Bug 238568

Summary: [iOS 15] Crash in WKChildScrollView's gesture recognizer
Product: WebKit Reporter: Ali Juma <ajuma>
Component: Layout and RenderingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED MOVED    
Severity: Normal CC: bfulgham, graouts, simon.fraser, thorton, webkit-bug-importer, wenson_hsieh, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Ali Juma
Reported 2022-03-30 12:17:53 PDT
Chrome for iOS is getting crashes in WKChildScrollView's gesture recognizer. The crash is an exception: CALayer bounds contains NaN: [#.# #.#; #.# #.#]. Layer: <CALayer:0x#; name = "scroll container"; position = CGPoint (# #); bounds = CGRect (# #; # #); delegate = <WKChildScrollView: 0x#; baseClass = UIScrollView We don't have steps to reproduce, but more than 1/3 of these crashes are on a sniffies.com profile pages, and this is only happening on iOS 15+ (including 15.4). The call stack is: 0x0000000180da305c (CoreFoundation + 0x0009905c) __exceptionPreprocess 0x00000001992bdf50 (libobjc.A.dylib + 0x00015f50) objc_exception_throw 0x0000000180dfa18c (CoreFoundation + 0x000f018c) +[NSException raise:format:] 0x0000000184a7eb38 (QuartzCore + 0x00022b38) CA::Layer::set_bounds(CA::Rect const&, bool) 0x0000000184b226c0 (QuartzCore + 0x000c66c0) -[CALayer setBounds:] 0x000000018332179c (UIKitCore + 0x0016d79c) -[UIView(Geometry) setBounds:] 0x000000018332e5bc (UIKitCore + 0x0017a5bc) -[UIScrollView setBounds:] 0x0000000183332550 (UIKitCore + 0x0017e550) -[UIScrollView setContentOffset:] 0x00000001833aba9c (UIKitCore + 0x001f7a9c) -[UIScrollView _updatePanGesture] 0x0000000183394524 (UIKitCore + 0x001e0524) -[UIGestureRecognizerTarget _sendActionWithGestureRecognizer:] 0x000000018335d170 (UIKitCore + 0x001a9170) _UIGestureRecognizerSendTargetActions 0x0000000183325ffc (UIKitCore + 0x00171ffc) _UIGestureRecognizerSendActions 0x000000018335f4e8 (UIKitCore + 0x001ab4e8) -[UIGestureRecognizer _updateGestureForActiveEvents] 0x000000018331769c (UIKitCore + 0x0016369c) _UIGestureEnvironmentUpdate 0x000000018334b658 (UIKitCore + 0x00197658) -[UIGestureEnvironment _updateForEvent:window:] 0x0000000183358678 (UIKitCore + 0x001a4678) -[UIWindow sendEvent:] 0x0000000183509404 (UIKitCore + 0x00355404) -[UIApplication sendEvent:] 0x000000018332b9cc (UIKitCore + 0x001779cc) __dispatchPreprocessedEventFromEventQueue 0x0000000183320608 (UIKitCore + 0x0016c608) __processEventQueue 0x0000000183325c64 (UIKitCore + 0x00171c64) __eventFetcherSourceCallback 0x0000000180dc502c (CoreFoundation + 0x000bb02c) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x0000000180dd5cec (CoreFoundation + 0x000cbcec) __CFRunLoopDoSource0 0x0000000180d0fff4 (CoreFoundation + 0x00005ff4) __CFRunLoopDoSources0 0x0000000180d15800 (CoreFoundation + 0x0000b800) __CFRunLoopRun 0x0000000180d293c4 (CoreFoundation + 0x0001f3c4) CFRunLoopRunSpecific 0x000000019c53a388 (GraphicsServices + 0x00001388) GSEventRunModal 0x00000001836cf05c (UIKitCore + 0x0051b05c) -[UIApplication _run] 0x000000018344cb88 (UIKitCore + 0x00298b88) UIApplicationMain 0x0000000102d8826c (Chrome - chrome_exe_main.mm: 65) main
Attachments
Add attachment proposed patch, testcase, etc.
Sam Sneddon [:gsnedders]
Comment 1 2022-04-05 14:04:47 PDT
<rdar://53304939> I think? If so, not iOS 15 specific.
Radar WebKit Bug Importer
Comment 2 2022-04-06 12:18:15 PDT
<rdar://problem/91369381>
Brent Fulgham
Comment 3 2022-06-23 16:24:11 PDT
The cause of this crash is outside of the WebKit project. Resolving this as MOVED, as the radar is with the correct component for the fix.
Brent Fulgham
Comment 4 2022-06-23 16:24:37 PDT
And yes, this is tracked by: rdar://53304939
Note You need to log in before you can comment on or make changes to this bug.