[Webkit-unassigned] [Bug 221565] [iOS] Crash in ValidationBubble::show()

Wed Feb 24 21:19:54 PST 2021

https://bugs.webkit.org/show_bug.cgi?id=221565

--- Comment #4 from Wenson Hsieh <wenson_hsieh at apple.com> ---
So from code inspection, there doesn't seem to be a guarantee that this member on ValidationBubble:

UIViewController *m_presentingViewController;

...is guaranteed to be zero-initialized. This means we might actually end up calling `-presentViewController:animated:completion:` on some arbitrary pointer value in the case where we fall down this early return if `fallbackViewController` comes up `nil`:

```
void ValidationBubble::setAnchorRect(const IntRect& anchorRect, UIViewController *presentingViewController)
{
    if (!presentingViewController)
        presentingViewController = fallbackViewController(m_view);

    if (!presentingViewController)
        return;
```

The fix should be simply initializing that member as `nil`, or wrapping it in a `WeakObjCPtr` so that it can be safely accessed. That said, I'm not sure why this just started in iOS 14...

Maybe something prior to iOS 14 happened to ensure that that member always ended up being nil in this corner case.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210225/2f336305/attachment.htm>