The refactoring in Bug 176280 caused WebKit to attempt to message destroyed objects in WebKitLegacy applications. A loop was moved (and rewritten) in the new implementation of (void)_web_makePluginSubviewsPerformSelector:(SEL)selector withObject:(id)object The new code access subviews, copied them, placed them in a smart pointer, then retrieved the bare pointer for use in the Objective C iteration: for (NSView *view in adoptNS([[self subviews] copy]).get()) { ... } This caused the collection being iterated over to be cleaned up during the loop, resulting in a crash.
<rdar://problem/35672661>
Created attachment 334064 [details] Patch
Comment on attachment 334064 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=334064&action=review > Source/WebKitLegacy/mac/WebView/WebHTMLView.mm:1430 > + auto subViewsCopy = adoptNS([self.subviews copy]); Lowercase v.
Committed r228580: <https://trac.webkit.org/changeset/228580>
Comment on attachment 334064 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=334064&action=review >> Source/WebKitLegacy/mac/WebView/WebHTMLView.mm:1430 >> + auto subViewsCopy = adoptNS([self.subviews copy]); > > Lowercase v. Will do! Thanks!