251247 – ASSERTION FAILED: m_element in WebFullScreenManager::setAnimatingFullScreen

RESOLVED FIXED 251247

ASSERTION FAILED: m_element in WebFullScreenManager::setAnimatingFullScreen

https://bugs.webkit.org/show_bug.cgi?id=251247

Summary ASSERTION FAILED: m_element in WebFullScreenManager::setAnimatingFullScreen

Jean-Yves Avenard [:jya]

Reported 2023-01-26 21:45:44 PST

STR: - In a debug build, open https://talk.objc.io/episodes/S01E338-attributed-string-builder-part-2 - Press play button to start playback - In the bottom right corner of the video, press the button to go into full screen - Press Esc key Assertion on `ASSERT(m_element)` in void WebFullScreenManager::setAnimatingFullScreen(bool animating) https://searchfox.org/wubkat/rev/b66d5e5ea816cde25864cad0e14941127e725181/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp#327 ``` (lldb) bt * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbbadbeef) frame #0: 0x0000000131c3f2f0 JavaScriptCore`::WTFCrash() at Assertions.cpp:327:35 frame #1: 0x0000000115bafd04 WebKit`WTFCrashWithInfo((null)=326, (null)="/Users/jyavenard/Work/webkit/OpenSource/Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp", (null)="void WebKit::WebFullScreenManager::setAnimatingFullScreen(bool)", (null)=3680) at Assertions.h:754:5 * frame #2: 0x0000000117a6e490 WebKit`WebKit::WebFullScreenManager::setAnimatingFullScreen(this=0x000000016852e880, animating=false) at WebFullScreenManager.cpp:326:5 frame #3: 0x000000011825df5c WebKit`auto void IPC::callMemberFunction<WebKit::WebFullScreenManager, WebKit::WebFullScreenManager, void (bool), std::__1::tuple<bool> >(this=0x000000016d9e9950, args=0x000000016d9e99f6)(bool), std::__1::tuple<bool>&&)::'lambda'(auto&&...)::operator()<bool>(auto&&...) const at HandleMessage.h:136:13 frame #4: 0x000000011825de8c WebKit`decltype(__f=0x000000016d9e9950, __args=0x000000016d9e99f6)(std::declval<bool>())) std::__1::__invoke[abi:v15006]<void IPC::callMemberFunction<WebKit::WebFullScreenManager, WebKit::WebFullScreenManager, void (bool), std::__1::tuple<bool> >(WebKit::WebFullScreenManager*, void (WebKit::WebFullScreenManager::*)(bool), std::__1::tuple<bool>&&)::'lambda'(auto&&...), bool>(WebKit::WebFullScreenManager&&, bool&&) at invoke.h:394:23 frame #5: 0x000000011825de5c WebKit`decltype(__f=0x000000016d9e9950, __t=size=1, (null)=__tuple_indices<0UL> @ 0x000000016d9e990f) std::__1::__apply_tuple_impl[abi:v15006]<void IPC::callMemberFunction<WebKit::WebFullScreenManager, WebKit::WebFullScreenManager, void (bool), std::__1::tuple<bool> >(WebKit::WebFullScreenManager*, void (WebKit::WebFullScreenManager::*)(bool), std::__1::tuple<bool>&&)::'lambda'(auto&&...), std::__1::tuple<bool>, 0ul>(WebKit::WebFullScreenManager&&, WebKit::WebFullScreenManager&&, std::__1::__tuple_indices<0ul>) at tuple:1789:1 frame #6: 0x000000011825de1c WebKit`decltype(__f=0x000000016d9e9950, __t=size=1) std::__1::apply[abi:v15006]<void IPC::callMemberFunction<WebKit::WebFullScreenManager, WebKit::WebFullScreenManager, void (bool), std::__1::tuple<bool> >(WebKit::WebFullScreenManager*, void (WebKit::WebFullScreenManager::*)(bool), std::__1::tuple<bool>&&)::'lambda'(auto&&...), std::__1::tuple<bool> >(WebKit::WebFullScreenManager&&, WebKit::WebFullScreenManager&&) at tuple:1798:1 frame #7: 0x000000011825ddec WebKit`void IPC::callMemberFunction<WebKit::WebFullScreenManager, WebKit::WebFullScreenManager, void (bool), std::__1::tuple<bool> >(object=0x000000016852e880, function=0c e4 a6 17 01 80 13 db 00 00 00 00 00 00 00 00, tuple=size=1)(bool), std::__1::tuple<bool>&&) at HandleMessage.h:134:5 frame #8: 0x000000011825caf0 WebKit`void IPC::handleMessage<Messages::WebFullScreenManager::SetAnimatingFullScreen, WebKit::WebFullScreenManager, WebKit::WebFullScreenManager, void (bool)>(connection=0x000000010503ca50, decoder=0x00000001055ae2a0, object=0x000000016852e880, function=0c e4 a6 17 01 80 13 db 00 00 00 00 00 00 00 00)(bool)) at HandleMessage.h:230:5 frame #9: 0x000000011825c1dc WebKit`WebKit::WebFullScreenManager::didReceiveWebFullScreenManagerMessage(this=0x000000016852e880, connection=0x000000010503ca50, decoder=0x00000001055ae2a0) at WebFullScreenManagerMessageReceiver.cpp:58:16 frame #10: 0x0000000117a6cb6c WebKit`WebKit::WebFullScreenManager::didReceiveMessage(this=0x000000016852e880, connection=0x000000010503ca50, decoder=0x00000001055ae2a0) at WebFullScreenManager.cpp:133:5 frame #11: 0x00000001182c8778 WebKit`WebKit::WebPage::didReceiveMessage(this=0x000000010980b208, connection=0x000000010503ca50, decoder=0x00000001055ae2a0) at WebPage.cpp:5458:30 frame #12: 0x0000000118866060 WebKit`IPC::MessageReceiverMap::dispatchMessage(this=0x00000001050409c8, connection=0x000000010503ca50, decoder=0x00000001055ae2a0) at MessageReceiverMap.cpp:129:26 frame #13: 0x00000001179e92d8 WebKit`WebKit::WebProcess::didReceiveMessage(this=0x0000000105040990, connection=0x000000010503ca50, decoder=0x00000001055ae2a0) at WebProcess.cpp:933:30 frame #14: 0x0000000118839f24 WebKit`IPC::Connection::dispatchMessage(this=0x000000010503ca50, decoder=0x00000001055ae2a0) at Connection.cpp:1197:15 frame #15: 0x000000011883a3e4 WebKit`IPC::Connection::dispatchMessage(this=0x000000010503ca50, message=IPC::Decoder @ 0x00000001055ae2a0) at Connection.cpp:1245:9 frame #16: 0x000000011883a758 WebKit`IPC::Connection::dispatchOneIncomingMessage(this=0x000000010503ca50) at Connection.cpp:1310:5 frame #17: 0x00000001188585ec WebKit`IPC::Connection::enqueueIncomingMessage(this=0x00000001054841d8)::$_17::operator()() const at Connection.cpp:1159:28 frame #18: 0x000000011885852c WebKit`WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_17, void>::call(this=0x00000001054841d0) at Function.h:53:39 frame #19: 0x0000000131c68290 JavaScriptCore`WTF::Function<void ()>::operator(this=0x000000016d9e9fa0)() const at Function.h:82:35 frame #20: 0x0000000131d009f0 JavaScriptCore`WTF::RunLoop::performWork(this=0x0000000105010100) at RunLoop.cpp:147:9 frame #21: 0x0000000131d05038 JavaScriptCore`WTF::RunLoop::performWork(context=0x0000000105010100) at RunLoopCF.cpp:46:37 frame #22: 0x000000019b8f69f8 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 frame #23: 0x000000019b8f698c CoreFoundation`__CFRunLoopDoSource0 + 176 frame #24: 0x000000019b8f66fc CoreFoundation`__CFRunLoopDoSources0 + 244 frame #25: 0x000000019b8f5304 CoreFoundation`__CFRunLoopRun + 828 frame #26: 0x000000019b8f4874 CoreFoundation`CFRunLoopRunSpecific + 612 frame #27: 0x000000019c868f0c Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 frame #28: 0x000000019c8e18cc Foundation`-[NSRunLoop(NSRunLoop) run] + 64 frame #29: 0x000000019b566594 libxpc.dylib`_xpc_objc_main + 860 frame #30: 0x000000019b565eb4 libxpc.dylib`xpc_main + 108 frame #31: 0x00000001167e5a4c WebKit`WebKit::XPCServiceMain((null)=1, (null)=0x000000016d9eb468) at XPCServiceMain.mm:207:5 frame #32: 0x000000011880a834 WebKit`WKXPCServiceMain(argc=1, argv=0x000000016d9eb468) at WKMain.mm:35:12 frame #33: 0x0000000102417f9c com.apple.WebKit.WebContent.Development`main(argc=1, argv=0x000000016d9eb468) at AuxiliaryProcessMain.cpp:30:12 frame #34: 0x000000019b4bff28 dyld`start + 2236 (lldb) ```

