RESOLVED FIXED 210570
Captured ThreadedScrollingTree should check its m_scrollingCoordinator before calling its methods 
https://bugs.webkit.org/show_bug.cgi?id=210570
Summary Captured ThreadedScrollingTree should check its m_scrollingCoordinator before...
Said Abou-Hallawa
Reported 2020-04-15 14:01:12 PDT
Before <https://trac.webkit.org/changeset/258679>, m_scrollingCoordinator was protected. But this was changed in this revision such that "*this" is now protected. This change was done because we needed to call strongThis->removeWheelEventTestCompletionDeferralForReason() also. In <https://trac.webkit.org/changeset/258753>, the call to strongThis->removeWheelEventTestCompletionDeferralForReason() was removed. But the protection capture code was not changed back. Protecting "*this" does not guarantee the protection of m_scrollingCoordinator since it is a RefPtr. And this RefPtr can be nullified in ThreadedScrollingTree::invalidate().
Attachments
Patch (2.29 KB, patch)
2020-04-15 14:05 PDT, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
Patch (1.97 KB, patch)
2020-04-15 20:40 PDT, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Said Abou-Hallawa
Comment 1 2020-04-15 14:05:00 PDT
Created attachment 396570 [details] Patch
Said Abou-Hallawa
Comment 2 2020-04-15 14:07:41 PDT
<rdar://problem/61691082>
Simon Fraser (smfr)
Comment 3 2020-04-15 14:57:15 PDT
Comment on attachment 396570 [details] Patch If we've cleared the m_scrollingCoordinator on the ThreadedScrolling tree, I don't think we need to keep the scrollingCoordinator alive in order to call scheduleUpdateScrollPositionAfterAsyncScroll. We should just null-check m_scrollingCoordinator in the block.
Said Abou-Hallawa
Comment 4 2020-04-15 20:40:14 PDT
Created attachment 396612 [details] Patch
EWS
Comment 5 2020-04-16 11:04:31 PDT
Committed r260199: <https://trac.webkit.org/changeset/260199> All reviewed patches have been landed. Closing bug and clearing flags on attachment 396612 [details].
Alexey Proskuryakov
Comment 6 2020-04-26 18:49:10 PDT
*** Bug 210987 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.