Title: [176996] trunk/Source/WebKit2
- Revision
- 176996
- Author
- m...@apple.com
- Date
- 2014-12-08 17:20:52 -0800 (Mon, 08 Dec 2014)
Log Message
<rdar://problem/18905383> [iOS] Crash due to null m_webPageProxyForBackForwardListForCurrentSwipe in ViewGestureController::endSwipeGesture
https://bugs.webkit.org/show_bug.cgi?id=138750
Reviewed by Tim Horton.
The snapshot for the current gesture was being removed mid-gesture by the callback from
dispatchAfterEnsuringDrawing scheduled by the previous gesture. The fix is to ignore the
callback for a gesture if it is made after the snapshot for that gesture has already been
removed (which can happen as a result of the watchdog timer firing).
* UIProcess/ios/ViewGestureControllerIOS.mm:
(WebKit::ViewGestureController::ViewGestureController): Initialize new member variable.
(WebKit::addLogEntry): Fixed the log message format.
(WebKit::ViewGestureController::endSwipeGesture): When dispatchAfterEnsuringDrawing() calls
us back, bail out if the gesture snapshot has already been removed.
(WebKit::ViewGestureController::removeSwipeSnapshot): Increment
m_gesturePendingSnapshotRemoval.
* UIProcess/mac/ViewGestureController.h: Added m_gesturePendingSnapshotRemoval member
variable.
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (176995 => 176996)
--- trunk/Source/WebKit2/ChangeLog 2014-12-09 01:17:35 UTC (rev 176995)
+++ trunk/Source/WebKit2/ChangeLog 2014-12-09 01:20:52 UTC (rev 176996)
@@ -1,3 +1,25 @@
+2014-12-08 Dan Bernstein <m...@apple.com>
+
+ <rdar://problem/18905383> [iOS] Crash due to null m_webPageProxyForBackForwardListForCurrentSwipe in ViewGestureController::endSwipeGesture
+ https://bugs.webkit.org/show_bug.cgi?id=138750
+
+ Reviewed by Tim Horton.
+
+ The snapshot for the current gesture was being removed mid-gesture by the callback from
+ dispatchAfterEnsuringDrawing scheduled by the previous gesture. The fix is to ignore the
+ callback for a gesture if it is made after the snapshot for that gesture has already been
+ removed (which can happen as a result of the watchdog timer firing).
+
+ * UIProcess/ios/ViewGestureControllerIOS.mm:
+ (WebKit::ViewGestureController::ViewGestureController): Initialize new member variable.
+ (WebKit::addLogEntry): Fixed the log message format.
+ (WebKit::ViewGestureController::endSwipeGesture): When dispatchAfterEnsuringDrawing() calls
+ us back, bail out if the gesture snapshot has already been removed.
+ (WebKit::ViewGestureController::removeSwipeSnapshot): Increment
+ m_gesturePendingSnapshotRemoval.
+ * UIProcess/mac/ViewGestureController.h: Added m_gesturePendingSnapshotRemoval member
+ variable.
+
2014-12-08 Anders Carlsson <ander...@apple.com>
The website data store should know all its associated pages
@@ -3733,7 +3755,7 @@
Two WKWebView internal methods are implemented in a category
https://bugs.webkit.org/show_bug.cgi?id=138728
- Reviewed by Tim HOrton.
+ Reviewed by Tim Horton.
Moved the implementations from the category to the class.
Modified: trunk/Source/WebKit2/UIProcess/ios/ViewGestureControllerIOS.mm (176995 => 176996)
--- trunk/Source/WebKit2/UIProcess/ios/ViewGestureControllerIOS.mm 2014-12-09 01:17:35 UTC (rev 176995)
+++ trunk/Source/WebKit2/UIProcess/ios/ViewGestureControllerIOS.mm 2014-12-09 01:20:52 UTC (rev 176996)
@@ -146,6 +146,7 @@
, m_swipeWatchdogTimer(RunLoop::main(), this, &ViewGestureController::swipeSnapshotWatchdogTimerFired)
, m_snapshotRemovalTargetRenderTreeSize(0)
, m_shouldRemoveSnapshotWhenTargetRenderTreeSizeHit(false)
+ , m_gesturePendingSnapshotRemoval(0)
{
viewGestureControllersForAllPages().add(webPageProxy.pageID(), this);
}
@@ -178,7 +179,7 @@
int size = WTF_ARRAY_LENGTH(stack);
WTFGetBacktrace(stack, &size);
StringBuilder stringBuilder;
- stringBuilder.append(String::format("%f [ ]", CFAbsoluteTimeGetCurrent()));
+ stringBuilder.append(String::format("%f [ ", CFAbsoluteTimeGetCurrent()));
for (int i = 2; i < size; ++i) {
if (i > 2)
stringBuilder.appendLiteral(", ");
@@ -335,9 +336,10 @@
if (auto drawingArea = m_webPageProxy.drawingArea()) {
uint64_t pageID = m_webPageProxy.pageID();
- drawingArea->dispatchAfterEnsuringDrawing([pageID] (CallbackBase::Error error) {
+ uint64_t gesturePendingSnapshotRemoval = m_gesturePendingSnapshotRemoval;
+ drawingArea->dispatchAfterEnsuringDrawing([pageID, gesturePendingSnapshotRemoval] (CallbackBase::Error error) {
auto gestureControllerIter = viewGestureControllersForAllPages().find(pageID);
- if (gestureControllerIter != viewGestureControllersForAllPages().end())
+ if (gestureControllerIter != viewGestureControllersForAllPages().end() && gestureControllerIter->value->m_gesturePendingSnapshotRemoval == gesturePendingSnapshotRemoval)
gestureControllerIter->value->willCommitPostSwipeTransitionLayerTree(error == CallbackBase::Error::None);
});
} else {
@@ -393,6 +395,8 @@
if (m_activeGestureType != ViewGestureType::Swipe)
return;
+ ++m_gesturePendingSnapshotRemoval;
+
#if USE(IOSURFACE)
if (m_currentSwipeSnapshotSurface)
m_currentSwipeSnapshotSurface->setIsVolatile(true);
Modified: trunk/Source/WebKit2/UIProcess/mac/ViewGestureController.h (176995 => 176996)
--- trunk/Source/WebKit2/UIProcess/mac/ViewGestureController.h 2014-12-09 01:17:35 UTC (rev 176995)
+++ trunk/Source/WebKit2/UIProcess/mac/ViewGestureController.h 2014-12-09 01:20:52 UTC (rev 176996)
@@ -215,6 +215,7 @@
bool m_shouldRemoveSnapshotWhenTargetRenderTreeSizeHit;
WeakObjCPtr<WKWebView> m_alternateBackForwardListSourceView;
RefPtr<WebPageProxy> m_webPageProxyForBackForwardListForCurrentSwipe;
+ uint64_t m_gesturePendingSnapshotRemoval;
#if ENABLE(VIEW_GESTURE_CONTROLLER_TRACING)
Vector<String> m_logEntries;
#endif
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
