[webkit-changes] [WebKit/WebKit] abc473: Crash in MomentumEventDispatcher::handleWheelEvent()

[Simon Fraser]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: abc473b91584189cf995d69d0a34194fa3f7720b
      https://github.com/WebKit/WebKit/commit/abc473b91584189cf995d69d0a34194fa3f7720b
  Author: Simon Fraser <simon.fraser at apple.com>
  Date:   2023-04-26 (Wed, 26 Apr 2023)

  Changed paths:
    M Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp

  Log Message:
  -----------
  Crash in MomentumEventDispatcher::handleWheelEvent()
https://bugs.webkit.org/show_bug.cgi?id=255885
rdar://108204029

Reviewed by Tim Horton.

A wheel event bouncing to the scrolling thread can race with RemoteLayerTreeEventDispatcher::invalidate()
and get handled after m_momentumEventDispatcher has been nulled out.

The scrolling thread entry points all already null-check the scrolling tree (whose access is thread-safe),
so we can null out m_scrollingTree in RemoteLayerTreeEventDispatcher::invalidate() as a reliable signal
that invalidation has happened.

Also standardize the "strongThis" vs "protectedThis" naming in this file.

* Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:
(WebKit::RemoteLayerTreeEventDispatcher::invalidate):
(WebKit::RemoteLayerTreeEventDispatcher::scrollingThreadHandleWheelEvent):
(WebKit::RemoteLayerTreeEventDispatcher::wheelEventHandlingCompleted):
(WebKit::RemoteLayerTreeEventDispatcher::startOrStopDisplayLink):
(WebKit::RemoteLayerTreeEventDispatcher::waitForRenderingUpdateCompletionOrTimeout):
(WebKit::RemoteLayerTreeEventDispatcher::flushMomentumEventLoggingSoon):

Canonical link: https://commits.webkit.org/263426@main