Bug 255162

Summary:	Accessing null RemoteScrollingCoordinatorProxy in [WKWebViewIOS _didFinishScrolling]
Product:	WebKit	Reporter:	Abrar Rahman Protyasha <a_protyasha>
Component:	Scrolling	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	a_protyasha, simon.fraser, webkit-bug-importer
Priority:	P1	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Abrar Rahman Protyasha

Reported 2023-04-07 12:03:49 PDT

We're seeing runtime crashes at [WKWebViewIOS _didFinishScrolling] in situations where a web view is closed out during a scroll operation. This regression surfaced from https://commits.webkit.org/260975@main because it (correctly) changed the relative order of destruction between the `DrawingAreaProxy` and the `RemoteScrollingCoordinatorProxy` (and the `RemoteScrollingTree` it encompasses), which meant that there could be situations where closing or switching out a web view in the middle of a scroll operation could lead to a null deref of the `RemoteScrollingCoordinatorProxy` held by the `WebPageProxy`.

Attachments
Add attachment proposed patch, testcase, etc.

Abrar Rahman Protyasha

Comment 1 2023-04-07 12:05:10 PDT

rdar://106894608

Abrar Rahman Protyasha

Comment 2 2023-04-07 15:04:38 PDT

Pull request: https://github.com/WebKit/WebKit/pull/12532

EWS

Comment 3 2023-04-07 21:58:46 PDT

Committed 262748@main (2aa252bfd9f1): <https://commits.webkit.org/262748@main> Reviewed commits have been landed. Closing PR #12532 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.