159776 2016-07-14 12:03:37 -0700 [WK2][iOS] Potential null dereference under ViewGestureController::beginSwipeGesture() 2016-07-14 14:40:09 -0700 1 1 1 Unclassified WebKit WebKit2 WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 cdumez cdumez commit-queue thorton webkit-bug-importer oldest_to_newest 1211072 0 cdumez 2016-07-14 12:03:37 -0700 Potential null dereference under ViewGestureController::beginSwipeGesture() of m_webPageProxy.backForwardList().currentItem(): Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x00000000000000f8 Triggered by Thread: 0 Filtered syslog: None found Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed ↩: 0 WebKit 0x00000001926c9380 WebKit::ViewGestureController::beginSwipeGesture(_UINavigationInteractiveTransitionBase*, WebKit::ViewGestureController::SwipeDirection) + 276 (RefPtr.h:64) 1 WebKit 0x00000001926c9380 WebKit::ViewGestureController::beginSwipeGesture(_UINavigationInteractiveTransitionBase*, WebKit::ViewGestureController::SwipeDirection) + 276 (ViewGestureControllerIOS.mm:173) 2 UIKit 0x000000018f1857fc -[_UINavigationInteractiveTransitionBase startInteractiveTransition] + 52 (_UINavigationParallaxTransition.m:785) 3 UIKit 0x000000018f185958 -[_UINavigationInteractiveTransitionBase handleNavigationTransition:] + 248 (_UINavigationParallaxTransition.m:805) 4 UIKit 0x000000018f4cf04c -[UIGestureRecognizerTarget _sendActionWithGestureRecognizer:] + 64 (UIGestureRecognizer.m:103) 5 UIKit 0x000000018f4d266c _UIGestureRecognizerSendTargetActions + 124 (UIGestureRecognizer.m:984) 6 UIKit 0x000000018f09e788 _UIGestureRecognizerSendActions + 532 (UIGestureRecognizer.m:1020) 7 UIKit 0x000000018ef3cfd8 -[UIGestureRecognizer _updateGestureWithEvent:buttonEvent:] + 1016 (UIGestureRecognizer.m:1067) 8 UIKit 0x000000018f4c2730 _UIGestureEnvironmentUpdate + 808 (UIGestureEnvironment.m:132) 9 UIKit 0x000000018f4c23b4 -[UIGestureEnvironment _deliverEvent:toGestureRecognizers:usingBlock:] + 408 (UIGestureEnvironment.m:1196) 10 UIKit 0x000000018f4c15ec -[UIGestureEnvironment _updateGesturesForEvent:window:] + 268 (UIGestureEnvironment.m:1105) 11 UIKit 0x000000018ef3b090 -[UIWindow sendEvent:] + 2960 (UIWindow.m:2288) 12 MobileSafari 0x00000001001421f8 -[MobileSafariWindow sendEvent:] + 76 (MobileSafariWindow.m:40) 13 UIKit 0x000000018ef0ba5c -[UIApplication sendEvent:] + 248 (UIApplication.m:10719) 14 UIKit 0x000000018f703d08 __dispatchPreprocessedEventFromEventQueue + 2832 (UIEventDispatcher.m:1424) 15 UIKit 0x000000018f6fd538 __handleEventQueue + 784 (UIEventDispatcher.m:1620) 16 CoreFoundation 0x0000000188fce418 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 (CFRunLoop.c:1943) 17 CoreFoundation 0x0000000188fcdd60 __CFRunLoopDoSources0 + 524 (CFRunLoop.c:1989) 18 CoreFoundation 0x0000000188fcb960 __CFRunLoopRun + 804 (CFRunLoop.c:2821) 19 CoreFoundation 0x0000000188efb8d8 CFRunLoopRunSpecific + 444 (CFRunLoop.c:3113) 20 GraphicsServices 0x000000018a903198 GSEventRunModal + 180 (GSEvent.c:2245) 21 UIKit 0x000000018ef76a64 -[UIApplication _run] + 664 (UIApplication.m:2651) 22 UIKit 0x000000018ef717d0 UIApplicationMain + 208 (UIApplication.m:4088) 23 MobileSafari 0x0000000100054e18 main + 1996 (main.m:168) 24 libdyld.dylib 0x0000000188a9c5b8 start + 4 1211074 1 cdumez 2016-07-14 12:04:37 -0700 <rdar://problem/22467100> 1211076 2 283666 cdumez 2016-07-14 12:08:17 -0700 Created attachment 283666 Patch 1211150 3 283666 cdumez 2016-07-14 14:40:04 -0700 Comment on attachment 283666 Patch Clearing flags on attachment: 283666 Committed r203242: <http://trac.webkit.org/changeset/203242> 1211151 4 cdumez 2016-07-14 14:40:09 -0700 All reviewed patches have been landed. Closing bug. 283666 2016-07-14 12:08:17 -0700 2016-07-14 14:40:04 -0700 Patch bug-159776-20160714120731.patch text/plain 2582 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMjAzMjMwCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKaW5kZXggOGIwMzM1ZGY3NTUwYmIx M2Y3OTkzMzVlMGJiMTk1MDliNjI0ZWE4MS4uYmMyODRlY2QzMjgwN2YyZGJhMjQ3N2RjMjFlMmI1 MTkwMDkzODY4MyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSw1ICsxLDI0IEBACiAyMDE2LTA3LTE0ICBDaHJp cyBEdW1leiAgPGNkdW1lekBhcHBsZS5jb20+CiAKKyAgICAgICAgW1dLMl1baU9TXSBQb3RlbnRp YWwgbnVsbCBkZXJlZmVyZW5jZSB1bmRlciBWaWV3R2VzdHVyZUNvbnRyb2xsZXI6OmJlZ2luU3dp cGVHZXN0dXJlKCkKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dp P2lkPTE1OTc3NgorICAgICAgICA8cmRhcjovL3Byb2JsZW0vMjI0NjcxMDA+CisKKyAgICAgICAg UmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgUG90ZW50aWFsIG51bGwgZGVy ZWZlcmVuY2UgdW5kZXIgVmlld0dlc3R1cmVDb250cm9sbGVyOjpiZWdpblN3aXBlR2VzdHVyZSgp IG9mOgorICAgICAgICBtX3dlYlBhZ2VQcm94eS5iYWNrRm9yd2FyZExpc3QoKS5jdXJyZW50SXRl bSgpCisKKyAgICAgICAgVGhlIGNsaWVudCBzaWRlIGlzIGV4cGVjdGVkIHRvIGNhbGwgVmlld0dl c3R1cmVDb250cm9sbGVyOjpjYW5Td2lwZUluRGlyZWN0aW9uKCkgYnV0CisgICAgICAgIHRoaXMg