[webkit-changes] [WebKit/WebKit] bfcdfe: v3: [iOS] Safari sometimes crashes under -[UIPrevi...

Mon, 05 Jan 2026 15:53:56 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: bfcdfee15158f9a2692b7c951b156728e0a1dfa6
      
https://github.com/WebKit/WebKit/commit/bfcdfee15158f9a2692b7c951b156728e0a1dfa6
  Author: Wenson Hsieh <[email protected]>
  Date:   2026-01-05 (Mon, 05 Jan 2026)

  Changed paths:
    A 
LayoutTests/fast/events/touch/ios/long-press-context-menu-while-navigating-expected.txt
    A 
LayoutTests/fast/events/touch/ios/long-press-context-menu-while-navigating.html
    M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm

  Log Message:
  -----------
  v3: [iOS] Safari sometimes crashes under -[UIPreviewTarget 
initWithContainer:center:transform:]
https://bugs.webkit.org/show_bug.cgi?id=304946
rdar://167561826

Reviewed by Abrar Rahman Protyasha.

When long-pressing links in the navigation menu on https://ccrjustice.org/, 
there's a `touchstart`
event handler that triggers mainframe navigation — this races against the long 
press context menu
gesture (in particular, when the preview hint is created and added to the 
window).

In the case where:

1. UIKit asks for the `-highlightPreviewForItemWithIdentifier:`
2. The mainframe navigation is committed
3. UIKit proceeds with context menu presentation

...we crash after step (3), because the context menu hint container is forcibly 
removed from the
window at step (2). While we have guard rails to try and prevent this in the 
form of early returns
inside `-_removeContextMenuHintContainerIfPossible`, 
`-_didCommitLoadForMainFrame` bypasses them
altogether, because it directly calls into 
`-_removeContainerForContextMenuHintPreviews`.

To fix this, replace those with calls to 
`-_removeContextMenuHintContainerIfPossible`, which will
avoid removing the context menu hint container in the case where it's still 
being used.

Test: fast/events/touch/ios/long-press-context-menu-while-navigating.html

* 
LayoutTests/fast/events/touch/ios/long-press-context-menu-while-navigating-expected.txt:
 Added.
* 
LayoutTests/fast/events/touch/ios/long-press-context-menu-while-navigating.html:
 Added.
* Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView cleanUpInteraction]):

Remove a redundant call to `-_removeContextMenuHintContainerIfPossible` 
(previously, it called both
`_removeContextMenuHintContainerIfPossible` and 
`_removeContainerForContextMenuHintPreviews` which
will just remove the container anyways).

(-[WKContentView cleanUpInteractionPreviewContainers]):
(-[WKContentView _didCommitLoadForMainFrame]):

Canonical link: https://commits.webkit.org/305129@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to