[webkit-changes] [WebKit/WebKit] 7bccd6: Crash under WebCore::collectDescendantLayersAtPoint()
Simon Fraser
noreply at github.com
Fri Jan 17 17:34:50 PST 2025
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 7bccd6eb4c1e5548762f7b53d4f99dd31d9a0c94
https://github.com/WebKit/WebKit/commit/7bccd6eb4c1e5548762f7b53d4f99dd31d9a0c94
Author: Simon Fraser <simon.fraser at apple.com>
Date: 2025-01-17 (Fri, 17 Jan 2025)
Changed paths:
M Source/WebCore/page/scrolling/mac/ScrollingTreeMac.mm
M Source/WebCore/platform/graphics/cocoa/WebCoreCALayerExtras.h
M Source/WebCore/platform/graphics/cocoa/WebCoreCALayerExtras.mm
M Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteScrollingTreeMac.mm
Log Message:
-----------
Crash under WebCore::collectDescendantLayersAtPoint()
https://bugs.webkit.org/show_bug.cgi?id=286169
rdar://112855701
Reviewed by Tim Horton.
The UI process calls `collectDescendantLayersAtPoint()` on the scrolling thread
to hit-test layers, but this can be traversing the -sublayers array while other
threads mutate it.
So copy -sublayers. Also deploy RetainPtr in a few places in this code.
* Source/WebCore/page/scrolling/mac/ScrollingTreeMac.mm:
(ScrollingTreeMac::scrollingNodeForPoint):
(ScrollingTreeMac::eventListenerRegionTypesForPoint const):
* Source/WebCore/platform/graphics/cocoa/WebCoreCALayerExtras.h:
* Source/WebCore/platform/graphics/cocoa/WebCoreCALayerExtras.mm:
(WebCore::collectDescendantLayersAtPoint):
* Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteScrollingTreeMac.mm:
(WebKit::RemoteScrollingTreeMac::scrollingNodeForPoint):
(WebKit::RemoteScrollingTreeMac::eventListenerRegionTypesForPoint const):
Canonical link: https://commits.webkit.org/289093@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list