Bug 212067

Summary: STP crash in __NSFrozenArrayM objectAtIndexedSubscript: (twitter, layout?)
Product: WebKit Reporter: Nigel Jones <nigel>
Component: Layout and RenderingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED MOVED    
Severity: Normal CC: bfulgham, simon.fraser, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: Safari Technology Preview   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
text file of crash dump none

Description Nigel Jones 2020-05-19 03:03:25 PDT 
Created attachment 399726 [details]
text file of crash dump

Using STN 106 for regular browsing on MacOS 10.15.5 beta 19F83c.
Was viewing my twitter stream at the time.
Browser window suddenly disappears - crashed.

Stacktrace includes:

Crashing on exception: *** -[__NSFrozenArrayM objectAtIndexedSubscript:]: index 6 beyond bounds [0 .. 4]

Application Specific Backtrace 1:
0   CoreFoundation                      0x00007fff3644dbe7 __exceptionPreprocess + 250
1   libobjc.A.dylib                     0x00007fff6f2265bf objc_exception_throw + 48
2   CoreFoundation                      0x00007fff364fc60e -[__NSCFString characterAtIndex:].cold.1 + 0
3   CoreFoundation                      0x00007fff363e4c49 -[__NSFrozenArrayM objectAtIndexedSubscript:] + 116
4   Safari                              0x0000000105c43587 -[BrowserWindowTabViewController tabViewItemAtIndex:] + 55
5   Safari                              0x0000000105975a35 -[BrowserWindowController functionBarProvider:thumbnailProviderForTabAtIndex:] + 60
6   Safari                              0x0000000105d2cd95 -[WindowFunctionBarProvider visualScrubberViewController:contentViewProviderForItemAtIndex:] + 53
7   Safari                              0x0000000105ce4a80 -[VisualScrubberViewController _configureScrubberItemView:forUseAtIndex:] + 87
8   Safari                              0x0000000105ce452b -[VisualScrubberViewController scrubber:viewForItemAtIndex:] + 154
9   AppKit                              0x00007fff33ced25c -[NSScrubberDocumentView createItemViewForIndex:] + 115
10  AppKit                              0x00007fff3397dffd -[NSScrubberDocumentView viewForItemAtIndex:creatingIfNeeded:] + 104
11  AppKit                              0x00007fff33ce91c7 -[NSScrubberDocumentView applyItemAttributes:startingAttributes:withState:] + 701
12  AppKit                              0x00007fff33ce6e0f __57-[NSScrubberDocumentView layoutScrubberContentsAnimated:]_block_invoke.357 + 153
13  AppKit                              0x00007fff336774d0 +[NSAnimationContext runAnimationGroup:] + 55
14  AppKit                              0x00007fff33ce6b47 -[NSScrubberDocumentView layoutScrubberContentsAnimated:] + 873
15  AppKit                              0x00007fff33ce67b5 -[NSScrubberDocumentView layout] + 122
16  AppKit                              0x00007fff336b9b9a _NSViewLayout + 600
17  AppKit                              0x00007fff336b963e -[NSView _layoutSubtreeWithOldSize:] + 388

but will add full log as attachment.

Also opening as 'feedback' item (please advise if one or other is preferable, or if both is good practice - I'm unclear)
Comment 1 Nigel Jones 2020-05-19 03:04:46 PDT 
Note - I had enabled the following experimental features above the default:

Auto HTTPs
Link preload responsive
LinkPrefetch
Capture video in UI process
Lazy Image loading
IsLoggedIn
Ad click attribution
NSURL WebSocket
Comment 2 Nigel Jones 2020-05-19 03:10:05 PDT 
Apple feedback report id: FB7707262
Comment 3 Simon Fraser (smfr) 2020-05-19 11:17:26 PDT 
That's in Safari code. We'll track it internally.
Comment 4 Radar WebKit Bug Importer 2020-05-19 11:17:36 PDT 
<rdar://problem/63405388>