Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 9861733b659d85270bcecdf43e5544a104dfc07e
https://github.com/WebKit/WebKit/commit/9861733b659d85270bcecdf43e5544a104dfc07e
Author: Nikolaos Mouchtaris <[email protected]>
Date: 2025-08-16 (Sat, 16 Aug 2025)
Changed paths:
M Source/WebCore/page/scrolling/mac/ScrollerMac.h
M Source/WebCore/page/scrolling/mac/ScrollerMac.mm
M Source/WebCore/page/scrolling/mac/ScrollerPairMac.h
M Source/WebCore/page/scrolling/mac/ScrollerPairMac.mm
Log Message:
-----------
Safari use-after-free crash at com.apple.AppKit: -[NSScrollerImp knobLayer]
https://bugs.webkit.org/show_bug.cgi?id=293144
rdar://148851492
Reviewed by Simon Fraser.
The stack trace in rdar://148851492 makes this look like the scroller imp being
used on the scrolling thread is being destructed in the main thread, so add a
lock
around the scroller imp to prevent this from happening.
Combined changes:
* Source/WebCore/page/scrolling/mac/ScrollerMac.h:
* Source/WebCore/page/scrolling/mac/ScrollerMac.mm:
(-[WebScrollbarPartAnimationMac setCurrentProgress:]):
(-[WebScrollerImpDelegateMac mouseLocationInScrollerForScrollerImp:]):
(-[WebScrollerImpDelegateMac
setUpAlphaAnimation:featureToAnimate:animateAlphaTo:duration:]):
(-[WebScrollerImpDelegateMac scrollerImp:animateKnobAlphaTo:duration:]):
(-[WebScrollerImpDelegateMac scrollerImp:animateTrackAlphaTo:duration:]):
(-[WebScrollerImpDelegateMac
scrollerImp:animateUIStateTransitionWithDuration:]):
(-[WebScrollerImpDelegateMac
scrollerImp:animateExpansionTransitionWithDuration:]):
(WebCore::ScrollerMac::attach):
(WebCore::ScrollerMac::detach):
(WebCore::ScrollerMac::setHostLayer):
(WebCore::ScrollerMac::setHiddenByStyle):
(WebCore::ScrollerMac::updateValues):
(WebCore::ScrollerMac::updateScrollbarStyle):
(WebCore::ScrollerMac::setScrollerImp):
(WebCore::ScrollerMac::setScrollbarLayoutDirection):
(WebCore::ScrollerMac::setNeedsDisplay):
(WebCore::ScrollerMac::takeScrollerImp):
(WebCore::ScrollerMac::setUsePresentationValue):
(WebCore::ScrollerMac::updateProgress):
(WebCore::ScrollerMac::isScroller):
(WebCore::ScrollerMac::knobAlpha):
(WebCore::ScrollerMac::trackAlpha):
(WebCore::ScrollerMac::hasScrollerImp):
(WebCore::ScrollerMac::scrollbarState const):
* Source/WebCore/page/scrolling/mac/ScrollerPairMac.h:
(WebCore::ScrollerPairMac::scrollerImpHorizontal): Deleted.
(WebCore::ScrollerPairMac::scrollerImpVertical): Deleted.
* Source/WebCore/page/scrolling/mac/ScrollerPairMac.mm:
(-[WebScrollerImpPairDelegateMac
scrollerImpPair:convertContentPoint:toScrollerImp:]):
(WebCore::ScrollerPairMac::setUsePresentationValues):
(WebCore::ScrollerPairMac::setHorizontalScrollbarPresentationValue):
(WebCore::ScrollerPairMac::setVerticalScrollbarPresentationValue):
(WebCore::ScrollerPairMac::hasScrollerImp):
Originally-landed-as: 289651.583@safari-7621-branch (e2f4cdc8895f).
rdar://157789309
Canonical link: https://commits.webkit.org/298807@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
