<rdar://problem/17923694> It was possible to get into trackSwipeGesture while another swipe was still occurring, because the guard against this happening depended on m_pendingSwipeReason never being set while a swipe was occurring. However, if the very first scroll event had sufficient magnitude, we would still set m_pendingSwipeReason to InsufficientMagnitude, and then *never clear it*, leading to a path around the guard against multiple live swipes. This in turn allowed stale layers in m_liveSwipeLayers, which lead to the crash.
Created attachment 237183 [details] patch
Comment on attachment 237183 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=237183&action=review > Source/WebKit2/ChangeLog:4 > + Need the bug URL (OOPS!). Gotta fill this in.
Attachment 237183 [details] did not pass style-queue: ERROR: Source/WebKit2/ChangeLog:1: ChangeLog entry has no bug number [changelog/bugnumber] [5] Total errors found: 1 in 2 files If any of these errors are false positives, please file a bug against check-webkit-style.
http://trac.webkit.org/changeset/172988