Opened on 07/08/2016 at 10:48:58 AM
Last modified on 11/03/2016 at 08:55:41 AM
#4232 new defect
[HA crash] Fullscreen video playing
| Reported by: | pavelz | Assignee: | |
|---|---|---|---|
| Priority: | Unknown | Milestone: | |
| Module: | Adblock-Browser-for-iOS | Keywords: | cantfix |
| Cc: | mario | Blocked By: | |
| Blocking: | Platform: | Adblock Browser for iOS | |
| Ready: | no | Confidential: | no |
| Tester: | Unknown | Verified working: | no |
| Review URL(s): | |||
Description
Environment
ABB 1.4.0 Appstore
iOS any version
How to reproduce
Reliable reproduction unknown. Happens when the user initiates fullscreen video playing from the browser, during the playback, or when finishing/exiting it.
Observed behaviour
Most frequent 1.4 crash (11% of all, 17% more than 2nd)
Reported from iOS9 only
https://rink.hockeyapp.net/manage/apps/310687/app_versions/23/crash_reasons/126718953
occurs in iOS platform code
https://github.com/WebKit/webkit/blob/master/Source/WebCore/platform/ios/WebVideoFullscreenControllerAVKit.mm#L483
Reported from iOS9 and iPads only
https://rink.hockeyapp.net/manage/apps/310687/app_versions/23/crash_reasons/126720519
occurs in iOS platform code
https://github.com/WebKit/webkit/blob/master/Source/WebCore/platform/ios/WebVideoFullscreenControllerAVKit.mm#L266
Reported across devices and iOS versions
https://rink.hockeyapp.net/manage/apps/310687/app_versions/23/crash_reasons/126730169
related WebKit filling
https://bugs.webkit.org/show_bug.cgi?id=138744
supposed fix
https://bugs.webkit.org/show_bug.cgi?id=137123
(was 1/3 of all crashes of Chrome/iOS in 2014, may be one of the reasons why Chrome migrated to WKWebView)
The patch that introduced the crashing function
https://bugs.webkit.org/show_bug.cgi?id=133366
https://github.com/WebKit/webkit/commit/92bb3b61a8d3f12401a2b0c83d3375eccace5f4c
The related compilation unit (h/mm file) is not in the WebKit head anymore
https://github.com/WebKit/webkit/tree/master/Source/WebCore/platform/ios
Expected behaviour
The crashes do not occur
Attachments (0)
Change History (6)
comment:1 Changed on 07/08/2016 at 10:51:27 AM by pavelz
comment:2 Changed on 07/08/2016 at 12:00:53 PM by pavelz
Correction. Full screen playback (youtube, news sites, etc.) does not invoke UIApplication.openURL. Must detect differently. Hint:
http://stackoverflow.com/questions/26027378/rotate-when-enters-a-video-in-ios-8
comment:3 Changed on 07/11/2016 at 01:58:14 PM by pavelz
Crash reproduction scenario
- open a website with inline HTML5 videos (youtube, cnn). Play some video.
- Tap in the video to bring up the player controls. Click "Done" to exit fullscreen mode and return to webview.
- Tap the video in webview to continue playing.
- Repeat 2-3 until crash
The crash does not happen in debugging mode. But an exception is thrown, a description of which suggests that it plausibly is the crash cause:
This application is modifying the autolayout engine from a background thread, which can lead to engine corruption and weird crashes. This will cause an exception in a future release.
#0 0x0000000180dbbf48 in objc_exception_throw () #1 0x0000000181756cf8 in +[NSException raise:format:] () #2 0x0000000182207b2c in _AssertAutolayoutOnMainThreadOnly () #3 0x0000000182088c3c in -[NSISEngine withBehaviors:performModifications:] () #4 0x00000001869bcd98 in -[UIView(AdditionalLayoutSupport) _withAutomaticEngineOptimizationDisabledIfEngineExists:] () #5 0x00000001869bd8b0 in -[UIView(AdditionalLayoutSupport) updateConstraintsIfNeeded] () #6 0x000000018714b7f0 in -[UIView(AdditionalLayoutSupport) _updateConstraintsAtEngineLevelIfNeeded] () #7 0x0000000186bc8aa0 in -[UIView(Hierarchy) _updateConstraintsAsNecessaryAndApplyLayoutFromEngine] () #8 0x00000001868b01e4 in -[UIView(CALayerDelegate) layoutSublayersOfLayer:] () #9 0x0000000184242994 in -[CALayer layoutSublayers] () #10 0x000000018423d5d0 in CA::Layer::layout_if_needed(CA::Transaction*) () #11 0x000000018423d490 in CA::Layer::layout_and_display_if_needed(CA::Transaction*) () #12 0x000000018423cac0 in CA::Context::commit_transaction(CA::Transaction*) () #13 0x000000018423c820 in CA::Transaction::commit() () #14 0x0000000186416270 in ___ZN35WebVideoFullscreenControllerContext18setVideoLayerFrameEN7WebCore9FloatRectE_block_invoke_2 () #15 0x00000001863d8fa4 in HandleRunSource(void*) () #16 0x000000018170d09c in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ () #17 0x000000018170cb30 in __CFRunLoopDoSources0 () #18 0x000000018170a830 in __CFRunLoopRun () #19 0x0000000181634c50 in CFRunLoopRunSpecific () #20 0x000000018562261c in RunWebThread(void*) () #21 0x00000001813bbb28 in _pthread_body () #22 0x00000001813bba8c in _pthread_start () #23 0x00000001813b9028 in thread_start ()
At the current state of knowledge, we can't do anything about the crash. UIWebView itself is invoking autolayout code from WebThread, which results in race condition. This was supposedly fixed in WebKit in 2014 (!) but didn't get to UIWebView anymore. WKWebView does not exhibit this malfunction.
comment:4 Changed on 07/14/2016 at 09:25:25 AM by mario
- Cc mario added
comment:5 Changed on 11/03/2016 at 08:55:25 AM by pavelz
Apparently somewhat fixed in iOS10.
With 1.5.1, the original error occurs only with iOS 9.x
https://rink.hockeyapp.net/manage/apps/310687/app_versions/27/crash_reasons/140007805
abour 4 times per day
keeps occuring in iOS10 but much less and in a different stack trace
https://rink.hockeyapp.net/manage/apps/310687/app_versions/27/crash_reasons/139965661
about once per day
comment:6 Changed on 11/03/2016 at 08:55:41 AM by pavelz
- Keywords cantfix added
The first two crashes may be mitigated by more aggressive UIWebView delegate detaching, namely when UIApplication is taking over the asset loading
https://github.com/kitt-browser/kitt-core/blob/b7a9262b813ea0625671212a703198e413b8ee8c/src/WebView/SAContentWebView.m#L282
related evidence
http://stackoverflow.com/questions/19859414/unreproducible-webcore-crashes
http://stackoverflow.com/questions/26457204/how-to-fix-webcore-crashes-in-uiwebview