216828 2020-09-22 09:01:42 -0700 [gtk] evolution's html composer incorrectly allows dragging files as path causing crashes 2020-11-20 11:43:22 -0800 1 1 1 Unclassified WebKit WebKitGTK Other Unspecified Linux VERIFIED DUPLICATE 218562 P2 Normal --- 1 ht990332 webkit-unassigned bugs-noreply cgarcia mcrha oldest_to_newest 1690720 0 ht990332 2020-09-22 09:01:42 -0700 in 2.28.4, dragging a file to evolution composer automatically expands the attachment bar and attaches the file. in 2.30.0, dragging a file pastes its path as text and I drag it directly to the attachment bar, evo crashes f 1 #1 0x00007fffea2cabf9 in webkit_editor_drag_data_received_cb ( widget=0x555556aae230, context=0x555555989920, x=0, y=0, selection=0x7fffffffdf40, info=6, time=4772764) at /home/hussam/cache/system/gnome/evolution/src/evolution/src/modules/webkit-editor/e-webkit-editor.c:5082 5082 if (!GTK_WIDGET_CLASS (e_webkit_editor_parent_class)->drag_drop (widget, context, x, y, time)) { 1690721 1 mcrha 2020-09-22 09:06:29 -0700 This seems to be caused by a change in WebKitGTK, because the crash cannot be reproduced with 2.28.4, but can be reproduced with 2.30.0. The steps are like this: a) open evolution composer, can be like this: evolution mailto:a@b.c b) open nautilus and drag a file into the message body - if it lets you (the cursor is with "+"), then the drop will paste the file path into the body; it doesn't crash yet. c) drag the same file from the nautilus, but this time drag it above the body, then up above the headers (To/Cc/...) after which the application crashes. An extended backtrace: #0 0x0000000000000000 in () #1 0x00007f5be0036bf9 in webkit_editor_drag_data_received_cb (widget=0x56437986fa30, context=0x56437871f920, x=0, y=0, selection=0x7ffe0018a790, info=6, time=4002858) at /home/hussam/cache/system/gnome/evolution/src/evolution/src/modules/webkit-editor/e-webkit-editor.c:5082 #6 0x00007f5bebfc0134 in Python Exception <class 'gdb.error'> value has been optimized out: #7 0x00007f5bec3d6f68 in gtk_drag_selection_received (widget=widget@entry=0x56437a6fc7c0, selection_data=selection_data@entry=0x7ffe0018a790, time=4002858, data=0x56437986fa30) at ../gtk/gtk/gtkdnd.c:1189 #8 0x00007f5bec6a1e4e in _gtk_marshal_VOID__BOXED_UINTv (closure=0x56437a6c98d0, return_value=<optimized out>, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x5643783c8050) at gtk/gtkmarshalers.c:3608 #9 0x00007f5bebfbf0a0 in _g_closure_invoke_va (param_types=0x5643783c8050, n_params=<optimized out>, args=0x7ffe0018a670, instance=0x56437a6fc7c0, return_value=0x0, closure=0x56437a6c98d0) at ../glib/gobject/gclosure.c:873 #10 g_signal_emit_valist (instance=instance@entry=0x56437a6fc7c0, signal_id=signal_id@entry=81, detail=detail@entry=0, var_args=var_args@entry=0x7ffe0018a670) at ../glib/gobject/gsignal.c:3407 #11 0x00007f5bebfc0134 in g_signal_emit_by_name (instance=<optimized out>, detailed_signal=detailed_signal@entry=0x7f5bec6c4219 "selection-received") at ../glib/gobject/gsignal.c:3594 #12 0x00007f5bec4ce5b7 in gtk_selection_retrieval_report (info=info@entry=0x5643790ee000, type=<optimized out>, format=<optimized out>, buffer=<optimized out>, length=length@entry=49, time=4002858) at ../gtk/gtk/gtkselection.c:3079 #13 0x00007f5bec4ceb02 in _gtk_selection_notify (widget=widget@entry=0x56437a6fc7c0, event=event@entry=0x7f5bc000da10) at ../gtk/gtk/gtkselection.c:2883 #14 0x00007f5bec6a7e9c in _gtk_marshal_BOOLEAN__BOXEDv (closure=0x5643783c7de0, return_value=0x7ffe0018a990, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x5643783c7e10) at