Bug 255162

Summary:	Accessing null RemoteScrollingCoordinatorProxy in [WKWebViewIOS _didFinishScrolling]
Product:	WebKit	Reporter:	Abrar Rahman Protyasha <a_protyasha>
Component:	Scrolling	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	a_protyasha, simon.fraser, webkit-bug-importer
Priority:	P1	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Description Abrar Rahman Protyasha 2023-04-07 12:03:49 PDT

We're seeing runtime crashes at [WKWebViewIOS _didFinishScrolling] in situations where a web view is closed out during a scroll operation.

This regression surfaced from https://commits.webkit.org/260975@main because it (correctly) changed the relative order of destruction between the `DrawingAreaProxy` and the `RemoteScrollingCoordinatorProxy` (and the `RemoteScrollingTree` it encompasses), which meant that there could be situations where closing or switching out a web view in the middle of a scroll operation could lead to a null deref of the `RemoteScrollingCoordinatorProxy` held by the `WebPageProxy`.

Comment 1 Abrar Rahman Protyasha 2023-04-07 12:05:10 PDT

rdar://106894608

Comment 2 Abrar Rahman Protyasha 2023-04-07 15:04:38 PDT

Pull request: https://github.com/WebKit/WebKit/pull/12532

Comment 3 EWS 2023-04-07 21:58:46 PDT

Committed 262748@main (2aa252bfd9f1): <https://commits.webkit.org/262748@main>

Reviewed commits have been landed. Closing PR #12532 and removing active labels.