REGRESSION (r243926): [iOS] Release assertion when computing editor state during...
authorwenson_hsieh@apple.com <wenson_hsieh@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 17 Apr 2019 18:04:29 +0000 (18:04 +0000)
committerwenson_hsieh@apple.com <wenson_hsieh@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 17 Apr 2019 18:04:29 +0000 (18:04 +0000)
commitf59883a9000286d302e2cf3ad2859945c612d671
tree5fcbea6971d008cf206d2a8634292e68f2e599b7
parentdc0db6b75b3fc0634f71e85d50d61d6d7c50220c
REGRESSION (r243926): [iOS] Release assertion when computing editor state during an overflow scroll triggered by layout
https://bugs.webkit.org/show_bug.cgi?id=197012
<rdar://problem/49908848>

Reviewed by Simon Fraser.

Source/WebKit:

We hit the release assertion due to the following sequence of events:
- Dispatch a queued event (in this case, a scroll event)
- Invoke the scroll event listener, which modifies layout in some way
- This scrolls an overflow scrollable container under the scope of layout
- Overflow scrolling then calls didChangeSelection and triggers an editor state update, which updates layout

In the case where the selection is in the main frame, we bail early due to the check for recursive layout (i.e.
frameView->layoutContext().isInRenderTreeLayout()). However, in the case where the selection is inside a
subframe, we end up skipping past this check, since the subframe's FrameView isn't currently laying out, and so
we end up hitting the release assertion underneath the early return.

To fix this, simply defer editor state updates due to overflow scrolling until the next remote layer tree commit
instead of computing and sending the information immediately. While this only defers editor state updates during
overflow scrolling, <rdar://problem/47258878> tracks making editor state updates deferred in the general case.

Test: editing/selection/overflow-scroll-while-selecting-text.html

* WebProcess/WebCoreSupport/ios/WebEditorClientIOS.mm:
(WebKit::WebEditorClient::overflowScrollPositionChanged):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::didChangeOverflowScrollPosition):
(WebKit::WebPage::didChangeSelection):
(WebKit::WebPage::didChangeSelectionOrOverflowScrollPosition):
* WebProcess/WebPage/WebPage.h:

LayoutTests:

Adds a new layout test to exercise the crash.

* editing/selection/overflow-scroll-while-selecting-text-expected.txt: Added.
* editing/selection/overflow-scroll-while-selecting-text.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@244388 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/editing/selection/overflow-scroll-while-selecting-text-expected.txt [new file with mode: 0644]
LayoutTests/editing/selection/overflow-scroll-while-selecting-text.html [new file with mode: 0644]
Source/WebKit/ChangeLog
Source/WebKit/WebProcess/WebCoreSupport/ios/WebEditorClientIOS.mm
Source/WebKit/WebProcess/WebPage/WebPage.cpp
Source/WebKit/WebProcess/WebPage/WebPage.h