Bug 153995

Summary: Infinite loop when processing mouse events synchronously
Product: WebKit Reporter: Carlos Garcia Campos <cgarcia>
Component: WebKit2Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: andersca, bugs-noreply, darin, sam
Priority: P2    
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 153740    
Attachments:
Description Flags
Patch darin: review+

Carlos Garcia Campos
Reported 2016-02-08 11:06:00 PST
This happened with WTR in the GTK+ port after landing patch in bug #153740. The thing is that WTR forces events handling IPC messages to be synchronous. When a drag and drop operation is in progress, the web process ignores mouse move events and replies with DidReceiveEvent signal. The DidReceiveEvent message handler in WebPageProxy checks if we have a m_nextMouseMoveEvent and handles it, but when all this happens synchronously the m_nextMouseMoveEvent is the current one because we haven't returned yet from handleMouseEvent(). We need to invalidate the m_nextMouseMoveEvent before calling handleMouseEvent(). #0 0x00007ffff5bbb133 in IPC::Connection::sendMessage(std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >, unsigned int, bool) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #1 0x00007ffff5bbc48c in IPC::Connection::sendSyncMessage(unsigned long, std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >, std::chrono::duration<long, std::ratio<1l, 1000l> >, unsigned int) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #2 0x00007ffff5bbb1f5 in IPC::Connection::sendMessage(std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >, unsigned int, bool) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #3 0x00007ffff5c20e37 in WebKit::ChildProcessProxy::sendMessage(std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >, unsigned int) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #4 0x00007ffff5c5c02a in bool WebKit::ChildProcessProxy::send<Messages::WebPage::MouseEvent>(Messages::WebPage::MouseEvent&&, unsigned long, unsigned int) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #5 0x00007ffff5c4579c in WebKit::WebPageProxy::handleMouseEvent(WebKit::NativeWebMouseEvent const&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #6 0x00007ffff5c5170a in WebKit::WebPageProxy::didReceiveEvent(unsigned int, bool) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #7 0x00007ffff5e686f7 in WebKit::WebPageProxy::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #8 0x00007ffff5bbf039 in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::MessageDecoder&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #9 0x00007ffff5c75102 in WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #10 0x00007ffff5bbb546 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #11 0x00007ffff5bbb89e in IPC::Connection::SyncMessageState::dispatchMessages(IPC::Connection*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #12 0x00007ffff5bbb4a1 in IPC::Connection::dispatchSyncMessage(IPC::MessageDecoder&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #13 0x00007ffff5bbb5bd in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #14 0x00007ffff5bbb89e in IPC::Connection::SyncMessageState::dispatchMessages(IPC::Connection*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #15 0x00007ffff5bbbd8f in IPC::Connection::waitForSyncReply(unsigned long, std::chrono::duration<long, std::ratio<1l, 1000l> >, unsigned int) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #16 0x00007ffff5bbc4b8 in IPC::Connection::sendSyncMessage(unsigned long, std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >, std::chrono::duration<long, std::ratio<1l, 1000l> >, unsigned int) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #17 0x00007ffff5bbb1f5 in IPC::Connection::sendMessage(std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >, unsigned int, bool) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #18 0x00007ffff5c20e37 in WebKit::ChildProcessProxy::sendMessage(std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >, unsigned int) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 ......
Attachments
Patch (2.04 KB, patch)
2016-02-08 11:08 PST, Carlos Garcia Campos 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Carlos Garcia Campos
Comment 1 2016-02-08 11:08:12 PST
Created attachment 270867 [details] Patch
Darin Adler
Comment 2 2016-02-08 11:13:21 PST
Comment on attachment 270867 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=270867&action=review > Source/WebKit2/UIProcess/WebPageProxy.cpp:4581 > + auto nextMouseMoveEvent = WTFMove(m_nextMouseMoveEvent); > + handleMouseEvent(*nextMouseMoveEvent); Could also write this as a one-liner using std::exchange.
Carlos Garcia Campos
Comment 3 2016-02-08 11:20:17 PST
(In reply to comment #2) > Comment on attachment 270867 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=270867&action=review > > > Source/WebKit2/UIProcess/WebPageProxy.cpp:4581 > > + auto nextMouseMoveEvent = WTFMove(m_nextMouseMoveEvent); > > + handleMouseEvent(*nextMouseMoveEvent); > > Could also write this as a one-liner using std::exchange. Right, good point.
Carlos Garcia Campos
Comment 4 2016-02-08 11:41:20 PST
Committed r196264: <http://trac.webkit.org/changeset/196264>
Note You need to log in before you can comment on or make changes to this bug.