RESOLVED FIXED253965
REGRESSION (iOS 16.4): Chrome crashes in -[WKWebGeolocationPolicyDecider _executeNextChallenge] 
https://bugs.webkit.org/show_bug.cgi?id=253965
Summary REGRESSION (iOS 16.4): Chrome crashes in -[WKWebGeolocationPolicyDecider _exe...
Ali Juma
Reported 2023-03-15 08:03:22 PDT
Created attachment 465446 [details] Crash log Chrome for iOS is getting reports of a new crash in -[WKWebGeolocationPolicyDecider _executeNextChallenge] in iOS 16.4 beta, including the most recent seed (20E5229e). I've attached a crash log. The crash stack is: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000000 Thread 0 Crashed: 0 WebKit 0x00000001a56d1524 __54-[WKWebGeolocationPolicyDecider _executeNextChallenge]_block_invoke_3 + 28 (WKWebGeolocationPolicyDeciderIOS.mm:191) 1 UIKitCore 0x0000000194bcb5b0 -[UIAlertController _invokeHandlersForAction:] + 88 (UIAlertController.m:1204) 2 UIKitCore 0x0000000194d5b530 __103-[UIAlertController _dismissAnimated:triggeringAction:triggeredByPopoverDimmingView:dismissCompletion:]_block_invoke_2 + 36 (UIAlertController.m:1369) 3 UIKitCore 0x0000000194a1e1ec -[UIPresentationController transitionDidFinish:] + 1124 (UIPresentationController.m:601) 4 UIKitCore 0x0000000194f0a1a0 __56-[UIPresentationController runTransitionForCurrentState]_block_invoke.110 + 320 (UIPresentationController.m:1303) 5 UIKitCore 0x0000000194a57bbc -[_UIViewControllerTransitionContext completeTransition:] + 116 (UIViewControllerTransitioning.m:289) 6 UIKitCore 0x00000001958042fc __UIVIEW_IS_EXECUTING_ANIMATION_COMPLETION_BLOCK__ + 36 (UIView.m:15136) 7 UIKitCore 0x0000000194874324 -[UIViewAnimationBlockDelegate _didEndBlockAnimation:finished:context:] + 636 (UIView.m:15169) 8 UIKitCore 0x0000000194873280 -[UIViewAnimationState sendDelegateAnimationDidStop:finished:] + 436 (UIView.m:0) 9 UIKitCore 0x000000019487299c -[UIViewAnimationState animationDidStop:finished:] + 196 (UIView.m:2325) 10 UIKit 0x000000021c14cbf8 -[UIViewAnimationStateAccessibility animationDidStop:finished:] + 172 (UIViewAnimationStateAccessibility.m:106) 11 UIKitCore 0x0000000194872ab0 -[UIViewAnimationState animationDidStop:finished:] + 472 (UIView.m:2344) 12 UIKit 0x000000021c14cbf8 -[UIViewAnimationStateAccessibility animationDidStop:finished:] + 172 (UIViewAnimationStateAccessibility.m:106) 13 QuartzCore 0x0000000193c6bc64 CA::Layer::run_animation_callbacks(void*) + 232 (CALayer.mm:7337) 14 libdispatch.dylib 0x0000000199c01f48 _dispatch_client_callout + 20 (object.m:560) 15 libdispatch.dylib 0x0000000199c106cc _dispatch_main_queue_drain + 928 (inline_internal.h:2633) 16 libdispatch.dylib 0x0000000199c1031c _dispatch_main_queue_callback_4CF + 44 (queue.c:7916) 17 CoreFoundation 0x00000001927c5d18 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 16 (CFRunLoop.c:1780) 18 CoreFoundation 0x00000001927a7650 __CFRunLoopRun + 1992 (CFRunLoop.c:3147) 19 CoreFoundation 0x00000001927ac4dc CFRunLoopRunSpecific + 612 (CFRunLoop.c:3418) 20 GraphicsServices 0x00000001cd47d35c GSEventRunModal + 164 (GSEvent.c:2196) 21 UIKitCore 0x0000000194b42c48 -[UIApplication _run] + 888 (UIApplication.m:3773) 22 UIKitCore 0x0000000194b428ac UIApplicationMain + 340 (UIApplication.m:5363) 23 Chrome 0x00000001026394cc 0x1025c8000 + 464076 24 dyld 0x00000001b1c06dec start + 2220 (dyldMain.cpp:1165)
Attachments
Crash log (44.50 KB, text/plain)
2023-03-15 08:03 PDT, Ali Juma 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2023-03-15 12:14:40 PDT
<rdar://problem/106767100>
Chris Dumez
Comment 2 2023-03-15 15:33:52 PDT
Pull request: https://github.com/WebKit/WebKit/pull/11576
Chris Dumez
Comment 3 2023-03-15 15:40:04 PDT
Thanks for the report Ali. Have you been able to reproduce? I haven't found a way to reproduce yet but I have a speculative fix.
EWS
Comment 4 2023-03-15 20:13:09 PDT
Committed 261728@main (4429746eddd4): <https://commits.webkit.org/261728@main> Reviewed commits have been landed. Closing PR #11576 and removing active labels.
Ali Juma
Comment 5 2023-03-16 06:05:15 PDT
(In reply to Chris Dumez from comment #3) > Thanks for the report Ali. Have you been able to reproduce? > I haven't found a way to reproduce yet but I have a speculative fix. Thanks for the fix! I haven't been able to reproduce either. In Chrome's crash reports, it looks like all of the crashes are on pages where Chrome is showing an infobar on top of the WKWebView (the infobar that says "Translate page?" when on a page that isn't in the user's own language). So this might be similar to bug 251548, where we were crashing because of trying to present the same WebValidationBubbleViewController twice when a translate infobar was being displayed in Chrome. In that case, it was the the sliding-away effect of the infobar that seemed to trigger the logic to present the WebValidationBubbleViewController again.
Note You need to log in before you can comment on or make changes to this bug.