Bug 210570

Summary:

Captured ThreadedScrollingTree should check its m_scrollingCoordinator before calling its methods

Product:

WebKit

Reporter:

Said Abou-Hallawa <sabouhallawa>

Component:

Scrolling

Assignee:

Said Abou-Hallawa <sabouhallawa>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

cmarcelo, ews-watchlist, fred.wang, gsnedders, jamesr, luiz, simon.fraser, tonikitoo, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none

Said Abou-Hallawa

Reported 2020-04-15 14:01:12 PDT

Before <https://trac.webkit.org/changeset/258679>, m_scrollingCoordinator was protected. But this was changed in this revision such that "*this" is now protected. This change was done because we needed to call strongThis->removeWheelEventTestCompletionDeferralForReason() also. In <https://trac.webkit.org/changeset/258753>, the call to strongThis->removeWheelEventTestCompletionDeferralForReason() was removed. But the protection capture code was not changed back. Protecting "*this" does not guarantee the protection of m_scrollingCoordinator since it is a RefPtr. And this RefPtr can be nullified in ThreadedScrollingTree::invalidate().

Attachments
Patch (2.29 KB, patch) 2020-04-15 14:05 PDT, Said Abou-Hallawa	no flags	Details Formatted Diff Diff
Patch (1.97 KB, patch) 2020-04-15 20:40 PDT, Said Abou-Hallawa	no flags	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Said Abou-Hallawa

Comment 1 2020-04-15 14:05:00 PDT

Created attachment 396570 [details] Patch

Said Abou-Hallawa

Comment 2 2020-04-15 14:07:41 PDT

<rdar://problem/61691082>

Simon Fraser (smfr)

Comment 3 2020-04-15 14:57:15 PDT

Comment on attachment 396570 [details] Patch If we've cleared the m_scrollingCoordinator on the ThreadedScrolling tree, I don't think we need to keep the scrollingCoordinator alive in order to call scheduleUpdateScrollPositionAfterAsyncScroll. We should just null-check m_scrollingCoordinator in the block.

Said Abou-Hallawa

Comment 4 2020-04-15 20:40:14 PDT

Created attachment 396612 [details] Patch

EWS

Comment 5 2020-04-16 11:04:31 PDT

Committed r260199: <https://trac.webkit.org/changeset/260199> All reviewed patches have been landed. Closing bug and clearing flags on attachment 396612 [details].

Alexey Proskuryakov

Comment 6 2020-04-26 18:49:10 PDT

*** Bug 210987 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.