RESOLVED FIXED302680
Speculative fix for touch-action crash below EventRegion::unite 
https://bugs.webkit.org/show_bug.cgi?id=302680
Summary Speculative fix for touch-action crash below EventRegion::unite
Sam Weinig
Reported 2025-11-17 18:42:21 PST
Speculative fix for touch-action crash below EventRegion::unite. Crash seen on PLT bots: 0 WebCore 0x1b1c33698 WebCore::EventRegion::unite(WebCore::Region const&, WebCore::RenderObject const&, WebCore::RenderStyle const&, bool) 1 WebCore 0x1b1c3327c WebCore::EventRegionContext::unite(WebCore::FloatRoundedRect const&, WebCore::RenderObject const&, WebCore::RenderStyle const&, bool) 2 WebCore 0x1b1c96f78 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 3 WebCore 0x1b1c94dc8 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 4 WebCore 0x1b1db4574 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag, (WTF::ConcurrencyTag)0>) 5 WebCore 0x1b1de884c WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior, (WTF::ConcurrencyTag)0>, WebCore::RegionContext*)::$_0::operator()(WebCore::RenderLayer&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag, (WTF::ConcurrencyTag)0>) const 6 WebCore 0x1b1de7f60 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior, (WTF::ConcurrencyTag)0>, WebCore::RegionContext*) 7 WebCore 0x1b1de580c WebCore::RenderLayerBacking::updateEventRegion()::$_1::operator()(WebCore::GraphicsLayer&) const 8 WebCore 0x1b1de5104 WebCore::RenderLayerBacking::updateEventRegion() 9 WebCore 0x1b1df4c64 WebCore::RenderLayerCompositor::updateEventRegionsRecursive(WebCore::RenderLayer&) 10 WebCore 0x1b1df4c90 WebCore::RenderLayerCompositor::updateEventRegionsRecursive(WebCore::RenderLayer&) 11 WebCore 0x1b1df4c90 WebCore::RenderLayerCompositor::updateEventRegionsRecursive(WebCore::RenderLayer&) 12 WebCore 0x1b1df4c90 WebCore::RenderLayerCompositor::updateEventRegionsRecursive(WebCore::RenderLayer&) 13 WebCore 0x1b177f314 WTF::Detail::CallableWrapper<WebCore::Page::doAfterUpdateRendering()::$_7, void, WebCore::Document&>::call(WebCore::Document&) 14 WebCore 0x1b176bd78 WebCore::Page::forEachDocumentFromMainFrame(WebCore::Frame const&, WTF::Function<void (WebCore::Document&)> const&) 15 WebCore 0x1b1762e1c WebCore::Page::updateRendering() 16 WebKit 0x1aec0e5c0 WebKit::WebPage::updateRendering() 17 WebKit 0x1adf2a624 WebKit::RemoteLayerTreeDrawingArea::updateRendering() 18 WebKit 0x1adf2e30c WTF::Detail::CallableWrapper<WebCore::Timer::Timer<WebKit::RemoteLayerTreeDrawingArea, WebKit::RemoteLayerTreeDrawingArea>(WebKit::RemoteLayerTreeDrawingArea&, void (WebKit::RemoteLayerTreeDrawingArea::*)())::'lambda'(), void>::call() 19 WebCore 0x1b18baf6c WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call() 20 WebCore 0x1b190e2b4 WebCore::timerFired(__CFRunLoopTimer*, void*) 21 CoreFoundation 0x19382bc00 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__
Attachments
Add attachment proposed patch, testcase, etc.
Sam Weinig
Comment 1 2025-11-17 18:43:49 PST
Pull request: https://github.com/WebKit/WebKit/pull/54087
EWS
Comment 2 2025-11-18 06:37:35 PST
Committed 303181@main (f453959de316): <https://commits.webkit.org/303181@main> Reviewed commits have been landed. Closing PR #54087 and removing active labels.
Radar WebKit Bug Importer
Comment 3 2025-11-18 06:38:12 PST
<rdar://problem/164962881>
Note You need to log in before you can comment on or make changes to this bug.