Title: [219859] branches/safari-604-branch/Source/WebKit
- Revision
- 219859
- Author
- [email protected]
- Date
- 2017-07-24 21:35:46 -0700 (Mon, 24 Jul 2017)
Log Message
Cherry-pick r219852. rdar://problem/33503476
Modified Paths
Diff
Modified: branches/safari-604-branch/Source/WebKit/ChangeLog (219858 => 219859)
--- branches/safari-604-branch/Source/WebKit/ChangeLog 2017-07-25 04:29:08 UTC (rev 219858)
+++ branches/safari-604-branch/Source/WebKit/ChangeLog 2017-07-25 04:35:46 UTC (rev 219859)
@@ -1,3 +1,25 @@
+2017-07-24 Jason Marcell <[email protected]>
+
+ Cherry-pick r219852. rdar://problem/33503476
+
+ 2017-07-24 Simon Fraser <[email protected]>
+
+ [iOS WK2] Crash under PageOverlayController::uninstallPageOverlay when doing multiple finds
+ https://bugs.webkit.org/show_bug.cgi?id=174806
+ rdar://problem/33501664
+
+ Reviewed by Tim Horton.
+
+ Calling TextIndicator::createWithSelectionInFrame can trigger layout via VisibleSelection code,
+ which can re-enter FindController::updateFindIndicator which has by now removed m_findIndicatorOverlay
+ from pageOverlayController's map, but not deleted it. The second call to uninstallPageOverlay()
+ thus crashes at m_overlayGraphicsLayers.take(&overlay)->removeFromParent().
+
+ Fix by nulling out m_findIndicatorOverlay as soon as we uninstall it.
+
+ * WebProcess/WebPage/ios/FindControllerIOS.mm:
+ (WebKit::FindController::updateFindIndicator):
+
2017-07-22 Jason Marcell <[email protected]>
Cherry-pick r219709. rdar://problem/33462692
Modified: branches/safari-604-branch/Source/WebKit/WebProcess/WebPage/ios/FindControllerIOS.mm (219858 => 219859)
--- branches/safari-604-branch/Source/WebKit/WebProcess/WebPage/ios/FindControllerIOS.mm 2017-07-25 04:29:08 UTC (rev 219858)
+++ branches/safari-604-branch/Source/WebKit/WebProcess/WebPage/ios/FindControllerIOS.mm 2017-07-25 04:35:46 UTC (rev 219859)
@@ -89,16 +89,16 @@
bool FindController::updateFindIndicator(Frame& selectedFrame, bool isShowingOverlay, bool shouldAnimate)
{
- if (m_findIndicatorOverlay)
+ if (m_findIndicatorOverlay) {
m_webPage->mainFrame()->pageOverlayController().uninstallPageOverlay(*m_findIndicatorOverlay, PageOverlay::FadeMode::DoNotFade);
-
- RefPtr<TextIndicator> textIndicator = TextIndicator::createWithSelectionInFrame(selectedFrame, findTextIndicatorOptions, TextIndicatorPresentationTransition::None, FloatSize(totalHorizontalMargin, totalVerticalMargin));
- if (!textIndicator) {
m_findIndicatorOverlay = nullptr;
m_isShowingFindIndicator = false;
- return false;
}
+ RefPtr<TextIndicator> textIndicator = TextIndicator::createWithSelectionInFrame(selectedFrame, findTextIndicatorOptions, TextIndicatorPresentationTransition::None, FloatSize(totalHorizontalMargin, totalVerticalMargin));
+ if (!textIndicator)
+ return false;
+
m_findIndicatorOverlayClient = std::make_unique<FindIndicatorOverlayClientIOS>(selectedFrame, textIndicator.get());
m_findIndicatorOverlay = PageOverlay::create(*m_findIndicatorOverlayClient, PageOverlay::OverlayType::Document);
m_webPage->mainFrame()->pageOverlayController().installPageOverlay(*m_findIndicatorOverlay, PageOverlay::FadeMode::DoNotFade);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
