RESOLVED FIXED 159776
[WK2][iOS] Potential null dereference under ViewGestureController::beginSwipeGesture() 
https://bugs.webkit.org/show_bug.cgi?id=159776
Summary [WK2][iOS] Potential null dereference under ViewGestureController::beginSwipe...
Chris Dumez
Reported 2016-07-14 12:03:37 PDT
Potential null dereference under ViewGestureController::beginSwipeGesture() of m_webPageProxy.backForwardList().currentItem(): Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x00000000000000f8 Triggered by Thread: 0 Filtered syslog: None found Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed ↩: 0 WebKit 0x00000001926c9380 WebKit::ViewGestureController::beginSwipeGesture(_UINavigationInteractiveTransitionBase*, WebKit::ViewGestureController::SwipeDirection) + 276 (RefPtr.h:64) 1 WebKit 0x00000001926c9380 WebKit::ViewGestureController::beginSwipeGesture(_UINavigationInteractiveTransitionBase*, WebKit::ViewGestureController::SwipeDirection) + 276 (ViewGestureControllerIOS.mm:173) 2 UIKit 0x000000018f1857fc -[_UINavigationInteractiveTransitionBase startInteractiveTransition] + 52 (_UINavigationParallaxTransition.m:785) 3 UIKit 0x000000018f185958 -[_UINavigationInteractiveTransitionBase handleNavigationTransition:] + 248 (_UINavigationParallaxTransition.m:805) 4 UIKit 0x000000018f4cf04c -[UIGestureRecognizerTarget _sendActionWithGestureRecognizer:] + 64 (UIGestureRecognizer.m:103) 5 UIKit 0x000000018f4d266c _UIGestureRecognizerSendTargetActions + 124 (UIGestureRecognizer.m:984) 6 UIKit 0x000000018f09e788 _UIGestureRecognizerSendActions + 532 (UIGestureRecognizer.m:1020) 7 UIKit 0x000000018ef3cfd8 -[UIGestureRecognizer _updateGestureWithEvent:buttonEvent:] + 1016 (UIGestureRecognizer.m:1067) 8 UIKit 0x000000018f4c2730 _UIGestureEnvironmentUpdate + 808 (UIGestureEnvironment.m:132) 9 UIKit 0x000000018f4c23b4 -[UIGestureEnvironment _deliverEvent:toGestureRecognizers:usingBlock:] + 408 (UIGestureEnvironment.m:1196) 10 UIKit 0x000000018f4c15ec -[UIGestureEnvironment _updateGesturesForEvent:window:] + 268 (UIGestureEnvironment.m:1105) 11 UIKit 0x000000018ef3b090 -[UIWindow sendEvent:] + 2960 (UIWindow.m:2288) 12 MobileSafari 0x00000001001421f8 -[MobileSafariWindow sendEvent:] + 76 (MobileSafariWindow.m:40) 13 UIKit 0x000000018ef0ba5c -[UIApplication sendEvent:] + 248 (UIApplication.m:10719) 14 UIKit 0x000000018f703d08 __dispatchPreprocessedEventFromEventQueue + 2832 (UIEventDispatcher.m:1424) 15 UIKit 0x000000018f6fd538 __handleEventQueue + 784 (UIEventDispatcher.m:1620) 16 CoreFoundation 0x0000000188fce418 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 (CFRunLoop.c:1943) 17 CoreFoundation 0x0000000188fcdd60 __CFRunLoopDoSources0 + 524 (CFRunLoop.c:1989) 18 CoreFoundation 0x0000000188fcb960 __CFRunLoopRun + 804 (CFRunLoop.c:2821) 19 CoreFoundation 0x0000000188efb8d8 CFRunLoopRunSpecific + 444 (CFRunLoop.c:3113) 20 GraphicsServices 0x000000018a903198 GSEventRunModal + 180 (GSEvent.c:2245) 21 UIKit 0x000000018ef76a64 -[UIApplication _run] + 664 (UIApplication.m:2651) 22 UIKit 0x000000018ef717d0 UIApplicationMain + 208 (UIApplication.m:4088) 23 MobileSafari 0x0000000100054e18 main + 1996 (main.m:168) 24 libdyld.dylib 0x0000000188a9c5b8 start + 4
Attachments
Patch (2.52 KB, patch)
2016-07-14 12:08 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2016-07-14 12:04:37 PDT
<rdar://problem/22467100>
Chris Dumez
Comment 2 2016-07-14 12:08:17 PDT
Created attachment 283666 [details] Patch
Chris Dumez
Comment 3 2016-07-14 14:40:04 PDT
Comment on attachment 283666 [details] Patch Clearing flags on attachment: 283666 Committed r203242: <http://trac.webkit.org/changeset/203242>
Chris Dumez
Comment 4 2016-07-14 14:40:09 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.