[Webkit-unassigned] [Bug 232812] New: -[WKSyntheticTapGestureRecognizer setState:] wild pointer crash

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Nov 8 04:46:49 PST 2021 

https://bugs.webkit.org/show_bug.cgi?id=232812

            Bug ID: 232812
           Summary: -[WKSyntheticTapGestureRecognizer setState:] wild
                    pointer crash
           Product: WebKit
           Version: WebKit Local Build
          Hardware: iPhone / iPad
                OS: All
            Status: NEW
          Severity: Blocker
          Priority: P2
         Component: Accessibility
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: 664095924 at qq.com
                CC: andresg_22 at apple.com,
                    webkit-bug-importer at group.apple.com

There are many crash like this in my project

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x000030315f596270

Thread 0 Crashed:
0   libobjc.A.dylib                 0x00000001aced016c objc_msgSend (in libobjc.A.dylib) + 44
1   WebKit                          0x00000001a4f52ff0 -[WKSyntheticTapGestureRecognizer setState:] (in WebKit) + 96
2   UIKitCore                       0x000000019b5a8988 -[UITapRecognizer tooSlow:] (in UIKitCore) + 72
3   Foundation                      0x000000019a478104 __NSFireDelayedPerform (in Foundation) + 404
4   CoreFoundation                  0x00000001990df0a8 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (in CoreFoundation) + 28
5   CoreFoundation                  0x00000001990deca8 __CFRunLoopDoTimer (in CoreFoundation) + 1016
6   CoreFoundation                  0x00000001990de17c __CFRunLoopDoTimers (in CoreFoundation) + 324
7   CoreFoundation                  0x00000001990d84b4 __CFRunLoopRun (in CoreFoundation) + 1948
8   CoreFoundation                  0x00000001990d77d0 CFRunLoopRunSpecific (in CoreFoundation) + 572
9   GraphicsServices                0x00000001af819570 GSEventRunModal (in GraphicsServices) + 160
10  UIKitCore                       0x000000019ba042d0 -[UIApplication _run] (in UIKitCore) + 1052
11  UIKitCore                       0x000000019ba0984c UIApplicationMain (in UIKitCore) + 164
12  bigoshow                        0x000000010260c590 main (in bigoshow) (main.m:45)
13  libdyld.dylib                   0x0000000198db6140 start (in libdyld.dylib) + 4

I located the problem in this line of code
[_gestureFailedTarget performSelector:_gestureFailedAction withObject:self];

_gestureFailedTarget is not set to nil when WKContentView is released,I think this code should be added here
[_doubleTapGestureRecognizer setGestureFailedTarget:nil action:nil];
- (void)cleanUpInteraction
{
...
    [_singleTapGestureRecognizer setDelegate:nil];
    [_singleTapGestureRecognizer setGestureIdentifiedTarget:nil action:nil];
    [_singleTapGestureRecognizer setResetTarget:nil action:nil];
    [_singleTapGestureRecognizer setSupportingWebTouchEventsGestureRecognizer:nil];
    [self removeGestureRecognizer:_singleTapGestureRecognizer.get()];

    [_highlightLongPressGestureRecognizer setDelegate:nil];
    [self removeGestureRecognizer:_highlightLongPressGestureRecognizer.get()];

    [_longPressGestureRecognizer setDelegate:nil];
    [self removeGestureRecognizer:_longPressGestureRecognizer.get()];

    [_doubleTapGestureRecognizer setDelegate:nil];
    [_doubleTapGestureRecognizer setGestureFailedTarget:nil action:nil];
    [self removeGestureRecognizer:_doubleTapGestureRecognizer.get()];
...
}

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211108/d7a4eb7d/attachment.htm>

More information about the webkit-unassigned mailing list