Bug 136271

Summary: Crashes in ViewGestureController::beginSwipeGesture when swiping in rapid succession
Product: WebKit Reporter: Tim Horton <thorton>
Component: WebKit2Assignee: Tim Horton <thorton>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, mitz, sam, simon.fraser
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch simon.fraser: review+

Tim Horton
Reported 2014-08-26 16:57:58 PDT
<rdar://problem/17923694> It was possible to get into trackSwipeGesture while another swipe was still occurring, because the guard against this happening depended on m_pendingSwipeReason never being set while a swipe was occurring. However, if the very first scroll event had sufficient magnitude, we would still set m_pendingSwipeReason to InsufficientMagnitude, and then *never clear it*, leading to a path around the guard against multiple live swipes. This in turn allowed stale layers in m_liveSwipeLayers, which lead to the crash.
Attachments
patch (3.17 KB, patch)
2014-08-26 16:59 PDT, Tim Horton 		simon.fraser: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Tim Horton
Comment 1 2014-08-26 16:59:15 PDT
Created attachment 237183 [details] patch
Tim Horton
Comment 2 2014-08-26 16:59:33 PDT
Comment on attachment 237183 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=237183&action=review > Source/WebKit2/ChangeLog:4 > + Need the bug URL (OOPS!). Gotta fill this in.
WebKit Commit Bot
Comment 3 2014-08-26 17:00:12 PDT
Attachment 237183 [details] did not pass style-queue: ERROR: Source/WebKit2/ChangeLog:1: ChangeLog entry has no bug number [changelog/bugnumber] [5] Total errors found: 1 in 2 files If any of these errors are false positives, please file a bug against check-webkit-style.
Tim Horton
Comment 4 2014-08-26 17:18:19 PDT
http://trac.webkit.org/changeset/172988
Note You need to log in before you can comment on or make changes to this bug.