Title: [172990] branches/safari-600.1-branch/Source/WebKit2
- Revision
- 172990
- Author
- [email protected]
- Date
- 2014-08-26 17:34:48 -0700 (Tue, 26 Aug 2014)
Log Message
Merge r172988. <rdar://problem/17923694>
Modified Paths
Diff
Modified: branches/safari-600.1-branch/Source/WebKit2/ChangeLog (172989 => 172990)
--- branches/safari-600.1-branch/Source/WebKit2/ChangeLog 2014-08-27 00:19:13 UTC (rev 172989)
+++ branches/safari-600.1-branch/Source/WebKit2/ChangeLog 2014-08-27 00:34:48 UTC (rev 172990)
@@ -1,5 +1,37 @@
2014-08-26 Dana Burkart <[email protected]>
+ Merge r172988. <rdar://problem/17923694>
+
+ 2014-08-26 Tim Horton <[email protected]>
+
+ Crashes in ViewGestureController::beginSwipeGesture when swiping in rapid succession
+ https://bugs.webkit.org/show_bug.cgi?id=136271
+ <rdar://problem/17923694>
+
+ Reviewed by Simon Fraser.
+
+ It was possible to get into trackSwipeGesture while another swipe was still
+ occurring, because the guard against this happening depended on m_pendingSwipeReason
+ never being set while a swipe was occurring. However, if the very first scroll event
+ had sufficient magnitude, we would still set m_pendingSwipeReason to InsufficientMagnitude,
+ and then *never clear it*, leading to a path around the guard against multiple live swipes.
+ This in turn allowed stale layers in m_liveSwipeLayers, which lead to the crash.
+
+ * UIProcess/mac/ViewGestureControllerMac.mm:
+ (WebKit::ViewGestureController::handleScrollWheelEvent):
+ Don't unset m_pendingSwipeReason before calling trackSwipeGesture;
+ trackSwipeGesture will do it itself.
+
+ Don't set m_pendingSwipeReason to InsufficientMagnitude
+ if the event actually *has* sufficient magnitude to start a swipe.
+
+ (WebKit::ViewGestureController::trackSwipeGesture):
+ Assert that we don't have an active gesture while starting a swipe.
+
+ Reset m_pendingSwipeReason, because the swipe is no longer pending!
+
+2014-08-26 Dana Burkart <[email protected]>
+
Merge r172966. <rdar://problem/18107826>
2014-08-26 Tim Horton <[email protected]>
Modified: branches/safari-600.1-branch/Source/WebKit2/UIProcess/mac/ViewGestureControllerMac.mm (172989 => 172990)
--- branches/safari-600.1-branch/Source/WebKit2/UIProcess/mac/ViewGestureControllerMac.mm 2014-08-27 00:19:13 UTC (rev 172989)
+++ branches/safari-600.1-branch/Source/WebKit2/UIProcess/mac/ViewGestureControllerMac.mm 2014-08-27 00:34:48 UTC (rev 172990)
@@ -324,7 +324,6 @@
if (m_pendingSwipeReason == PendingSwipeReason::InsufficientMagnitude) {
if (deltaIsSufficientToBeginSwipe(event)) {
- m_pendingSwipeReason = PendingSwipeReason::None;
trackSwipeGesture(event, m_pendingSwipeDirection);
return true;
}
@@ -343,8 +342,8 @@
return false;
}
- m_pendingSwipeReason = PendingSwipeReason::InsufficientMagnitude;
if (!deltaIsSufficientToBeginSwipe(event)) {
+ m_pendingSwipeReason = PendingSwipeReason::InsufficientMagnitude;
m_pendingSwipeDirection = direction;
return true;
}
@@ -375,6 +374,9 @@
void ViewGestureController::trackSwipeGesture(NSEvent *event, SwipeDirection direction)
{
+ ASSERT(m_activeGestureType == ViewGestureType::None);
+ m_pendingSwipeReason = PendingSwipeReason::None;
+
m_webPageProxy.recordNavigationSnapshot();
CGFloat maxProgress = (direction == SwipeDirection::Left) ? 1 : 0;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
