crash at WebCore::FrameView::contentsSizeRespectingOverflow

Originator:davidkclark
Number:rdar://22889402 Date Originated:29-Sep-2015
Status:Duplicate of 22205197 Resolved:
Product:iOS Product Version:9.0
Classification:Crash/Hang/Data Loss Reproducible:Always
 
Summary:
Started getting this crash on iOS9 (and 9.1) from the day it was released.
Seems to happen when pushing a ViewController that has a UIWebView onto the view stack and then making a request on it.
It only seems to happen on select web pages, and we were able to modify our web page to mitigate somewhat the crash (removed some tracking scripts).

Steps to Reproduce:
Run test app.

What the test app does -
Repeatedly:
Instantiates a new view controller with a UIWebView
Pushes it onto the view stack
Loads a request in the UIWebView
Pops the view controller

Expected Results:
View slides in
Web page loads
View slides out
Repeat.

Actual Results:
After some 100s or 1000 requests the app crashes after the view slides in before the page loads.

Version:
iOS 9, 9.0, and 9.0.1

Notes:
Attached are crash logs from a live install, assembly dump from xcode, and minimal test app.
Other posts relevant here:
https://forums.developer.apple.com/thread/19354
https://bugs.webkit.org/show_bug.cgi?id=149495


Configuration:
iPhone 6 and 6+ mostly

Attachments:
'crash.log.txt', 'assembly.txt' and 'WebKitTest.zip' were successfully uploaded.

Comments

Original report closed, fixed in iOS 9.1

Apple Developer Relations04-Nov-2015 08:47 AM

Thank you for contacting us.

The original report on the issue, Bug ID 22205197, was closed and the resolution is “fixed in iOS 9.1”.

If you still see the issue, please file a new bug report on the newest OS available to you, and please include fresh diagnostics.

Please note that you will not be able to directly view the original report in order to keep its information confidential.

We will do our best to keep you informed as new information becomes available. Please check release notes regularly for changes affecting this issue.

If you have further questions about this issue or wish to check on the status, please update your report again using the Apple Bug Reporter http://bugreport.apple.com.

By davidkclark at Nov. 4, 2015, 12:39 a.m. (reply...)

I have been testing beta releases as they come out. Up to beta3 the issue was still present. With beta 4 the app no longer crashes, but it only runs for about 800 requests until it gets "Terminated due to memory issue". So something is still wrong here.

By davidkclark at Oct. 11, 2015, 11:46 p.m. (reply...)

crash.log.txt

Incident Identifier: F840C7EA-F269-4655-AD9D-15A6C8A86DCB
CrashReporter Key: A3BA29B3-8843-4ABA-A8C4-A4C6D0996F76
Hardware Model: iPad4,5

Process: HCWeb [834]
Path: /var/mobile/Containers/Bundle/Application/0F1F0B2D-CDD6-4283-BA04-78582C365FBC/HCWeb.app/HCWeb
Identifier: com.hotelscombined.findhotels
Version: 989
Code Type: ARM-64
Parent Process: ??? [1]

Date/Time: 2015-08-12T06:55:37Z
OS Version: iPhone OS 9.0 (13A4325c)
Report Version: 104

Exception Type: SIGSEGV
Exception Codes: SEGV_ACCERR at 0x100000057
Crashed Thread: 0

Thread 0 Crashed: 0 WebCore 0x00000001986e4128 WebCore::FrameView::contentsSizeRespectingOverflow() const + 128
1 WebKitLegacy 0x0000000199296774 -[WebView(WebPrivate) _contentsSizeRespectingOverflow] + 40
2 UIKit 0x000000018bea2e88 -[UIWebDocumentView _updateSize] + 496
3 CoreFoundation 0x00000001868e71e8 _CFNOTIFICATIONCENTERIS_CALLING_OUT_TO_AN_OBSERVER__ + 16
4 CoreFoundation 0x00000001868e6a08 _CFXRegistrationPost + 392
5 CoreFoundation 0x00000001868e6788 _CFXNotificationPost_block_invoke + 56
6 CoreFoundation 0x000000018694c2cc -[_CFXNotificationRegistrar find:object:observer:enumerator:] + 1528
7 CoreFoundation 0x0000000186827314 _CFXNotificationPost + 364
8 Foundation 0x000000018779245c -[NSNotificationCenter postNotificationName:object:userInfo:] + 64
9 CoreFoundation 0x00000001869475c0 __invoking___ + 140
10 CoreFoundation 0x00000001868450d4 -[NSInvocation invoke] + 280
11 WebCore 0x00000001982a9e04 HandleDelegateSource(void*) + 104
12 CoreFoundation 0x00000001868f90dc _CFRUNLOOPIS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 20
13 CoreFoundation 0x00000001868f8b70 __CFRunLoopDoSources0 + 536
14 CoreFoundation 0x00000001868f6870 __CFRunLoopRun + 720
15 CoreFoundation 0x00000001868258a0 CFRunLoopRunSpecific + 380
16 GraphicsServices 0x00000001916bc088 GSEventRunModal + 176
17 UIKit 0x000000018beba0d4 UIApplicationMain + 200
18 HCWeb 0x00000001000d1d7c main (main.m:18)
19 libdyld.dylib 0x000000019ba8a8b8 start + 0

By davidkclark at Oct. 5, 2015, 11:55 p.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!