192538 2018-12-09 00:17:22 -0800 [iOS device] Crash when attempting to call -[_WKAttachment info] for an editable image 2018-12-09 15:51:53 -0800 1 1 1 Unclassified WebKit WebKit2 WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 wenson_hsieh wenson_hsieh aestes bdakin commit-queue thorton webkit-bug-importer oldest_to_newest 1486414 0 wenson_hsieh 2018-12-09 00:17:22 -0800 An excerpt from the crash log, using the MobileAttachments test app: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000d32538f00 VM Region Info: 0xd32538f00 is not in any region. Bytes after previous region: 45404622593 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL MALLOC_NANO 0000000280000000-00000002a0000000 [512.0M] rw-/rwx SM=PRV ---> UNUSED SPACE AT END Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [4000] Triggered by Thread: 0 Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 libobjc.A.dylib objc_retain + 16 1 WebKit -[WKDrawingView PNGRepresentation] + 76 2 WebKit WTF::Function<WTF::RetainPtr<NSFileWrapper> ()>::CallableWrapper<WebKit::EditableImageController::associateWithAttachment(unsigned long long, WTF::String const&)::$_3>::call() + 60 3 WebKit API::Attachment::fileWrapper() const + 80 4 WebKit -[_WKAttachment info] + 88 5 MobileAttachments 0x104190000 + 59044 6 UIKitCore -[UITableView _createPreparedCellForGlobalRow:withIndexPath:willDisplay:] + 684 7 UIKitCore -[UITableView _createPreparedCellForGlobalRow:willDisplay:] + 84 8 UIKitCore -[UITableView _updateVisibleCellsNow:isRecursive:] + 2308 9 UIKitCore -[UITableView layoutSubviews] + 144 10 UIKitCore -[UIView(CALayerDelegate) layoutSublayersOfLayer:] + 1428 11 libobjc.A.dylib -[NSObject performSelector:withObject:] + 68 12 QuartzCore -[CALayer layoutSublayers] + 188 13 QuartzCore CA::Layer::layout_if_needed(CA::Transaction*) + 336 14 UIKitCore -[UIView(Hierarchy) layoutBelowIfNeeded] + 560 15 UIKitCore __86-[UISheetPresentationController setNestedPresentationIndex:withTransitionCoordinator:]_block_invoke_2 + 56 16 UIKitCore +[UIView(Animation) performWithoutAnimation:] + 112 17 UIKitCore __86-[UISheetPresentationController setNestedPresentationIndex:withTransitionCoordinator:]_block_invoke + 112 18 UIKitCore -[_UIViewControllerTransitionCoordinator _applyBlocks:releaseBlocks:] + 276 19 UIKitCore -[_UIViewControllerTransitionContext __runAlongsideAnimations] + 292 20 UIKitCore __63+[UIView(Animation) _setAlongsideAnimations:toRunByEndOfBlock:]_block_invoke + 36 21 UIKitCore -[UIViewAnimationState _runAlongsideAnimations] + 48 1486415 1 356912 wenson_hsieh 2018-12-09 00:24:05 -0800 Created attachment 356912 Patch 1486416 2 356912 thorton 2018-12-09 00:40:15 -0800 Comment on attachment 356912 Patch ... whoops. Also, how did I not run into this? 1486417 3 356912 commit-queue 2018-12-09 01:05:53 -0800 Comment on attachment 356912 Patch Clearing flags on attachment: 356912 Committed r239019: <https://trac.webkit.org/changeset/239019> 1486418 4 commit-queue 2018-12-09 01:05:54 -0800 All reviewed patches have been landed. Closing bug. 1486419 5 webkit-bug-importer 2018-12-09 01:06:22 -0800 <rdar://problem/46578922> 1486462 6 wenson_hsieh 2018-12-09 15:51:53 -0800 (In reply to Tim Horton from comment #2) > Comment on attachment 356912 [details] > Patch > > ... whoops. Also, how did I not run into this? Unsure :/ I am, however, able to reproduce this crash all the time without this patch. Maybe something in the OS changed? (doubtful, but possible) 356912 2018-12-09 00:24:05 -0800 2018-12-09 01:05:53 -0800 Patch bug-192538-20181209002405.patch text/plain 1593 wenson_hsieh U3VidmVyc2lvbiBSZXZpc2lvbjogMjM5MDA2CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0L0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCmluZGV4IDE4N2ZhNzc5ZTNjMmRkMTJk MjI5ZmRjN2ZlYjQ3MjQ2NjA2NWQzMGYuLjk5MjA4MzBhM2ZiOTk2MDg2NGE1YzQyMDUyNzI3MGQ0 MTE0ZTZlYzggMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCisrKyBiL1NvdXJj ZS9XZWJLaXQvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTcgQEAKKzIwMTgtMTItMDkgIFdlbnNvbiBI c2llaCAgPHdlbnNvbl9oc2llaEBhcHBsZS5jb20+CisKKyAgICAgICAgW2lPUyBkZXZpY2VdIENy YXNoIHdoZW4gYXR0ZW1wdGluZyB0byBjYWxsIC1bX1dLQXR0YWNobWVudCBpbmZvXSBmb3IgYW4g ZWRpdGFibGUgaW1hZ2UKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcu Y2dpP2lkPTE5MjUzOAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisg ICAgICAgIEZpeCB0aGUgY3Jhc2ggYnkgZW5zdXJpbmcgdGhhdCB0aGUgcmVzdWx0IG9mIGAtcmVu ZGVyZWREcmF3aW5nYCBzdXJ2aXZlcyBsb25nIGVub3VnaCB0byBiZSB3cmFwcGVkIGJ5IGEKKyAg ICAgICAgYFJldGFpblB0cmAgaW4gYC1QTkdSZXByZXNlbnRhdGlvbmAuIFRoaXMgaXNuJ3QgY3Vy cmVudGx5IHRlc3RhYmxlLCBzaW5jZSB0aGlzIGNvZGVwYXRoIGlzbid0IHN1cHBvcnRlZCBvbiB0 aGUKKyAgICAgICAgaU9TIHNpbXVsYXRvcjsgaW5zdGVhZCwgSSBtYW51YWxseSB2ZXJpZmllZCB1 c2luZyBNb2JpbGVBdHRhY2htZW50cy5hcHAuCisKKyAgICAgICAgKiBVSVByb2Nlc3MvaW9zL1dL RHJhd2luZ1ZpZXcubW06CisgICAgICAgICgtW1dLRHJhd2luZ1ZpZXcgcmVuZGVyZWREcmF3aW5n XSk6CisKIDIwMTgtMTItMDcgIFdlbnNvbiBIc2llaCAgPHdlbnNvbl9oc2llaEBhcHBsZS5jb20+ CiAKICAgICAgICAgW2lPU10gQ2FyZXQgaXMgb2JzY3VyZWQgYnkgZmluZ2VyIHdoZW4gZHJhZ2dp bmcgb3ZlciBhbiBlZGl0YWJsZSBlbGVtZW50CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0L1VJ UHJvY2Vzcy9pb3MvV0tEcmF3aW5nVmlldy5tbSBiL1NvdXJjZS9XZWJLaXQvVUlQcm9jZXNzL2lv cy9XS0RyYXdpbmdWaWV3Lm1tCmluZGV4IGQwZDkwM2RlYTcyNzkzNjZiZTM4YjA3YzllNDVjYjk1 ZGFkMmI2MGYuLmQ5MTRiOGNhZGE0MzBlZDhjNmU5YThkOGJmY2JkYWEyMTc5NjNmNmMgMTAwNjQ0 Ci0tLSBhL1NvdXJjZS9XZWJLaXQvVUlQcm9jZXNzL2lvcy9XS0RyYXdpbmdWaWV3Lm1tCisrKyBi L1NvdXJjZS9XZWJLaXQvVUlQcm9jZXNzL2lvcy9XS0RyYXdpbmdWaWV3Lm1tCkBAIC0xMjAsNyAr MTIwLDcgQEAgLSAoVUlJbWFnZSAqKXJlbmRlcmVkRHJhd2luZwogICAgIC8vIGFuIE5TRmlsZVdy YXBwZXIgdG8gYmUgYXZhaWxhYmxlIHN5bmNocm9ub3VzbHkuCiAgICAgZGlzcGF0Y2hfc3luYyhf cmVuZGVyUXVldWUuZ2V0KCksIF57IH0pOwogCi0gICAgcmV0dXJuIHJlc3VsdEltYWdlLmdldCgp OworICAgIHJldHVybiByZXN1bHRJbWFnZS5hdXRvcmVsZWFzZSgpOwogI2VuZGlmCiB9CiAK