[iOS WK2] Crash under PageOverlayController::uninstallPageOverlay when doing multiple...
authorsimon.fraser@apple.com <simon.fraser@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 25 Jul 2017 01:17:51 +0000 (01:17 +0000)
committersimon.fraser@apple.com <simon.fraser@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 25 Jul 2017 01:17:51 +0000 (01:17 +0000)
commit4b7922ee17d4dee533d170195b6dc89b28673686
tree9f953e2cc0e7ff199c653116ae2a551d9d042ca4
parent2ef31692edaef3ced45508d260ba91b6d2631706
[iOS WK2] Crash under PageOverlayController::uninstallPageOverlay when doing multiple finds
https://bugs.webkit.org/show_bug.cgi?id=174806
rdar://problem/33501664

Reviewed by Tim Horton.

Calling TextIndicator::createWithSelectionInFrame can trigger layout via VisibleSelection code,
which can re-enter FindController::updateFindIndicator which has by now removed m_findIndicatorOverlay
from pageOverlayController's map, but not deleted it. The second call to uninstallPageOverlay()
thus crashes at m_overlayGraphicsLayers.take(&overlay)->removeFromParent().

Fix by nulling out m_findIndicatorOverlay as soon as we uninstall it.

* WebProcess/WebPage/ios/FindControllerIOS.mm:
(WebKit::FindController::updateFindIndicator):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@219852 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebKit/ChangeLog
Source/WebKit/WebProcess/WebPage/ios/FindControllerIOS.mm