[webkit-changes] [177329] trunk/Source/WebKit2

[simon . fraser]

Title: [177329] trunk/Source/WebKit2

Revision

177329

Author

simon.fra...@apple.com

Date

2014-12-15 18:12:19 -0800 (Mon, 15 Dec 2014)

Log Message

[iOS WK2] Possible crash when setting the WKWebViews's scroll view delegate, if the scroll view outlives the web view
https://bugs.webkit.org/show_bug.cgi?id=139662
rdar://problem/18083882

Reviewed by Benjamin Poulain.

Null out the internal delegate on the WKScrollView when the WKWebView goes away, since
it's possible for a client to set its own scroll view delegate, forcing the creation of
a WKScrollViewDelegateForwarder, and then retain the UIScrollView past the lifetime of
the WKWebView. In this situation, the WKScrollViewDelegateForwarder's internalDelegate
would point to a deleted WKWebView.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView dealloc]):

Modified Paths

• trunk/Source/WebKit2/ChangeLog
• trunk/Source/WebKit2/UIProcess/API/Cocoa/WKWebView.mm

Diff

Modified: trunk/Source/WebKit2/ChangeLog (177328 => 177329)

--- trunk/Source/WebKit2/ChangeLog	2014-12-16 02:08:23 UTC (rev 177328)
+++ trunk/Source/WebKit2/ChangeLog	2014-12-16 02:12:19 UTC (rev 177329)
@@ -1,3 +1,20 @@
+2014-12-15  Simon Fraser  <simon.fra...@apple.com>
+
+        [iOS WK2] Possible crash when setting the WKWebViews's scroll view delegate, if the scroll view outlives the web view
+        https://bugs.webkit.org/show_bug.cgi?id=139662
+        rdar://problem/18083882
+
+        Reviewed by Benjamin Poulain.
+        
+        Null out the internal delegate on the WKScrollView when the WKWebView goes away, since
+        it's possible for a client to set its own scroll view delegate, forcing the creation of
+        a WKScrollViewDelegateForwarder, and then retain the UIScrollView past the lifetime of
+        the WKWebView. In this situation, the WKScrollViewDelegateForwarder's internalDelegate
+        would point to a deleted WKWebView.
+
+        * UIProcess/API/Cocoa/WKWebView.mm:
+        (-[WKWebView dealloc]):
+
 2014-12-15  Beth Dakin  <bda...@apple.com>
 
         Make lookup an immediate action instead of an action menu item

Modified: trunk/Source/WebKit2/UIProcess/API/Cocoa/WKWebView.mm (177328 => 177329)

--- trunk/Source/WebKit2/UIProcess/API/Cocoa/WKWebView.mm	2014-12-16 02:08:23 UTC (rev 177328)
+++ trunk/Source/WebKit2/UIProcess/API/Cocoa/WKWebView.mm	2014-12-16 02:12:19 UTC (rev 177329)
@@ -382,6 +382,7 @@
 #if PLATFORM(IOS)
     [[_configuration _contentProviderRegistry] removePage:*_page];
     [[NSNotificationCenter defaultCenter] removeObserver:self];
+    [_scrollView setInternalDelegate:nil];
 #endif
 
     pageToViewMap().remove(_page.get());

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes