[webkit-changes] [WebKit/WebKit] d29efa: [iOS 17.4] Crash in -[WKScrollingNodeScrollViewDel...
Wenson Hsieh
noreply at github.com
Thu Feb 1 15:22:52 PST 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d29efacb92f373cc441bef208b6705670c800ddc
https://github.com/WebKit/WebKit/commit/d29efacb92f373cc441bef208b6705670c800ddc
Author: Wenson Hsieh <wenson_hsieh at apple.com>
Date: 2024-02-01 (Thu, 01 Feb 2024)
Changed paths:
M Source/WebKit/UIProcess/RemoteLayerTree/ios/ScrollingTreeScrollingNodeDelegateIOS.h
M Source/WebKit/UIProcess/RemoteLayerTree/ios/ScrollingTreeScrollingNodeDelegateIOS.mm
Log Message:
-----------
[iOS 17.4] Crash in -[WKScrollingNodeScrollViewDelegate actingParentScrollViewForScrollView:]
https://bugs.webkit.org/show_bug.cgi?id=268492
rdar://122041538
Reviewed by Tim Horton.
This is a speculative fix for crashes underneath `-actingParentScrollViewForScrollView:`, due to
accessing (what is presumably) an invalid `ScrollingTreeScrollingNodeDelegateIOS` pointer. I wasn't
able to discover repro steps for this crash; however, from source inspection, it's unsafe for
`WKScrollingNodeScrollViewDelegate` to hold a raw pointer to `ScrollingTreeScrollingNodeDelegateIOS`,
since the ObjC delegate may outlive its C++ counterpart if anything (in system frameworks like
UIKit, or in WebKit itself) retains or autoreleases the ObjC delegate.
To fix this, we turn the raw `ScrollingTreeScrollingNodeDelegateIOS*` into a `WeakPtr`, and then
bail upon detecting a null `ScrollingTreeScrollingNodeDelegateIOS` delegate in various scroll view
delegate method implementations in `WKScrollingNodeScrollViewDelegate`.
* Source/WebKit/UIProcess/RemoteLayerTree/ios/ScrollingTreeScrollingNodeDelegateIOS.h:
* Source/WebKit/UIProcess/RemoteLayerTree/ios/ScrollingTreeScrollingNodeDelegateIOS.mm:
(-[WKScrollingNodeScrollViewDelegate initWithScrollingTreeNodeDelegate:]):
Also, make this initializer take a reference instead of a pointer, to make it clear that this can
only be initialized with a non-null `ScrollingTreeScrollingNodeDelegateIOS`.
(-[WKScrollingNodeScrollViewDelegate scrollViewDidScroll:]):
(-[WKScrollingNodeScrollViewDelegate scrollViewWillBeginDragging:]):
(-[WKScrollingNodeScrollViewDelegate scrollViewWillEndDragging:withVelocity:targetContentOffset:]):
(-[WKScrollingNodeScrollViewDelegate scrollViewDidEndDragging:willDecelerate:]):
(-[WKScrollingNodeScrollViewDelegate scrollViewDidEndDecelerating:]):
(-[WKScrollingNodeScrollViewDelegate scrollViewDidEndScrollingAnimation:]):
(-[WKScrollingNodeScrollViewDelegate cancelPointersForGestureRecognizer:]):
(-[WKScrollingNodeScrollViewDelegate axesToPreventScrollingForPanGestureInScrollView:]):
(-[WKScrollingNodeScrollViewDelegate parentScrollViewForScrollView:]):
(-[WKScrollingNodeScrollViewDelegate scrollView:handleScrollUpdate:completion:]):
(WebKit::ScrollingTreeScrollingNodeDelegateIOS::commitStateAfterChildren):
Canonical link: https://commits.webkit.org/273946@main
More information about the webkit-changes
mailing list