WebKit Bugzilla
Attachment 360697 Details for
Bug 194083
: iOS: Crash in InteractiveUpdateHandler set by ViewGestureController::beginSwipeGesture
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Fix attempt
bug-194083-20190130233954.patch (text/plain), 2.83 KB, created by
Ryosuke Niwa
on 2019-01-30 23:39:55 PST
(
hide
)
Description:
Fix attempt
Filename:
MIME Type:
Creator:
Ryosuke Niwa
Created:
2019-01-30 23:39:55 PST
Size:
2.83 KB
patch
obsolete
>Subversion Revision: 240692 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 878066d54b74f27623b8945b0bd057ed7277d8a0..5d4cb885d8153211ed32e836074e6ab5a83dc7f1 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,24 @@ >+2019-01-30 Ryosuke Niwa <rniwa@webkit.org> >+ >+ iOS: Crash in InteractiveUpdateHandler set by ViewGestureController::beginSwipeGesture >+ https://bugs.webkit.org/show_bug.cgi?id=194083 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ We think this crash is a regression from r236966. Prior to r236966, we could only called >+ removeSwipeSnapshot() only when m_provisionalOrSameDocumentLoadCallback was set but now >+ we can call it either when m_snapshotRemovalTracker::start was called, or it had been reset. >+ >+ Unfortunately no new tests since there is no reproducible test case, and neither API tests >+ nor layout tests seem to have the capability to trigger swipe gestures via UIGestureRecognizer, >+ which is required for this crash to occur. Notably, back-forward swipe tests I enabled in >+ r240765 bypass UIKit and emulates the action instead. >+ >+ * UIProcess/Cocoa/ViewGestureController.cpp: >+ (WebKit::ViewGestureController::didReachMainFrameLoadTerminalState): >+ * UIProcess/Cocoa/ViewGestureController.h: >+ (WebKit::ViewGestureController::SnapshotRemovalTracker::hasRemovalCallback const): >+ > 2019-01-29 Youenn Fablet <youenn@apple.com> > > Adopt new SPI to evaluate server certificate trust >diff --git a/Source/WebKit/UIProcess/Cocoa/ViewGestureController.cpp b/Source/WebKit/UIProcess/Cocoa/ViewGestureController.cpp >index 2b7030b4ffcd9fbfe644689fe7c93f2c019b4d21..5b9391bfaf0ba9b1b689be8407c14bebe0920d76 100644 >--- a/Source/WebKit/UIProcess/Cocoa/ViewGestureController.cpp >+++ b/Source/WebKit/UIProcess/Cocoa/ViewGestureController.cpp >@@ -188,7 +188,7 @@ void ViewGestureController::didRestoreScrollPosition() > > void ViewGestureController::didReachMainFrameLoadTerminalState() > { >- if (m_snapshotRemovalTracker.isPaused()) { >+ if (m_snapshotRemovalTracker.isPaused() && m_snapshotRemovalTracker.hasRemovalCallback()) { > removeSwipeSnapshot(); > return; > } >diff --git a/Source/WebKit/UIProcess/Cocoa/ViewGestureController.h b/Source/WebKit/UIProcess/Cocoa/ViewGestureController.h >index f902376410955d2c5fd184e9427572ff640088ab..a18fd8fa45a7a2a74a4df746f146311674ee5109 100644 >--- a/Source/WebKit/UIProcess/Cocoa/ViewGestureController.h >+++ b/Source/WebKit/UIProcess/Cocoa/ViewGestureController.h >@@ -179,6 +179,7 @@ private: > void pause() { m_paused = true; } > void resume(); > bool isPaused() const { return m_paused; } >+ bool hasRemovalCallback() const { return !!m_removalCallback; } > > bool eventOccurred(Events); > bool cancelOutstandingEvent(Events);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=360697">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 194083
:
360697
|
360698
|
360699