gtk/gtkmarshalers.c:130 #15 0x00007f5bebfbf0a0 in _g_closure_invoke_va (param_types=0x5643783c7e10, n_params=<optimized out>, args=0x7ffe0018aa40, instance=0x56437a6fc7c0, return_value=0x7ffe0018a990, closure=0x5643783c7de0) at ../glib/gobject/gclosure.c:873 #16 g_signal_emit_valist (instance=0x56437a6fc7c0, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffe0018aa40) at ../glib/gobject/gsignal.c:3407 #17 0x00007f5bebfc06b0 in g_signal_emit (instance=instance@entry=0x56437a6fc7c0, signal_id=<optimized out>, detail=detail@entry=0) at ../glib/gobject/gsignal.c:3554 #18 0x00007f5bec410bc6 in gtk_widget_event_internal (event=0x7f5bc000da10, widget=0x56437a6fc7c0) at ../gtk/gtk/gtkwidget.c:7808 #19 gtk_widget_event_internal (widget=0x56437a6fc7c0, event=0x7f5bc000da10) at ../gtk/gtk/gtkwidget.c:7677 #20 0x00007f5bec55a343 in gtk_main_do_event (event=0x7f5bc000da10) at ../gtk/gtk/gtkmain.c:1860 #21 gtk_main_do_event (event=<optimized out>) at ../gtk/gtk/gtkmain.c:1690 #22 0x00007f5be8261654 in _gdk_event_emit (event=0x7f5bc000da10) at ../gtk/gdk/gdkevents.c:73 #23 _gdk_event_emit (event=0x7f5bc000da10) at ../gtk/gdk/gdkevents.c:67 #24 0x00007f5be820dc34 in gdk_event_source_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at ../gtk/gdk/x11/gdkeventsource.c:367 #25 0x00007f5becab85fe in g_main_dispatch (context=0x5643783ac6a0) at ../glib/glib/gmain.c:3309 #26 g_main_context_dispatch (context=context@entry=0x5643783ac6a0) at ../glib/glib/gmain.c:3974 #27 0x00007f5becaba471 in g_main_context_iterate (context=0x5643783ac6a0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/glib/gmain.c:4047 #28 0x00007f5becabb483 in g_main_loop_run (loop=0x56437834e490) at ../glib/glib/gmain.c:4241 #29 0x00007f5bec553dcf in gtk_main () at ../gtk/gtk/gtkmain.c:1328 #30 0x00005643769813af in main (argc=1, argv=0x7ffe0018aec8) at /home/hussam/cache/system/gnome/evolution/src/evolution/src/shell/main.c:694 1690739 2 mcrha 2020-09-22 09:36:22 -0700 (In reply to Hussam Al-Tayeb from comment #0) > #1 0x00007fffea2cabf9 in webkit_editor_drag_data_received_cb ( > widget=0x555556aae230, context=0x555555989920, x=0, y=0, > selection=0x7fffffffdf40, info=6, time=4772764) > at > /home/hussam/cache/system/gnome/evolution/src/evolution/src/modules/webkit- > editor/e-webkit-editor.c:5082 > 5082 if (!GTK_WIDGET_CLASS (e_webkit_editor_parent_class)->drag_drop > (widget, context, x, y, time)) { The EWebKitEditor derives from WebKitWebView and the line above calls the parent method, which causes the crash. After a bit more debugging the `GTK_WIDGET_CLASS (e_webkit_editor_parent_class)->drag_drop` is NULL. It splits this bug into two pieces: 1) make sure evolution doesn't dereference NULL here 2) WebKitGTK should not accept the file as a text input for the WebView content 1690745 3 mcrha 2020-09-22 09:45:42 -0700 (In reply to Milan Crha from comment #2) > 1) make sure evolution doesn't dereference NULL here Done with [1] for 3.39.1+ and 3.38.1+. [1] https://gitlab.gnome.org/GNOME/evolution/commit/6ad8626d93 1705182 4 cgarcia 2020-11-06 03:29:58 -0800 I think this is a duplicate of #218562. The problem is that we were not allowing evo to handle the drop. *** This bug has been marked as a duplicate of bug 218562 *** 1705184 5 mcrha 2020-11-06 03:38:28 -0800 I agree, it might be the same thing. 1709572 6 ht990332 2020-11-20 11:43:22 -0800 (In reply to Milan Crha from comment #5) > I agree, it might be the same thing. Indeed it is. It is fixed in 2.30.3 Milan, please CC me when filing webkit bugs that effect evolution so I can time local updates. Thank you!