Changeset 185827 in webkit


Ignore:
Timestamp:
Jun 22, 2015, 7:32:48 AM (10 years ago)
Author:
Antti Koivisto
Message:

Crash replacing TabDocument in MobileSafari at WebKit: -[WKWebView(WKPrivate) _beginAnimatedResizeWithUpdates:]
https://bugs.webkit.org/show_bug.cgi?id=146201

Reviewed by Dan Bernstein.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _beginAnimatedResizeWithUpdates:]):

No repro but if for some reason [_contentView bounds] width is zero we'll compute +Inf targetScale
and then NaN contentOffset.x. Verified in lldb that this gives the exact crash signature seen.

Fix by checking that [_contentView bounds] is not empty like is done with other inputs.

Location:
trunk/Source/WebKit2
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • TabularUnified trunk/Source/WebKit2/ChangeLog

    r185825 r185827  
     12015-06-22  Antti Koivisto  <antti@apple.com>
     2
     3        Crash replacing TabDocument in MobileSafari at WebKit: -[WKWebView(WKPrivate) _beginAnimatedResizeWithUpdates:]
     4        https://bugs.webkit.org/show_bug.cgi?id=146201
     5
     6        Reviewed by Dan Bernstein.
     7
     8        * UIProcess/API/Cocoa/WKWebView.mm:
     9        (-[WKWebView _beginAnimatedResizeWithUpdates:]):
     10
     11        No repro but if for some reason [_contentView bounds] width is zero we'll compute +Inf targetScale
     12        and then NaN contentOffset.x. Verified in lldb that this gives the exact crash signature seen.
     13
     14        Fix by checking that [_contentView bounds] is not empty like is done with other inputs.
     15
    1162015-06-22  Carlos Garcia Campos  <cgarcia@igalia.com>
    217

  • TabularUnified trunk/Source/WebKit2/UIProcess/API/Cocoa/WKWebView.mm

    r185799 r185827  
    26232623    UIEdgeInsets newObscuredInsets = _obscuredInsets;
    26242624    CGRect futureUnobscuredRectInSelfCoordinates = UIEdgeInsetsInsetRect(newBounds, _obscuredInsets);
     2625    CGRect contentViewBounds = [_contentView bounds];
    26252626
    26262627    ASSERT_WITH_MESSAGE(!(_overridesMinimumLayoutSize && newMinimumLayoutSize.isEmpty()), "Clients controlling the layout size should maintain a valid layout size to minimize layouts.");
    2627     if (CGRectIsEmpty(newBounds) || newMinimumLayoutSize.isEmpty() || CGRectIsEmpty(futureUnobscuredRectInSelfCoordinates)) {
     2628    if (CGRectIsEmpty(newBounds) || newMinimumLayoutSize.isEmpty() || CGRectIsEmpty(futureUnobscuredRectInSelfCoordinates) || CGRectIsEmpty(contentViewBounds)) {
    26282629        _dynamicViewportUpdateMode = DynamicViewportUpdateMode::NotResizing;
    26292630        [self _frameOrBoundsChanged];
     
    26562657    [_resizeAnimationView addSubview:[_contentView unscaledView]];
    26572658
    2658     CGSize contentSizeInContentViewCoordinates = [_contentView bounds].size;
     2659    CGSize contentSizeInContentViewCoordinates = contentViewBounds.size;
    26592660    [_scrollView setMinimumZoomScale:std::min(newMinimumLayoutSize.width() / contentSizeInContentViewCoordinates.width, [_scrollView minimumZoomScale])];
    26602661    [_scrollView setMaximumZoomScale:std::max(newMinimumLayoutSize.width() / contentSizeInContentViewCoordinates.width, [_scrollView maximumZoomScale])];
Note: See TracChangeset for help on using the changeset viewer.