228559 – [iOS 15] Crash in createFallbackTargetedPreview

Bug 228559 - [iOS 15] Crash in createFallbackTargetedPreview

Summary: [iOS 15] Crash in createFallbackTargetedPreview

Status:	RESOLVED DUPLICATE of bug 235248

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	UI Events (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2021-07-28 11:28 PDT by Ali Juma
Modified:	2022-01-25 11:38 PST (History)
CC List:	7 users (show)

See Also:

Attachments
Crash report (29.90 KB, text/plain) 2022-01-25 11:29 PST, Ali Juma	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ali Juma 2021-07-28 11:28:16 PDT

Chrome for iOS is seeing an increase in crash reports inside createFallbackTargetedPreview. The crash is an uncaught NSException ("Invalid parameter not satisfying: view != nil").

It looks like a call to -[UIView resizableSnapshotViewFromRect:afterScreenUpdates:withCapInsets:] is returning nil here: https://github.com/WebKit/WebKit/blob/main/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm#L8617

These crashes are happening after the app has been backgrounded, so perhaps users are triggering the context menu and then backgrounding the app before the logic to display the context menu is reached.

Here's the crash stack:

0x000000018899fe00	(CoreFoundation + 0x000d0e00)		__exceptionPreprocess
0x000000019f9b30d4	(libobjc.A.dylib + 0x0001a0d4)		objc_exception_throw
0x000000018a0f2e84	(Foundation + 0x0010ee84)		-[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:]
0x000000018b4e6b4c	(UIKitCore + 0x0090bb4c)		-[UITargetedPreview initWithView:parameters:target:]
0x0000000196bf3578	(WebKit + 0x0075f578)		createFallbackTargetedPreview(UIView*, UIView*, WebCore::FloatRect const&, UIColor*)
0x0000000196bf3354	(WebKit + 0x0075f354)		-[WKContentView(WKInteraction) _createTargetedContextMenuHintPreviewForFocusedElement]
0x000000018bdcd2fc	(UIKitCore + 0x00000000011f22fc)		-[UIContextMenuInteraction _delegate_previewForHighlightingForConfiguration:]
0x000000018bdc8fd0	(UIKitCore + 0x00000000011edfd0)		-[UIContextMenuInteraction clickPresentationInteraction:previewForHighlightingAtLocation:]
0x000000018b984830	(UIKitCore + 0x00da9830)		-[_UIClickPresentationInteraction _prepareInteractionEffect]
0x000000018b981af8	(UIKitCore + 0x00da6af8)		-[_UIClickPresentationInteraction _performPreviewPresentation]
0x000000018bdc8cb8	(UIKitCore + 0x00000000011edcb8)		__51-[UIContextMenuInteraction _presentMenuAtLocation:]_block_invoke
0x000000018bdcd1fc	(UIKitCore + 0x00000000011f21fc)		__73-[UIContextMenuInteraction _interactionShouldBeginAtLocation:completion:]_block_invoke
0x000000018b17bf60	(UIKitCore + 0x005a0f60)		-[UIContextMenuInteraction _interactionShouldBeginAtLocation:completion:]
0x000000018bdc8c64	(UIKitCore + 0x00000000011edc64)		-[UIContextMenuInteraction _presentMenuAtLocation:]
0x0000000196bed45c	(WebKit + 0x0075945c)		-[WKContentView(WKInteraction) _elementDidFocus:userIsInteracting:blurPreviousNode:activityStateChanges:userObject:]
0x00000001968b763c	(WebKit + 0x0042363c)		WebKit::WebPageProxy::elementDidFocus(WebKit::FocusedElementInformation const&, bool, bool, WTF::OptionSet<WebCore::ActivityState::Flag>, WebKit::UserData const&)
0x0000000196b617a0	(WebKit + 0x006cd7a0)		WebKit::WebPageProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
0x00000001964e7a48	(WebKit + 0x00053a48)		IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&)
0x000000019687dcc0	(WebKit + 0x003e9cc0)		WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
0x00000001964c528c	(WebKit + 0x0003128c)		IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)
0x00000001964c4a70	(WebKit + 0x00030a70)		IPC::Connection::dispatchIncomingMessages()
0x0000000193fa3d50	(JavaScriptCore + 0x00f21d50)		WTF::RunLoop::performWork()
0x0000000193fa4bf0	(JavaScriptCore + 0x00f22bf0)		WTF::RunLoop::performWork(void*)
0x000000018896e1e4	(CoreFoundation + 0x0009f1e4)		__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x00000001889be2f4	(CoreFoundation + 0x000ef2f4)		__CFRunLoopDoSource0
0x000000018892d068	(CoreFoundation + 0x0005e068)		__CFRunLoopDoSources0
0x000000018893ce54	(CoreFoundation + 0x0006de54)		__CFRunLoopRun
0x0000000188949dd8	(CoreFoundation + 0x0007add8)		CFRunLoopRunSpecific
0x00000001a29cdaf8	(GraphicsServices + 0x00003af8)		GSEventRunModal
0x000000018af8bd6c	(UIKitCore + 0x003b0d6c)		-[UIApplication _run]
0x000000018af8b7f4	(UIKitCore + 0x003b07f4)		UIApplicationMain

Comment 1 Radar WebKit Bug Importer 2021-07-29 05:39:57 PDT

<rdar://problem/81267144>

Comment 2 Ali Juma 2022-01-25 11:29:55 PST

Created attachment 449947 [details]
Crash report

We're still getting a lot of these crashes, including on iOS 15.3.

I've attached a sample crash report.

A disproportionate number of these crashes are on https://medicareplan.com and https://www.fedex.com/apps/onlineclaims/?locale=en_US

Comment 3 Wenson Hsieh 2022-01-25 11:31:20 PST

Dupe of https://bugs.webkit.org/show_bug.cgi?id=235248?

(Note that we have not released the fix for that bug in a public beta yet)

Comment 4 Ali Juma 2022-01-25 11:38:37 PST

(In reply to Wenson Hsieh from comment #3)
> Dupe of https://bugs.webkit.org/show_bug.cgi?id=235248?
> 
> (Note that we have not released the fix for that bug in a public beta yet)

Thanks, that does look like the same bug!

*** This bug has been marked as a duplicate of bug 235248 ***