Bug 1848628: Null-check swipe tracker before cleaning it up, in nsBaseWidget::SwipeFinished. r=hiro

It seems unexpected that the swipe tracker would be non-null when a swipe finishes, but there are several codepaths that can clear it, which might conceivably fire while the SwipeFinished callback is in the queue to be dispatched. Note that before bug 1837226, SwipeFinished just nulled out the pointer, which was harmless if it was already null. My patch in bug 1837226 made us start calling a method as well, and that created a new opportunity for a null-deref crash here if the pointer happens to be null when we reach this function. Differential Revision: https://phabricator.services.mozilla.com/D186204
2023-08-15 15:39:12 +00:00 · 2023-08-15 15:39:12 +00:00 · 74ff75268a
--- a/widget/nsBaseWidget.cpp
+++ b/widget/nsBaseWidget.cpp
@ -2230,8 +2230,10 @@ nsresult nsBaseWidget::AsyncEnableDragDrop(bool aEnable) {
 }

 void nsBaseWidget::SwipeFinished() {
-  mSwipeTracker->Destroy();
-  mSwipeTracker = nullptr;
+  if (mSwipeTracker) {
+    mSwipeTracker->Destroy();
+    mSwipeTracker = nullptr;
+  }
 }

 void nsBaseWidget::ReportSwipeStarted(uint64_t aInputBlockId,