Changeset 176996 in webkit


Ignore:
Timestamp:
Dec 8, 2014, 5:20:52 PM (10 years ago)
Author:
mitz@apple.com
Message:

<rdar://problem/18905383> [iOS] Crash due to null m_webPageProxyForBackForwardListForCurrentSwipe in ViewGestureController::endSwipeGesture
https://bugs.webkit.org/show_bug.cgi?id=138750

Reviewed by Tim Horton.

The snapshot for the current gesture was being removed mid-gesture by the callback from
dispatchAfterEnsuringDrawing scheduled by the previous gesture. The fix is to ignore the
callback for a gesture if it is made after the snapshot for that gesture has already been
removed (which can happen as a result of the watchdog timer firing).

  • UIProcess/ios/ViewGestureControllerIOS.mm:

(WebKit::ViewGestureController::ViewGestureController): Initialize new member variable.
(WebKit::addLogEntry): Fixed the log message format.
(WebKit::ViewGestureController::endSwipeGesture): When dispatchAfterEnsuringDrawing() calls
us back, bail out if the gesture snapshot has already been removed.
(WebKit::ViewGestureController::removeSwipeSnapshot): Increment
m_gesturePendingSnapshotRemoval.

  • UIProcess/mac/ViewGestureController.h: Added m_gesturePendingSnapshotRemoval member

variable.

Location:
trunk/Source/WebKit2
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit2/ChangeLog

    r176980 r176996  
     12014-12-08  Dan Bernstein  <mitz@apple.com>
     2
     3        <rdar://problem/18905383> [iOS] Crash due to null m_webPageProxyForBackForwardListForCurrentSwipe in ViewGestureController::endSwipeGesture
     4        https://bugs.webkit.org/show_bug.cgi?id=138750
     5
     6        Reviewed by Tim Horton.
     7
     8        The snapshot for the current gesture was being removed mid-gesture by the callback from
     9        dispatchAfterEnsuringDrawing scheduled by the previous gesture. The fix is to ignore the
     10        callback for a gesture if it is made after the snapshot for that gesture has already been
     11        removed (which can happen as a result of the watchdog timer firing).
     12
     13        * UIProcess/ios/ViewGestureControllerIOS.mm:
     14        (WebKit::ViewGestureController::ViewGestureController): Initialize new member variable.
     15        (WebKit::addLogEntry): Fixed the log message format.
     16        (WebKit::ViewGestureController::endSwipeGesture): When dispatchAfterEnsuringDrawing() calls
     17        us back, bail out if the gesture snapshot has already been removed.
     18        (WebKit::ViewGestureController::removeSwipeSnapshot): Increment
     19        m_gesturePendingSnapshotRemoval.
     20        * UIProcess/mac/ViewGestureController.h: Added m_gesturePendingSnapshotRemoval member
     21        variable.
     22
    1232014-12-08  Anders Carlsson  <andersca@apple.com>
    224
     
    37343756        https://bugs.webkit.org/show_bug.cgi?id=138728
    37353757
    3736         Reviewed by Tim HOrton.
     3758        Reviewed by Tim Horton.
    37373759
    37383760        Moved the implementations from the category to the class.

  • trunk/Source/WebKit2/UIProcess/ios/ViewGestureControllerIOS.mm

    r176204 r176996  
    147147    , m_snapshotRemovalTargetRenderTreeSize(0)
    148148    , m_shouldRemoveSnapshotWhenTargetRenderTreeSizeHit(false)
     149    , m_gesturePendingSnapshotRemoval(0)
    149150{
    150151    viewGestureControllersForAllPages().add(webPageProxy.pageID(), this);
     
    179180    WTFGetBacktrace(stack, &size);
    180181    StringBuilder stringBuilder;
    181     stringBuilder.append(String::format("%f [ ]", CFAbsoluteTimeGetCurrent()));
     182    stringBuilder.append(String::format("%f [ ", CFAbsoluteTimeGetCurrent()));
    182183    for (int i = 2; i < size; ++i) {
    183184        if (i > 2)
     
    336337    if (auto drawingArea = m_webPageProxy.drawingArea()) {
    337338        uint64_t pageID = m_webPageProxy.pageID();
    338         drawingArea->dispatchAfterEnsuringDrawing([pageID] (CallbackBase::Error error) {
     339        uint64_t gesturePendingSnapshotRemoval = m_gesturePendingSnapshotRemoval;
     340        drawingArea->dispatchAfterEnsuringDrawing([pageID, gesturePendingSnapshotRemoval] (CallbackBase::Error error) {
    339341            auto gestureControllerIter = viewGestureControllersForAllPages().find(pageID);
    340             if (gestureControllerIter != viewGestureControllersForAllPages().end())
     342            if (gestureControllerIter != viewGestureControllersForAllPages().end() && gestureControllerIter->value->m_gesturePendingSnapshotRemoval == gesturePendingSnapshotRemoval)
    341343                gestureControllerIter->value->willCommitPostSwipeTransitionLayerTree(error == CallbackBase::Error::None);
    342344        });
     
    394396        return;
    395397   
     398    ++m_gesturePendingSnapshotRemoval;
     399
    396400#if USE(IOSURFACE)
    397401    if (m_currentSwipeSnapshotSurface)

  • trunk/Source/WebKit2/UIProcess/mac/ViewGestureController.h

    r176133 r176996  
    216216    WeakObjCPtr<WKWebView> m_alternateBackForwardListSourceView;
    217217    RefPtr<WebPageProxy> m_webPageProxyForBackForwardListForCurrentSwipe;
     218    uint64_t m_gesturePendingSnapshotRemoval;
    218219#if ENABLE(VIEW_GESTURE_CONTROLLER_TRACING)
    219220    Vector<String> m_logEntries;
Note: See TracChangeset for help on using the changeset viewer.