Bug 136271

Summary: Crashes in ViewGestureController::beginSwipeGesture when swiping in rapid succession
Product: WebKit Reporter: Tim Horton <thorton>
Component: WebKit2Assignee: Tim Horton <thorton>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, mitz, sam, simon.fraser
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch simon.fraser: review+

Description Tim Horton 2014-08-26 16:57:58 PDT 
<rdar://problem/17923694>

It was possible to get into trackSwipeGesture while another swipe was still occurring, because the guard against this happening depended on m_pendingSwipeReason never being set while a swipe was occurring. However, if the very first scroll event had sufficient magnitude, we would still set m_pendingSwipeReason to InsufficientMagnitude, and then *never clear it*, leading to a path around the guard against multiple live swipes. This in turn allowed stale layers in m_liveSwipeLayers, which lead to the crash.
Comment 1 Tim Horton 2014-08-26 16:59:15 PDT 
Created attachment 237183 [details]
patch
Comment 2 Tim Horton 2014-08-26 16:59:33 PDT 
Comment on attachment 237183 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=237183&action=review

> Source/WebKit2/ChangeLog:4
> +        Need the bug URL (OOPS!).

Gotta fill this in.
Comment 3 WebKit Commit Bot 2014-08-26 17:00:12 PDT 
Attachment 237183 [details] did not pass style-queue:


ERROR: Source/WebKit2/ChangeLog:1:  ChangeLog entry has no bug number  [changelog/bugnumber] [5]
Total errors found: 1 in 2 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 4 Tim Horton 2014-08-26 17:18:19 PDT 
http://trac.webkit.org/changeset/172988