[webkit-changes] [WebKit/WebKit] fe72ea: [iOS] Occasional crash under -_updatePanGestureToP...

Wenson Hsieh noreply at github.com
Wed Jan 24 13:30:00 PST 2024


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: fe72eacc753b1a8dbbbb16a71bdb61883bd58cd8
      https://github.com/WebKit/WebKit/commit/fe72eacc753b1a8dbbbb16a71bdb61883bd58cd8
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-01-24 (Wed, 24 Jan 2024)

  Changed paths:
    M Source/WebKit/UIProcess/ios/WKBaseScrollView.mm

  Log Message:
  -----------
  [iOS] Occasional crash under -_updatePanGestureToPreventScrolling when resetting state after process termination
https://bugs.webkit.org/show_bug.cgi?id=268011
rdar://121329521

Reviewed by Simon Fraser.

This is a speculative fix for crashes in `-[WKBaseScrollView _updatePanGestureToPreventScrolling]`
while resetting UI-side state under `WebPageProxy::resetStateAfterProcessTermination`. From the
crashing stack, this appears to be triggered because:

1.  The overflow scroller is being removed from the view hierarchy.

2.  UIKit invokes gesture actions one final time, which (after the changes in 271171 at main) calls out
    to the `ScrollingTreeScrollingNodeDelegateIOS` to ask for active touch actions for the pan
    gesture.

3.  The scrolling tree node is already invalid at this point, the `RemoteScrollingTree` downcast
    fails and we crash.

Try to mitigate this by not calling into delegate for locked scrolling axes in the case where we're
either not in the view hierarchy, or we're in the middle of being removed from the view hierarchy.

* Source/WebKit/UIProcess/ios/WKBaseScrollView.mm:
(-[WKBaseScrollView removeFromSuperview]):
(-[WKBaseScrollView _axesToPreventScrollingFromDelegate]):

Canonical link: https://commits.webkit.org/273443@main




More information about the webkit-changes mailing list