Title: [219852] trunk/Source/WebKit
- Revision
- 219852
- Author
- [email protected]
- Date
- 2017-07-24 18:17:51 -0700 (Mon, 24 Jul 2017)
Log Message
[iOS WK2] Crash under PageOverlayController::uninstallPageOverlay when doing multiple finds
https://bugs.webkit.org/show_bug.cgi?id=174806
rdar://problem/33501664
Reviewed by Tim Horton.
Calling TextIndicator::createWithSelectionInFrame can trigger layout via VisibleSelection code,
which can re-enter FindController::updateFindIndicator which has by now removed m_findIndicatorOverlay
from pageOverlayController's map, but not deleted it. The second call to uninstallPageOverlay()
thus crashes at m_overlayGraphicsLayers.take(&overlay)->removeFromParent().
Fix by nulling out m_findIndicatorOverlay as soon as we uninstall it.
* WebProcess/WebPage/ios/FindControllerIOS.mm:
(WebKit::FindController::updateFindIndicator):
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (219851 => 219852)
--- trunk/Source/WebKit/ChangeLog 2017-07-25 00:51:11 UTC (rev 219851)
+++ trunk/Source/WebKit/ChangeLog 2017-07-25 01:17:51 UTC (rev 219852)
@@ -1,3 +1,21 @@
+2017-07-24 Simon Fraser <[email protected]>
+
+ [iOS WK2] Crash under PageOverlayController::uninstallPageOverlay when doing multiple finds
+ https://bugs.webkit.org/show_bug.cgi?id=174806
+ rdar://problem/33501664
+
+ Reviewed by Tim Horton.
+
+ Calling TextIndicator::createWithSelectionInFrame can trigger layout via VisibleSelection code,
+ which can re-enter FindController::updateFindIndicator which has by now removed m_findIndicatorOverlay
+ from pageOverlayController's map, but not deleted it. The second call to uninstallPageOverlay()
+ thus crashes at m_overlayGraphicsLayers.take(&overlay)->removeFromParent().
+
+ Fix by nulling out m_findIndicatorOverlay as soon as we uninstall it.
+
+ * WebProcess/WebPage/ios/FindControllerIOS.mm:
+ (WebKit::FindController::updateFindIndicator):
+
2017-07-24 Chris Dumez <[email protected]>
Fix lifetime management issue in ResourceLoadStatisticsPersistentStorage::scheduleOrWriteMemoryStore()
Modified: trunk/Source/WebKit/WebProcess/WebPage/ios/FindControllerIOS.mm (219851 => 219852)
--- trunk/Source/WebKit/WebProcess/WebPage/ios/FindControllerIOS.mm 2017-07-25 00:51:11 UTC (rev 219851)
+++ trunk/Source/WebKit/WebProcess/WebPage/ios/FindControllerIOS.mm 2017-07-25 01:17:51 UTC (rev 219852)
@@ -89,16 +89,16 @@
bool FindController::updateFindIndicator(Frame& selectedFrame, bool isShowingOverlay, bool shouldAnimate)
{
- if (m_findIndicatorOverlay)
+ if (m_findIndicatorOverlay) {
m_webPage->mainFrame()->pageOverlayController().uninstallPageOverlay(*m_findIndicatorOverlay, PageOverlay::FadeMode::DoNotFade);
-
- RefPtr<TextIndicator> textIndicator = TextIndicator::createWithSelectionInFrame(selectedFrame, findTextIndicatorOptions, TextIndicatorPresentationTransition::None, FloatSize(totalHorizontalMargin, totalVerticalMargin));
- if (!textIndicator) {
m_findIndicatorOverlay = nullptr;
m_isShowingFindIndicator = false;
- return false;
}
+ RefPtr<TextIndicator> textIndicator = TextIndicator::createWithSelectionInFrame(selectedFrame, findTextIndicatorOptions, TextIndicatorPresentationTransition::None, FloatSize(totalHorizontalMargin, totalVerticalMargin));
+ if (!textIndicator)
+ return false;
+
m_findIndicatorOverlayClient = std::make_unique<FindIndicatorOverlayClientIOS>(selectedFrame, textIndicator.get());
m_findIndicatorOverlay = PageOverlay::create(*m_findIndicatorOverlayClient, PageOverlay::OverlayType::Document);
m_webPage->mainFrame()->pageOverlayController().installPageOverlay(*m_findIndicatorOverlay, PageOverlay::FadeMode::DoNotFade);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
