Bug 159776

Summary: [WK2][iOS] Potential null dereference under ViewGestureController::beginSwipeGesture()
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebKit2Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, thorton, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Chris Dumez 2016-07-14 12:03:37 PDT
Potential null dereference under ViewGestureController::beginSwipeGesture() of m_webPageProxy.backForwardList().currentItem():
Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x00000000000000f8
Triggered by Thread:  0

Filtered syslog:
None found
Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed ↩:
0   WebKit                        	0x00000001926c9380 WebKit::ViewGestureController::beginSwipeGesture(_UINavigationInteractiveTransitionBase*, WebKit::ViewGestureController::SwipeDirection) + 276 (RefPtr.h:64)
1   WebKit                        	0x00000001926c9380 WebKit::ViewGestureController::beginSwipeGesture(_UINavigationInteractiveTransitionBase*, WebKit::ViewGestureController::SwipeDirection) + 276 (ViewGestureControllerIOS.mm:173)
2   UIKit                         	0x000000018f1857fc -[_UINavigationInteractiveTransitionBase startInteractiveTransition] + 52 (_UINavigationParallaxTransition.m:785)
3   UIKit                         	0x000000018f185958 -[_UINavigationInteractiveTransitionBase handleNavigationTransition:] + 248 (_UINavigationParallaxTransition.m:805)
4   UIKit                         	0x000000018f4cf04c -[UIGestureRecognizerTarget _sendActionWithGestureRecognizer:] + 64 (UIGestureRecognizer.m:103)
5   UIKit                         	0x000000018f4d266c _UIGestureRecognizerSendTargetActions + 124 (UIGestureRecognizer.m:984)
6   UIKit                         	0x000000018f09e788 _UIGestureRecognizerSendActions + 532 (UIGestureRecognizer.m:1020)
7   UIKit                         	0x000000018ef3cfd8 -[UIGestureRecognizer _updateGestureWithEvent:buttonEvent:] + 1016 (UIGestureRecognizer.m:1067)
8   UIKit                         	0x000000018f4c2730 _UIGestureEnvironmentUpdate + 808 (UIGestureEnvironment.m:132)
9   UIKit                         	0x000000018f4c23b4 -[UIGestureEnvironment _deliverEvent:toGestureRecognizers:usingBlock:] + 408 (UIGestureEnvironment.m:1196)
10  UIKit                         	0x000000018f4c15ec -[UIGestureEnvironment _updateGesturesForEvent:window:] + 268 (UIGestureEnvironment.m:1105)
11  UIKit                         	0x000000018ef3b090 -[UIWindow sendEvent:] + 2960 (UIWindow.m:2288)
12  MobileSafari                  	0x00000001001421f8 -[MobileSafariWindow sendEvent:] + 76 (MobileSafariWindow.m:40)
13  UIKit                         	0x000000018ef0ba5c -[UIApplication sendEvent:] + 248 (UIApplication.m:10719)
14  UIKit                         	0x000000018f703d08 __dispatchPreprocessedEventFromEventQueue + 2832 (UIEventDispatcher.m:1424)
15  UIKit                         	0x000000018f6fd538 __handleEventQueue + 784 (UIEventDispatcher.m:1620)
16  CoreFoundation                	0x0000000188fce418 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 (CFRunLoop.c:1943)
17  CoreFoundation                	0x0000000188fcdd60 __CFRunLoopDoSources0 + 524 (CFRunLoop.c:1989)
18  CoreFoundation                	0x0000000188fcb960 __CFRunLoopRun + 804 (CFRunLoop.c:2821)
19  CoreFoundation                	0x0000000188efb8d8 CFRunLoopRunSpecific + 444 (CFRunLoop.c:3113)
20  GraphicsServices              	0x000000018a903198 GSEventRunModal + 180 (GSEvent.c:2245)
21  UIKit                         	0x000000018ef76a64 -[UIApplication _run] + 664 (UIApplication.m:2651)
22  UIKit                         	0x000000018ef717d0 UIApplicationMain + 208 (UIApplication.m:4088)
23  MobileSafari                  	0x0000000100054e18 main + 1996 (main.m:168)
24  libdyld.dylib                 	0x0000000188a9c5b8 start + 4
Comment 1 Chris Dumez 2016-07-14 12:04:37 PDT
<rdar://problem/22467100>
Comment 2 Chris Dumez 2016-07-14 12:08:17 PDT
Created attachment 283666 [details]
Patch
Comment 3 Chris Dumez 2016-07-14 14:40:04 PDT
Comment on attachment 283666 [details]
Patch

Clearing flags on attachment: 283666

Committed r203242: <http://trac.webkit.org/changeset/203242>
Comment 4 Chris Dumez 2016-07-14 14:40:09 PDT
All reviewed patches have been landed.  Closing bug.