[Webkit-unassigned] [Bug 255162] New: Accessing stale RemoteScrollingCoordinatorProxy in [WKWebViewIOS _didFinishScrolling]

Fri Apr 7 12:03:49 PDT 2023

https://bugs.webkit.org/show_bug.cgi?id=255162

            Bug ID: 255162
           Summary: Accessing stale RemoteScrollingCoordinatorProxy in
                    [WKWebViewIOS _didFinishScrolling]
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P1
         Component: Scrolling
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: a_protyasha at apple.com
                CC: simon.fraser at apple.com,
                    webkit-bug-importer at group.apple.com

We're seeing runtime crashes at [WKWebViewIOS _didFinishScrolling] in situations where a web view is closed out during a scroll operation.

This regression surfaced from https://commits.webkit.org/260975@main because it (correctly) changed the relative order of destruction between the `DrawingAreaProxy` and the `RemoteScrollingCoordinatorProxy` (and the `RemoteScrollingTree` it encompasses), which meant that there could be situations where closing or switching out a web view in the middle of a scroll operation could lead to a null deref of the `RemoteScrollingCoordinatorProxy` held by the `WebPageProxy`.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230407/5a947d61/attachment.htm>