RESOLVED FIXED 234301
RELEASE_ASSERT in WTF::Deque<WebKit::NativeWebKeyboardEvent, 0ul>::first() 
https://bugs.webkit.org/show_bug.cgi?id=234301
Summary RELEASE_ASSERT in WTF::Deque<WebKit::NativeWebKeyboardEvent, 0ul>::first()
Ali Juma
Reported 2021-12-14 09:18:20 PST
Chrome for iOS is getting crash reports from a release assert triggered when calling WTF::Deque<WebKit::NativeWebKeyboardEvent, 0ul>::first() on an empty Deque. This happens primarily on https://www.elgiganten.dk/ and https://www.alaskaair.com/ though we don't have steps to reproduce beyond that. Here's the stack: 0x000000018edf92dc (WebKit + 0x000172dc) WTFCrashWithInfo(int, char const*, char const*, int) 0x000000018f20aab4 (WebKit + 0x00428ab4) WTF::Deque<WebKit::NativeWebKeyboardEvent, 0ul>::first() 0x000000018f27fd20 (WebKit + 0x0049dd20) WebKit::WebPageProxy::interpretKeyEvent(WebKit::EditorState const&, bool, WTF::CompletionHandler<void (bool)>&&) 0x000000018f57f6c4 (WebKit + 0x0079d6c4) WebKit::WebPageProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) 0x000000018ee3af58 (WebKit + 0x00058f58) IPC::MessageReceiverMap::dispatchSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) 0x000000018f24c8d0 (WebKit + 0x0046a8d0) WebKit::WebProcessProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) 0x000000018ee188dc (WebKit + 0x000368dc) IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) 0x000000018ee1a05c (WebKit + 0x0003805c) WTF::Detail::CallableWrapper<IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >&)::$_2, void>::call() 0x000000018c70f070 (JavaScriptCore + 0x0000000001140070) WTF::RunLoop::performWork() 0x000000018c7101e0 (JavaScriptCore + 0x00000000011411e0) WTF::RunLoop::performWork(void*) 0x00000001806fc01c (CoreFoundation + 0x000bb01c) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x000000018070ccdc (CoreFoundation + 0x000cbcdc) __CFRunLoopDoSource0 0x0000000180646fe4 (CoreFoundation + 0x00005fe4) __CFRunLoopDoSources0 0x000000018064c7f0 (CoreFoundation + 0x0000b7f0) __CFRunLoopRun 0x00000001806603b4 (CoreFoundation + 0x0001f3b4) CFRunLoopRunSpecific 0x000000019bff0388 (GraphicsServices + 0x00001388) GSEventRunModal 0x00000001830006a4 (UIKitCore + 0x005196a4) -[UIApplication _run] 0x0000000182d7f7f0 (UIKitCore + 0x002987f0) UIApplicationMain 0x00000001040ec26c (Chrome -chrome_exe_main.mm:65) main
Attachments
Patch (2.12 KB, patch)
2021-12-15 09:57 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2021-12-14 09:29:34 PST
m_keyEventQueue is empty when m_keyEventQueue.first() is called. WebPageProxy::interpretKeyEvent() seems to assume m_keyEventQueue cannot be empty. I am not sure yet why it makes this assumption.
Chris Dumez
Comment 2 2021-12-15 09:57:42 PST
Created attachment 447248 [details] Patch
Geoffrey Garen
Comment 3 2021-12-15 10:55:52 PST
Comment on attachment 447248 [details] Patch r=me
EWS
Comment 4 2021-12-15 13:26:03 PST
Committed r287103 (245292@main): <https://commits.webkit.org/245292@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 447248 [details].
Radar WebKit Bug Importer
Comment 5 2021-12-15 13:27:17 PST
<rdar://problem/86540001>
Note You need to log in before you can comment on or make changes to this bug.