[webkit-changes] [WebKit/WebKit] e12d22: [iOS 17.4] Chrome crashes in -[WKSelectPicker rese...

Wenson Hsieh noreply at github.com
Tue Feb 13 11:05:48 PST 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: e12d22941da33206058b0f3077325bd23ed5b1d5
      https://github.com/WebKit/WebKit/commit/e12d22941da33206058b0f3077325bd23ed5b1d5
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/ios/CompactContextMenuPresenter.mm

  Log Message:
  -----------
  [iOS 17.4] Chrome crashes in -[WKSelectPicker resetContextMenuPresenter]
https://bugs.webkit.org/show_bug.cgi?id=269222
rdar://122843112

Reviewed by Aditya Keerthi.

Mitigate crashes in (`WKWebView`-based) Chrome on iOS while dismissing compact context menus under
`~CompactContextMenuPresenter`. Through means that are still unclear to me, Chrome prevents context
menus from being shown when their webpage translation feature is invoked. This prevents the targeted
preview container view from being added to the view hierarchy; the resulting context menu
interaction is still considered "presented" even though nothing is shown on screen.

In this state, if anything attempts to dismiss the menu with animation, we'll crash with an
exception as UIKit internally (and incorrectly) assumes that the targeted preview container must
still be in the view hierarchy from when it was presented, and attempts to create a preview target
with this unparented preview container view.

Since the call to `dismiss()` in this destructor is only here as a last resort to ensure that we
clean up context menu interactions and don't leave context menu views (or the hidden button view)
lingering around the view hierarchy, we can simply fix this by immediately dismissing the context
menu interaction without animation. This skips the UIKit code described above that crashes unless
the preview container view was parented, and allows us to keep this "last resort" cleanup logic
without otherwise affecting the dismissal animation.

* Source/WebKit/UIProcess/ios/CompactContextMenuPresenter.mm:
(WebKit::CompactContextMenuPresenter::~CompactContextMenuPresenter):

Canonical link: https://commits.webkit.org/274559@main

More information about the webkit-changes mailing list