType::RequestIcon)
8   0x3c025c6d2 WebCore::FileInputType::setFiles(WTF::RefPtr<WebCore::FileList, WTF::DumbPtrTraits<WebCore::FileList> >&&)
9   0x3c0323ba2 WebCore::HTMLInputElement::setFiles(WTF::RefPtr<WebCore::FileList, WTF::DumbPtrTraits<WebCore::FileList> >&&)
10  0x3be158d9c WebCore::setJSHTMLInputElementFilesSetter(JSC::JSGlobalObject&, WebCore::JSHTMLInputElement&, JSC::JSValue)::'lambda'()::operator()() const
11  0x3be158b2d std::__1::enable_if<std::is_same<void, decltype(fp1())>::value, void>::type WebCore::AttributeSetter::call<WebCore::setJSHTMLInputElementFilesSetter(JSC::JSGlobalObject&, WebCore::JSHTMLInputElement&, JSC::JSValue)::'lambda'()>(JSC::JSGlobalObject&, JSC::ThrowScope&, WebCore::setJSHTMLInputElementFilesSetter(JSC::JSGlobalObject&, WebCore::JSHTMLInputElement&, JSC::JSValue)::'lambda'()&&)
12  0x3be158a93 WebCore::setJSHTMLInputElementFilesSetter(JSC::JSGlobalObject&, WebCore::JSHTMLInputElement&, JSC::JSValue)
13  0x3be07975e bool WebCore::IDLAttribute<WebCore::JSHTMLInputElement>::set<&(WebCore::setJSHTMLInputElementFilesSetter(JSC::JSGlobalObject&, WebCore::JSHTMLInputElement&, JSC::JSValue)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, long long, long long, char const*)
14  0x3be0795fc WebCore::setJSHTMLInputElementFiles(JSC::JSGlobalObject*, long long, long long)
15  0x3b73c704e JSC::callCustomSetter(JSC::JSGlobalObject*, bool (*)(JSC::JSGlobalObject*, long long, long long), bool, JSC::JSValue, JSC::JSValue)
16  0x3b73c7122 JSC::callCustomSetter(JSC::JSGlobalObject*, JSC::JSValue, bool, JSC::JSObject*, JSC::JSValue, JSC::JSValue)
17  0x3b75bf30e JSC::JSObject::putInlineSlow(JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
18  0x3b7310d31 JSC::JSObject::putInlineForJSObject(JSC::JSCell*, JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
19  0x3b6c75338 JSC::JSCell::putInline(JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
20  0x3b6c76a33 JSC::JSValue::putInline(JSC::JSGlobalObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
21  0x3b71219cb llint_slow_path_put_by_id
22  0x3b6164c31 llint_entry
23  0x3b6179f85 llint_entry
24  0x3b6179f85 llint_entry
25  0x3b617a028 llint_entry
26  0x3b6179f85 llint_entry
27  0x3b6159943 vmEntryToJavaScript
28  0x3b6feaa9b JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
29  0x3b6feb257 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
30  0x3b737e8dd JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
31  0x3b737ebb3 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
LEAK: 2 WebPageProxy
Comment 1 Radar WebKit Bug Importer 2020-08-28 09:46:22 PDT 
<rdar://problem/67945906>
Comment 2 Alex Christensen 2020-08-28 10:47:27 PDT 
Created attachment 407483 [details]
Patch
Comment 3 EWS 2020-08-28 11:33:57 PDT 
Committed r266287: <https://trac.webkit.org/changeset/266287>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 407483 [details].