[webkit-changes] [WebKit/WebKit] 83013c: AX: Scrolling a PDF with VoiceOver enabled causes ...

Tyler Wilcock noreply at github.com
Fri Feb 17 10:13:07 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 83013c6d19ebb5430aa94c4a813ceeebc71951e2
      https://github.com/WebKit/WebKit/commit/83013c6d19ebb5430aa94c4a813ceeebc71951e2
  Author: Tyler Wilcock <tyler_w at apple.com>
  Date:   2023-02-17 (Fri, 17 Feb 2023)

  Changed paths:
    A LayoutTests/accessibility/mac/scrolling-in-pdf-crash-expected.txt
    A LayoutTests/accessibility/mac/scrolling-in-pdf-crash.html
    A LayoutTests/accessibility/resources/simple-webkit-pdf-2-pages.pdf
    M LayoutTests/platform/mac-wk1/TestExpectations
    M Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm

  Log Message:
  -----------
  AX: Scrolling a PDF with VoiceOver enabled causes a crash
https://bugs.webkit.org/show_bug.cgi?id=252335
rdar://105470972

Reviewed by Chris Fleizach.

This crash happens as a result of this sequence:

  1. A request comes in on the secondary accessibility thread to scroll
     the PDF (`-[PDFAccessibilityNodePage scrollToVisible]`).
  2. This request makes it way through WebKit and WebCore, ending up at
     `ScrollbarsControllerMac::notifyContentAreaScrolled`
  3. `if (scrollableArea().isHandlingWheelEvent())` evaluates to true,
     so we `sendContentAreaScrolledSoon` (which attempts to start a timer)
  4. This timer was created on the main-thread, and all of this is
     happening on the accessibility thread, so we crash (because timers
     cannot be accessed outside their originating thread)

This patch fixes this bug by dispatching `-[WKPDFLayerControllerDelegate updateScrollPosition]`
to the main runloop.

* LayoutTests/accessibility/mac/scrolling-in-pdf-crash-expected.txt: Added.
* LayoutTests/accessibility/mac/scrolling-in-pdf-crash.html: Added.
* LayoutTests/accessibility/resources/simple-webkit-pdf-2-pages.pdf: Added.
* LayoutTests/platform/mac-wk1/TestExpectations:
Skip new test. PDF embeds don't reliably load in WK1.
* Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm:
(-[WKPDFLayerControllerDelegate updateScrollPosition:]):
Dispatch to the main runloop.

Canonical link: https://commits.webkit.org/260451@main

More information about the webkit-changes mailing list