Bug 234301 - RELEASE_ASSERT in WTF::Deque<WebKit::NativeWebKeyboardEvent, 0ul>::first()
Summary: RELEASE_ASSERT in WTF::Deque<WebKit::NativeWebKeyboardEvent, 0ul>::first()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: UI Events (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-12-14 09:18 PST by Ali Juma
Modified: 2021-12-15 13:27 PST (History)
5 users (show)

See Also:


Attachments
Patch (2.12 KB, patch)
2021-12-15 09:57 PST, Chris Dumez
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ali Juma 2021-12-14 09:18:20 PST
Chrome for iOS is getting crash reports from a release assert triggered when calling WTF::Deque<WebKit::NativeWebKeyboardEvent, 0ul>::first() on an empty Deque. This happens primarily on https://www.elgiganten.dk/ and https://www.alaskaair.com/ though we don't have steps to reproduce beyond that.

Here's the stack:
0x000000018edf92dc	(WebKit + 0x000172dc)		WTFCrashWithInfo(int, char const*, char const*, int)
0x000000018f20aab4	(WebKit + 0x00428ab4)		WTF::Deque<WebKit::NativeWebKeyboardEvent, 0ul>::first()
0x000000018f27fd20	(WebKit + 0x0049dd20)		WebKit::WebPageProxy::interpretKeyEvent(WebKit::EditorState const&, bool, WTF::CompletionHandler<void (bool)>&&)
0x000000018f57f6c4	(WebKit + 0x0079d6c4)		WebKit::WebPageProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&)
0x000000018ee3af58	(WebKit + 0x00058f58)		IPC::MessageReceiverMap::dispatchSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&)
0x000000018f24c8d0	(WebKit + 0x0046a8d0)		WebKit::WebProcessProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&)
0x000000018ee188dc	(WebKit + 0x000368dc)		IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)
0x000000018ee1a05c	(WebKit + 0x0003805c)		WTF::Detail::CallableWrapper<IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >&)::$_2, void>::call()
0x000000018c70f070	(JavaScriptCore + 0x0000000001140070)		WTF::RunLoop::performWork()
0x000000018c7101e0	(JavaScriptCore + 0x00000000011411e0)		WTF::RunLoop::performWork(void*)
0x00000001806fc01c	(CoreFoundation + 0x000bb01c)		__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x000000018070ccdc	(CoreFoundation + 0x000cbcdc)		__CFRunLoopDoSource0
0x0000000180646fe4	(CoreFoundation + 0x00005fe4)		__CFRunLoopDoSources0
0x000000018064c7f0	(CoreFoundation + 0x0000b7f0)		__CFRunLoopRun
0x00000001806603b4	(CoreFoundation + 0x0001f3b4)		CFRunLoopRunSpecific
0x000000019bff0388	(GraphicsServices + 0x00001388)		GSEventRunModal
0x00000001830006a4	(UIKitCore + 0x005196a4)		-[UIApplication _run]
0x0000000182d7f7f0	(UIKitCore + 0x002987f0)		UIApplicationMain
0x00000001040ec26c	(Chrome -chrome_exe_main.mm:65)		main
Comment 1 Chris Dumez 2021-12-14 09:29:34 PST
m_keyEventQueue is empty when m_keyEventQueue.first() is called.
WebPageProxy::interpretKeyEvent() seems to assume m_keyEventQueue cannot be empty. I am not sure yet why it makes this assumption.
Comment 2 Chris Dumez 2021-12-15 09:57:42 PST
Created attachment 447248 [details]
Patch
Comment 3 Geoffrey Garen 2021-12-15 10:55:52 PST
Comment on attachment 447248 [details]
Patch

r=me
Comment 4 EWS 2021-12-15 13:26:03 PST
Committed r287103 (245292@main): <https://commits.webkit.org/245292@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 447248 [details].
Comment 5 Radar WebKit Bug Importer 2021-12-15 13:27:17 PST
<rdar://problem/86540001>