WebKit Bugzilla
Attachment 350058 Details for
Bug 189714
: [iOS] Crash under WebPageProxy::navigationGestureSnapshotWasRemoved()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-189714-20180918143054.patch (text/plain), 2.42 KB, created by
Chris Dumez
on 2018-09-18 14:30:55 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Chris Dumez
Created:
2018-09-18 14:30:55 PDT
Size:
2.42 KB
patch
obsolete
>Subversion Revision: 236154 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index efe33716a766bb1f017fb09dc61740fbf6196d4f..ea9777532d16f7d34e2636733ec944c023526eb4 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,25 @@ >+2018-09-18 Chris Dumez <cdumez@apple.com> >+ >+ [iOS] Crash under WebPageProxy::navigationGestureSnapshotWasRemoved() >+ https://bugs.webkit.org/show_bug.cgi?id=189714 >+ <rdar://problem/32839498> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ The ViewGestureController::removeSwipeSnapshot() implementation for iOS calls >+ navigationGestureSnapshotWasRemoved() on m_webPageProxyForBackForwardListForCurrentSwipe. >+ m_webPageProxyForBackForwardListForCurrentSwipe can differ from m_webPageProxy, and >+ is a RefPtr<>. This means that this WebPageProxy's WKWebView might have been deallocated, >+ in which case we'll crash when trying to use the pageClient in >+ WebPageProxy::navigationGestureSnapshotWasRemoved(). To address the issue, we now return >+ early in WebPageProxy::navigationGestureSnapshotWasRemoved() if m_isClosed is true, >+ after resetting m_isShowingNavigationGestureSnapshot to false but *before* trying to use >+ the pageClient. When a WKWebView is deallocated, it calls WebPageProxy::close(), which >+ sets m_isClosed to true. >+ >+ * UIProcess/WebPageProxy.cpp: >+ (WebKit::WebPageProxy::navigationGestureSnapshotWasRemoved): >+ > 2018-09-18 Alex Christensen <achristensen@webkit.org> > > Make WebPageProxy always have a API::NavigationClient instead of always having a API::LoaderClient and API::PolicyClient >diff --git a/Source/WebKit/UIProcess/WebPageProxy.cpp b/Source/WebKit/UIProcess/WebPageProxy.cpp >index 57a4d78fd2bf2c34197d485b8db4016a8df21cc4..e750d80130397f5fdad507d7ed3a157481208da6 100644 >--- a/Source/WebKit/UIProcess/WebPageProxy.cpp >+++ b/Source/WebKit/UIProcess/WebPageProxy.cpp >@@ -7105,6 +7105,11 @@ void WebPageProxy::navigationGestureSnapshotWasRemoved() > { > m_isShowingNavigationGestureSnapshot = false; > >+ // The ViewGestureController may call this method on a WebPageProxy whose view has been destroyed. In such case, >+ // we need to return early as the pageClient will not be valid below. >+ if (m_isClosed) >+ return; >+ > pageClient().didRemoveNavigationGestureSnapshot(); > > m_navigationClient->didRemoveNavigationGestureSnapshot(*this);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=350058">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 189714
: 350058