[webkit-changes] [241349] trunk/Source/WebKit

[timothy_horton]

Title: [241349] trunk/Source/WebKit

Revision

241349

Author

timothy_hor...@apple.com

Date

2019-02-12 23:36:30 -0800 (Tue, 12 Feb 2019)

Log Message

Null deref in userInterfaceLayoutDirection under ViewGestureController::handleSwipeGesture
https://bugs.webkit.org/show_bug.cgi?id=194569
<rdar://problem/46711049>

Reviewed by Wenson Hsieh.

* UIProcess/mac/ViewGestureControllerMac.mm:
(WebKit::ViewGestureController::handleSwipeGesture):
It is conceivable that we could get here if the client closes the page
e.g. in the callback from willEndSwipeGesture. We already guarded against
this ... one line too late! Rearrange the lines so we don't call into
WebPageProxy at all if we don't have a drawing area (which is a strict subset
of the time that isValid would return true). This is a speculative fix,
since I can no longer reproduce the crash on demand.

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/UIProcess/mac/ViewGestureControllerMac.mm

Diff

Modified: trunk/Source/WebKit/ChangeLog (241348 => 241349)

--- trunk/Source/WebKit/ChangeLog	2019-02-13 07:13:07 UTC (rev 241348)
+++ trunk/Source/WebKit/ChangeLog	2019-02-13 07:36:30 UTC (rev 241349)
@@ -1,3 +1,20 @@
+2019-02-12  Tim Horton  <timothy_hor...@apple.com>
+
+        Null deref in userInterfaceLayoutDirection under ViewGestureController::handleSwipeGesture
+        https://bugs.webkit.org/show_bug.cgi?id=194569
+        <rdar://problem/46711049>
+
+        Reviewed by Wenson Hsieh.
+
+        * UIProcess/mac/ViewGestureControllerMac.mm:
+        (WebKit::ViewGestureController::handleSwipeGesture):
+        It is conceivable that we could get here if the client closes the page
+        e.g. in the callback from willEndSwipeGesture. We already guarded against
+        this ... one line too late! Rearrange the lines so we don't call into
+        WebPageProxy at all if we don't have a drawing area (which is a strict subset
+        of the time that isValid would return true). This is a speculative fix,
+        since I can no longer reproduce the crash on demand.
+
 2019-02-12  Youenn Fablet  <you...@apple.com>
 
         WebServiceWorkerProvider::handleFetch no longer needs a CachedResource parameter

Modified: trunk/Source/WebKit/UIProcess/mac/ViewGestureControllerMac.mm (241348 => 241349)

--- trunk/Source/WebKit/UIProcess/mac/ViewGestureControllerMac.mm	2019-02-13 07:13:07 UTC (rev 241348)
+++ trunk/Source/WebKit/UIProcess/mac/ViewGestureControllerMac.mm	2019-02-13 07:36:30 UTC (rev 241349)
@@ -544,11 +544,11 @@
 {
     ASSERT(m_activeGestureType == ViewGestureType::Swipe);
 
-    bool swipingLeft = isPhysicallySwipingLeft(direction);
-
     if (!m_webPageProxy.drawingArea())
         return;
 
+    bool swipingLeft = isPhysicallySwipingLeft(direction);
+
     double width;
     if (!m_customSwipeViews.isEmpty())
         width = m_currentSwipeCustomViewBounds.width();

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes