Bug 153995

Summary:

Infinite loop when processing mouse events synchronously

Product:

WebKit

Reporter:

Carlos Garcia Campos <cgarcia>

Component:

WebKit2

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

andersca, bugs-noreply, darin, sam

Priority:

Version:

WebKit Local Build

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

Bug Blocks:

153740

Attachments:

Description	Flags
Patch	darin: review+

Description Carlos Garcia Campos 2016-02-08 11:06:00 PST

This happened with WTR in the GTK+ port after landing patch in bug #153740. The thing is that WTR forces events handling IPC messages to be synchronous. When a drag and drop operation is in progress, the web process ignores mouse move events and replies with DidReceiveEvent signal. The DidReceiveEvent message handler in WebPageProxy checks if we have a m_nextMouseMoveEvent and handles it, but when all this happens synchronously the m_nextMouseMoveEvent is the current one because we haven't returned yet from handleMouseEvent(). We need to invalidate the m_nextMouseMoveEvent before calling handleMouseEvent().

#0  0x00007ffff5bbb133 in IPC::Connection::sendMessage(std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >, unsigned int, bool) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#1  0x00007ffff5bbc48c in IPC::Connection::sendSyncMessage(unsigned long, std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >, std::chrono::duration<long, std::ratio<1l, 1000l> >, unsigned int) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#2  0x00007ffff5bbb1f5 in IPC::Connection::sendMessage(std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >, unsigned int, bool) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#3  0x00007ffff5c20e37 in WebKit::ChildProcessProxy::sendMessage(std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >, unsigned int) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007ffff5c5c02a in bool WebKit::ChildProcessProxy::send<Messages::WebPage::MouseEvent>(Messages::WebPage::MouseEvent&&, unsigned long, unsigned int) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#5  0x00007ffff5c4579c in WebKit::WebPageProxy::handleMouseEvent(WebKit::NativeWebMouseEvent const&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#6  0x00007ffff5c5170a in WebKit::WebPageProxy::didReceiveEvent(unsigned int, bool) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#7  0x00007ffff5e686f7 in WebKit::WebPageProxy::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#8  0x00007ffff5bbf039 in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::MessageDecoder&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#9  0x00007ffff5c75102 in WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#10 0x00007ffff5bbb546 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#11 0x00007ffff5bbb89e in IPC::Connection::SyncMessageState::dispatchMessages(IPC::Connection*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#12 0x00007ffff5bbb4a1 in IPC::Connection::dispatchSyncMessage(IPC::MessageDecoder&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#13 0x00007ffff5bbb5bd in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#14 0x00007ffff5bbb89e in IPC::Connection::SyncMessageState::dispatchMessages(IPC::Connection*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#15 0x00007ffff5bbbd8f in IPC::Connection::waitForSyncReply(unsigned long, std::chrono::duration<long, std::ratio<1l, 1000l> >, unsigned int) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#16 0x00007ffff5bbc4b8 in IPC::Connection::sendSyncMessage(unsigned long, std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >, std::chrono::duration<long, std::ratio<1l, 1000l> >, unsigned int) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#17 0x00007ffff5bbb1f5 in IPC::Connection::sendMessage(std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >, unsigned int, bool) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#18 0x00007ffff5c20e37 in WebKit::ChildProcessProxy::sendMessage(std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >, unsigned int) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
......

Comment 1 Carlos Garcia Campos 2016-02-08 11:08:12 PST

Created attachment 270867 [details]
Patch

Comment 2 Darin Adler 2016-02-08 11:13:21 PST

Comment on attachment 270867 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=270867&action=review

> Source/WebKit2/UIProcess/WebPageProxy.cpp:4581
> +            auto nextMouseMoveEvent = WTFMove(m_nextMouseMoveEvent);
> +            handleMouseEvent(*nextMouseMoveEvent);

Could also write this as a one-liner using std::exchange.

Comment 3 Carlos Garcia Campos 2016-02-08 11:20:17 PST

(In reply to comment #2)
> Comment on attachment 270867 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=270867&action=review
> 
> > Source/WebKit2/UIProcess/WebPageProxy.cpp:4581
> > +            auto nextMouseMoveEvent = WTFMove(m_nextMouseMoveEvent);
> > +            handleMouseEvent(*nextMouseMoveEvent);
> 
> Could also write this as a one-liner using std::exchange.

Right, good point.

Comment 4 Carlos Garcia Campos 2016-02-08 11:41:20 PST

Committed r196264: <http://trac.webkit.org/changeset/196264>