Crash replacing TabDocument in MobileSafari at WebKit: -[WKWebView(WKPrivate) _beginA...
authorantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 22 Jun 2015 14:32:48 +0000 (14:32 +0000)
committerantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 22 Jun 2015 14:32:48 +0000 (14:32 +0000)
commit8ba35d1ee5664a667becace39455fe92313e1a30
treef473b827edf903b7e02c4a8a1968310acbcc07e3
parent43ccf780faf79118d694e5ea0df04ac81ca404f1
Crash replacing TabDocument in MobileSafari at WebKit: -[WKWebView(WKPrivate) _beginAnimatedResizeWithUpdates:]
https://bugs.webkit.org/show_bug.cgi?id=146201

Reviewed by Dan Bernstein.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _beginAnimatedResizeWithUpdates:]):

No repro but if for some reason [_contentView bounds] width is zero we'll compute +Inf targetScale
and then NaN contentOffset.x. Verified in lldb that this gives the exact crash signature seen.

Fix by checking that [_contentView bounds] is not empty like is done with other inputs.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@185827 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebKit2/ChangeLog
Source/WebKit2/UIProcess/API/Cocoa/WKWebView.mm