Skip to site navigation (Press enter)

[webkit-changes] [234719] trunk/Source/WebKit

timothy_horton Wed, 08 Aug 2018 21:37:13 -0700

Title: [234719] trunk/Source/WebKit

Revision: 234719
Author: [email protected]
Date: 2018-08-08 21:36:34 -0700 (Wed, 08 Aug 2018)

Log Message

Yet more crashes in MobileSafari under -[WKFormInputSession setSuggestions:]
https://bugs.webkit.org/show_bug.cgi?id=188427
<rdar://problem/43064672>


Reviewed by Wenson Hsieh.

Speculatively fix more crashes seen under setSuggestions.

* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKFormInputSession isValid]):
(-[WKFormInputSession setSuggestions:]):
(-[WKFormInputSession invalidate]):
Belt-and-suspenders fix: use WeakObjCPtr for WKFormInputSession's WKContentView reference.

(-[WKContentView _startAssistingNode:userIsInteracting:blurPreviousNode:changingActivityState:userObject:]):
Invalidate the WKFormInputSession before replacing it; we theorize that
there is a path in which we get here without having previously called stopAssistingNode.
Most of the code is OK with this, but this leaves WKFormInputSession
with a raw reference to WKContentView which can later become stale.

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm

Diff

Modified: trunk/Source/WebKit/ChangeLog (234718 => 234719)


--- trunk/Source/WebKit/ChangeLog	2018-08-09 04:32:39 UTC (rev 234718)
+++ trunk/Source/WebKit/ChangeLog	2018-08-09 04:36:34 UTC (rev 234719)
@@ -1,3 +1,25 @@
+2018-08-08  Tim Horton  <[email protected]>
+
+        Yet more crashes in MobileSafari under -[WKFormInputSession setSuggestions:]
+        https://bugs.webkit.org/show_bug.cgi?id=188427
+        <rdar://problem/43064672>
+
+        Reviewed by Wenson Hsieh.
+
+        Speculatively fix more crashes seen under setSuggestions.
+
+        * UIProcess/ios/WKContentViewInteraction.mm:
+        (-[WKFormInputSession isValid]):
+        (-[WKFormInputSession setSuggestions:]):
+        (-[WKFormInputSession invalidate]):
+        Belt-and-suspenders fix: use WeakObjCPtr for WKFormInputSession's WKContentView reference.
+
+        (-[WKContentView _startAssistingNode:userIsInteracting:blurPreviousNode:changingActivityState:userObject:]):
+        Invalidate the WKFormInputSession before replacing it; we theorize that
+        there is a path in which we get here without having previously called stopAssistingNode.
+        Most of the code is OK with this, but this leaves WKFormInputSession
+        with a raw reference to WKContentView which can later become stale.
+
 2018-08-08  Don Olmstead  <[email protected]>
 
         [Curl] Surface additional NetworkLoadMetrics

Modified: trunk/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm (234718 => 234719)


--- trunk/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm	2018-08-09 04:32:39 UTC (rev 234718)
+++ trunk/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm	2018-08-09 04:36:34 UTC (rev 234719)
@@ -291,7 +291,7 @@
 @end
 
 @implementation WKFormInputSession {
-    WKContentView *_contentView;
+    WeakObjCPtr<WKContentView> _contentView;
     RetainPtr<WKFocusedElementInfo> _focusedElementInfo;
     RetainPtr<UIView> _customInputView;
     RetainPtr<NSArray<UITextSuggestion *>> _suggestions;
@@ -324,7 +324,7 @@
 
 - (BOOL)isValid
 {
-    return _contentView != nil;
+    return !!_contentView;
 }
 
 - (NSString *)accessoryViewCustomButtonTitle
@@ -391,7 +391,7 @@
 
 - (void)setSuggestions:(NSArray<UITextSuggestion *> *)suggestions
 {
-    id <UITextInputSuggestionDelegate> suggestionDelegate = (id <UITextInputSuggestionDelegate>)_contentView.inputDelegate;
+    id <UITextInputSuggestionDelegate> suggestionDelegate = (id <UITextInputSuggestionDelegate>)[_contentView inputDelegate];
     _suggestions = adoptNS([suggestions copy]);
     [suggestionDelegate setSuggestions:suggestions];
 }
@@ -403,7 +403,7 @@
 
 - (void)invalidate
 {
-    id <UITextInputSuggestionDelegate> suggestionDelegate = (id <UITextInputSuggestionDelegate>)_contentView.inputDelegate;
+    id <UITextInputSuggestionDelegate> suggestionDelegate = (id <UITextInputSuggestionDelegate>)[_contentView inputDelegate];
     [suggestionDelegate setSuggestions:nil];
     _contentView = nil;
 }
@@ -4121,8 +4121,10 @@
     bool delegateImplementsWillStartInputSession = [inputDelegate respondsToSelector:@selector(_webView:willStartInputSession:)];
     bool delegateImplementsDidStartInputSession = [inputDelegate respondsToSelector:@selector(_webView:didStartInputSession:)];
 
-    if (delegateImplementsWillStartInputSession || delegateImplementsDidStartInputSession)
+    if (delegateImplementsWillStartInputSession || delegateImplementsDidStartInputSession) {
+        [_formInputSession invalidate];
         _formInputSession = adoptNS([[WKFormInputSession alloc] initWithContentView:self focusedElementInfo:focusedElementInfo.get() requiresStrongPasswordAssistance:_focusRequiresStrongPasswordAssistance]);
+    }
 
     if (delegateImplementsWillStartInputSession)
         [inputDelegate _webView:_webView willStartInputSession:_formInputSession.get()];

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes