From c5a9edba404a9224672ee42efba6be3ec4351ee0 Mon Sep 17 00:00:00 2001
From: "timothy_horton@apple.com"
 <timothy_horton@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Sun, 31 Aug 2014 08:04:25 +0000
Subject: [PATCH] Occasional crashes (null deref) under
 ViewGestureController::endMagnificationGesture
 https://bugs.webkit.org/show_bug.cgi?id=136409 <rdar://problem/18104748>

Reviewed by Dan Bernstein.

* UIProcess/mac/ViewGestureControllerMac.mm:
(WebKit::ViewGestureController::endMagnificationGesture):
Null-check DrawingArea.


git-svn-id: https://svn.webkit.org/repository/webkit/trunk@173144 268f45cc-cd09-0410-ab3c-d52691b4dbfc
---
 Source/WebKit2/ChangeLog                             | 12 ++++++++++++
 .../UIProcess/mac/ViewGestureControllerMac.mm        |  6 ++++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/Source/WebKit2/ChangeLog b/Source/WebKit2/ChangeLog
index 620b8f221b0e..8bcfb4944f47 100644
--- a/Source/WebKit2/ChangeLog
+++ b/Source/WebKit2/ChangeLog
@@ -1,3 +1,15 @@
+2014-08-31  Tim Horton  <timothy_horton@apple.com>
+
+        Occasional crashes (null deref) under ViewGestureController::endMagnificationGesture
+        https://bugs.webkit.org/show_bug.cgi?id=136409
+        <rdar://problem/18104748>
+
+        Reviewed by Dan Bernstein.
+
+        * UIProcess/mac/ViewGestureControllerMac.mm:
+        (WebKit::ViewGestureController::endMagnificationGesture):
+        Null-check DrawingArea.
+
 2014-08-26  Maciej Stachowiak  <mjs@apple.com>
 
         Use RetainPtr::autorelease in some places where it seems appropriate
diff --git a/Source/WebKit2/UIProcess/mac/ViewGestureControllerMac.mm b/Source/WebKit2/UIProcess/mac/ViewGestureControllerMac.mm
index 5d64d96c04a2..ef27a2d52a94 100644
--- a/Source/WebKit2/UIProcess/mac/ViewGestureControllerMac.mm
+++ b/Source/WebKit2/UIProcess/mac/ViewGestureControllerMac.mm
@@ -208,8 +208,10 @@ void ViewGestureController::endMagnificationGesture()
 
     if (m_frameHandlesMagnificationGesture)
         m_webPageProxy.scalePage(newMagnification, roundedIntPoint(m_magnificationOrigin));
-    else
-        m_webPageProxy.drawingArea()->commitTransientZoom(newMagnification, scaledMagnificationOrigin(m_magnificationOrigin, newMagnification));
+    else {
+        if (auto drawingArea = m_webPageProxy.drawingArea())
+            drawingArea->commitTransientZoom(newMagnification, scaledMagnificationOrigin(m_magnificationOrigin, newMagnification));
+    }
 
     m_activeGestureType = ViewGestureType::None;
 }
-- 
2.36.0