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2023-01-26 21:46:26 PST

<rdar://problem/104728830>

Jean-Yves Avenard [:jya]

Comment 2 2023-01-26 21:56:57 PST

In WKFullScreenWindowController finishedExitFullScreenAnimationAndExitImmediately, we have: ``` // These messages must be sent after the swap or flashing will occur during forceRepaint: [self _manager]->didExitFullScreen(); [self _manager]->setAnimatingFullScreen(false); ``` which calls via IPC: WebFullScreenManager::didExitFullScreen() which will call `WebFullScreenManager ::clearElement();` which sets m_element to nullptr followed by WebFullScreenManager::setAnimatingFullScreen() which asserts that m_element isn't null. This is a regression from bug 247991

Jean-Yves Avenard [:jya]

Comment 3 2023-01-26 23:00:43 PST

Pull request: https://github.com/WebKit/WebKit/pull/9208

Ryan Haddad

Comment 4 2023-01-27 14:41:48 PST

*** Bug 248093 has been marked as a duplicate of this bug. ***

EWS

Comment 5 2023-01-27 16:09:33 PST

Committed 259513@main (4bbaaeffdd01): <https://commits.webkit.org/259513@main> Reviewed commits have been landed. Closing PR #9208 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Media

Assignee

Jean-Yves Avenard [:jya]

Reported

2023-01-26 21:45 PST

Modified

2023-01-27 16:09 PST History

CC List

2 users Show

URL

Keywords InRadar

Duplicates (1)

248093 View as bug list

Depends on

Blocks