b25seSBndWFyYW50ZWVzIHRoYXQgdGhlIG1fYWx0ZXJuYXRlQmFja0ZvcndhcmRMaXN0U291cmNl VmlldydzIGN1cnJlbnRJdGVtIGlzCisgICAgICAgIG5vbi1udWxsIHdoZW4gbV9hbHRlcm5hdGVC YWNrRm9yd2FyZExpc3RTb3VyY2VWaWV3IGlzIG5vbi1udWxsLiBJdCBkb2VzIG5vdCBndWFyYW50 ZWUKKyAgICAgICAgdGhhdCBtX3dlYlBhZ2VQcm94eSdzIGN1cnJlbnRJdGVtIGlzIG5vbi1udWxs LgorCisgICAgICAgICogVUlQcm9jZXNzL2lvcy9WaWV3R2VzdHVyZUNvbnRyb2xsZXJJT1MubW06 CisgICAgICAgIChXZWJLaXQ6OlZpZXdHZXN0dXJlQ29udHJvbGxlcjo6YmVnaW5Td2lwZUdlc3R1 cmUpOgorCisyMDE2LTA3LTE0ICBDaHJpcyBEdW1leiAgPGNkdW1lekBhcHBsZS5jb20+CisKICAg ICAgICAgUG9zc2libGUgY3Jhc2ggdW5kZXIgTmF2aWdhdGlvblN0YXRlOjpOYXZpZ2F0aW9uQ2xp ZW50Ojpwcm9jZXNzRGlkQ3Jhc2goKQogICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9z aG93X2J1Zy5jZ2k/aWQ9MTU5NzczCiAgICAgICAgIDxyZGFyOi8vcHJvYmxlbS8xOTgxNDIxNT4K ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL1VJUHJvY2Vzcy9pb3MvVmlld0dlc3R1cmVDb250 cm9sbGVySU9TLm1tIGIvU291cmNlL1dlYktpdDIvVUlQcm9jZXNzL2lvcy9WaWV3R2VzdHVyZUNv bnRyb2xsZXJJT1MubW0KaW5kZXggNmY5MTE3NjU0MGJkZWNiNTMxMGI3YmQ5NjRiNjlkNjU2ZTZi MzAzYi4uMTFlMmY5ZjllZjZlMTIwOWRmMmNmZWViYzQ5NGRjMzQ2MDdiZTIyMCAxMDA2NDQKLS0t IGEvU291cmNlL1dlYktpdDIvVUlQcm9jZXNzL2lvcy9WaWV3R2VzdHVyZUNvbnRyb2xsZXJJT1Mu bW0KKysrIGIvU291cmNlL1dlYktpdDIvVUlQcm9jZXNzL2lvcy9WaWV3R2VzdHVyZUNvbnRyb2xs ZXJJT1MubW0KQEAgLTE2OSw4ICsxNjksMTAgQEAgdm9pZCBWaWV3R2VzdHVyZUNvbnRyb2xsZXI6 OmJlZ2luU3dpcGVHZXN0dXJlKF9VSU5hdmlnYXRpb25JbnRlcmFjdGl2ZVRyYW5zaXRpb24KIAog ICAgIC8vIENvcHkgdGhlIHNuYXBzaG90IGZyb20gdGhpcyB2aWV3IHRvIHRoZSBvbmUgdGhhdCBv d25zIHRoZSBiYWNrIGZvcndhcmQgbGlzdCwgc28gdGhhdAogICAgIC8vIHN3aXBpbmcgZm9yd2Fy ZCB3aWxsIGhhdmUgdGhlIGNvcnJlY3Qgc25hcHNob3QuCi0gICAgaWYgKG1fd2ViUGFnZVByb3h5 Rm9yQmFja0ZvcndhcmRMaXN0Rm9yQ3VycmVudFN3aXBlICE9ICZtX3dlYlBhZ2VQcm94eSkKLSAg ICAgICAgYmFja0ZvcndhcmRMaXN0LmN1cnJlbnRJdGVtKCktPnNldFNuYXBzaG90KG1fd2ViUGFn ZVByb3h5LmJhY2tGb3J3YXJkTGlzdCgpLmN1cnJlbnRJdGVtKCktPnNuYXBzaG90KCkpOworICAg IGlmIChtX3dlYlBhZ2VQcm94eUZvckJhY2tGb3J3YXJkTGlzdEZvckN1cnJlbnRTd2lwZSAhPSAm bV93ZWJQYWdlUHJveHkpIHsKKyAgICAgICAgaWYgKGF1dG8qIGN1cnJlbnRWaWV3SGlzdG9yeUl0 ZW0gPSBtX3dlYlBhZ2VQcm94eS5iYWNrRm9yd2FyZExpc3QoKS5jdXJyZW50SXRlbSgpKQorICAg ICAgICAgICAgYmFja0ZvcndhcmRMaXN0LmN1cnJlbnRJdGVtKCktPnNldFNuYXBzaG90KGN1cnJl bnRWaWV3SGlzdG9yeUl0ZW0tPnNuYXBzaG90KCkpOworICAgIH0KIAogICAgIFJlZlB0cjxXZWJC YWNrRm9yd2FyZExpc3RJdGVtPiB0YXJnZXRJdGVtID0gZGlyZWN0aW9uID09IFN3aXBlRGlyZWN0 aW9uOjpCYWNrID8gYmFja0ZvcndhcmRMaXN0LmJhY2tJdGVtKCkgOiBiYWNrRm9yd2FyZExpc3Qu Zm9yd2FyZEl0ZW0oKTsKIAo=