Opened 3 years ago

Last modified 2 years ago

#4232 new defect

[HA crash] Fullscreen video playing

Reported by: pavelz Assignee:
Priority: Unknown Milestone:
Module: Adblock-Browser-for-iOS Keywords: cantfix
Cc: mario Blocked By:
Blocking: Platform: Adblock Browser for iOS
Ready: no Confidential: no
Tester: Unknown Verified working: no
Review URL(s):

Description

Environment

ABB 1.4.0 Appstore
iOS any version

How to reproduce

Reliable reproduction unknown. Happens when the user initiates fullscreen video playing from the browser, during the playback, or when finishing/exiting it.

Observed behaviour

Most frequent 1.4 crash (11% of all, 17% more than 2nd)
Reported from iOS9 only
https://rink.hockeyapp.net/manage/apps/310687/app_versions/23/crash_reasons/126718953
occurs in iOS platform code
https://github.com/WebKit/webkit/blob/master/Source/WebCore/platform/ios/WebVideoFullscreenControllerAVKit.mm#L483

Reported from iOS9 and iPads only
https://rink.hockeyapp.net/manage/apps/310687/app_versions/23/crash_reasons/126720519
occurs in iOS platform code
https://github.com/WebKit/webkit/blob/master/Source/WebCore/platform/ios/WebVideoFullscreenControllerAVKit.mm#L266

Reported across devices and iOS versions
https://rink.hockeyapp.net/manage/apps/310687/app_versions/23/crash_reasons/126730169
related WebKit filling
https://bugs.webkit.org/show_bug.cgi?id=138744
supposed fix
https://bugs.webkit.org/show_bug.cgi?id=137123
(was 1/3 of all crashes of Chrome/iOS in 2014, may be one of the reasons why Chrome migrated to WKWebView)
The patch that introduced the crashing function
https://bugs.webkit.org/show_bug.cgi?id=133366
https://github.com/WebKit/webkit/commit/92bb3b61a8d3f12401a2b0c83d3375eccace5f4c
The related compilation unit (h/mm file) is not in the WebKit head anymore
https://github.com/WebKit/webkit/tree/master/Source/WebCore/platform/ios

Expected behaviour

The crashes do not occur

Change History (6)

comment:2 Changed 3 years ago by pavelz

Correction. Full screen playback (youtube, news sites, etc.) does not invoke UIApplication.openURL. Must detect differently. Hint:
http://stackoverflow.com/questions/26027378/rotate-when-enters-a-video-in-ios-8

comment:3 Changed 3 years ago by pavelz

Crash reproduction scenario

  1. open a website with inline HTML5 videos (youtube, cnn). Play some video.
  2. Tap in the video to bring up the player controls. Click "Done" to exit fullscreen mode and return to webview.
  3. Tap the video in webview to continue playing.
  4. Repeat 2-3 until crash

The crash does not happen in debugging mode. But an exception is thrown, a description of which suggests that it plausibly is the crash cause:

This application is modifying the autolayout engine from a background thread, which can lead to engine corruption and weird crashes. This will cause an exception in a future release.

#0	0x0000000180dbbf48 in objc_exception_throw ()
#1	0x0000000181756cf8 in +[NSException raise:format:] ()
#2	0x0000000182207b2c in _AssertAutolayoutOnMainThreadOnly ()
#3	0x0000000182088c3c in -[NSISEngine withBehaviors:performModifications:] ()
#4	0x00000001869bcd98 in -[UIView(AdditionalLayoutSupport) _withAutomaticEngineOptimizationDisabledIfEngineExists:] ()
#5	0x00000001869bd8b0 in -[UIView(AdditionalLayoutSupport) updateConstraintsIfNeeded] ()
#6	0x000000018714b7f0 in -[UIView(AdditionalLayoutSupport) _updateConstraintsAtEngineLevelIfNeeded] ()
#7	0x0000000186bc8aa0 in -[UIView(Hierarchy) _updateConstraintsAsNecessaryAndApplyLayoutFromEngine] ()
#8	0x00000001868b01e4 in -[UIView(CALayerDelegate) layoutSublayersOfLayer:] ()
#9	0x0000000184242994 in -[CALayer layoutSublayers] ()
#10	0x000000018423d5d0 in CA::Layer::layout_if_needed(CA::Transaction*) ()
#11	0x000000018423d490 in CA::Layer::layout_and_display_if_needed(CA::Transaction*) ()
#12	0x000000018423cac0 in CA::Context::commit_transaction(CA::Transaction*) ()
#13	0x000000018423c820 in CA::Transaction::commit() ()
#14	0x0000000186416270 in ___ZN35WebVideoFullscreenControllerContext18setVideoLayerFrameEN7WebCore9FloatRectE_block_invoke_2 ()
#15	0x00000001863d8fa4 in HandleRunSource(void*) ()
#16	0x000000018170d09c in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ ()
#17	0x000000018170cb30 in __CFRunLoopDoSources0 ()
#18	0x000000018170a830 in __CFRunLoopRun ()
#19	0x0000000181634c50 in CFRunLoopRunSpecific ()
#20	0x000000018562261c in RunWebThread(void*) ()
#21	0x00000001813bbb28 in _pthread_body ()
#22	0x00000001813bba8c in _pthread_start ()
#23	0x00000001813b9028 in thread_start ()

At the current state of knowledge, we can't do anything about the crash. UIWebView itself is invoking autolayout code from WebThread, which results in race condition. This was supposedly fixed in WebKit in 2014 (!) but didn't get to UIWebView anymore. WKWebView does not exhibit this malfunction.

comment:4 Changed 3 years ago by mario

  • Cc mario added

comment:5 Changed 2 years ago by pavelz

Apparently somewhat fixed in iOS10.

With 1.5.1, the original error occurs only with iOS 9.x
https://rink.hockeyapp.net/manage/apps/310687/app_versions/27/crash_reasons/140007805
abour 4 times per day

keeps occuring in iOS10 but much less and in a different stack trace
https://rink.hockeyapp.net/manage/apps/310687/app_versions/27/crash_reasons/139965661
about once per day

comment:6 Changed 2 years ago by pavelz

  • Keywords cantfix added
Note: See TracTickets for help on using tickets.