Before <https://trac.webkit.org/changeset/258679>, m_scrollingCoordinator was protected. But this was changed in this revision such that "*this" is now protected. This change was done because we needed to call strongThis->removeWheelEventTestCompletionDeferralForReason() also. In <https://trac.webkit.org/changeset/258753>, the call to strongThis->removeWheelEventTestCompletionDeferralForReason() was removed. But the protection capture code was not changed back. Protecting "*this" does not guarantee the protection of m_scrollingCoordinator since it is a RefPtr. And this RefPtr can be nullified in ThreadedScrollingTree::invalidate().
Created attachment 396570 [details] Patch
<rdar://problem/61691082>
Comment on attachment 396570 [details] Patch If we've cleared the m_scrollingCoordinator on the ThreadedScrolling tree, I don't think we need to keep the scrollingCoordinator alive in order to call scheduleUpdateScrollPositionAfterAsyncScroll. We should just null-check m_scrollingCoordinator in the block.
Created attachment 396612 [details] Patch
Committed r260199: <https://trac.webkit.org/changeset/260199> All reviewed patches have been landed. Closing bug and clearing flags on attachment 396612 [details].
*** Bug 210987 has been marked as a duplicate of this bug. ***