Summary: | REGRESSION(r262680): [GTK] Crash in WebKit::DropTarget::didPerformAction | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Michael Catanzaro <mcatanzaro> | ||||
Component: | WebKitGTK | Assignee: | Nobody <webkit-unassigned> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | bugs-noreply, cgarcia, darin, ddkilzer, mcatanzaro | ||||
Priority: | P2 | ||||||
Version: | WebKit Nightly Build | ||||||
Hardware: | PC | ||||||
OS: | Linux | ||||||
Attachments: |
|
Description
Michael Catanzaro
2020-07-02 08:22:36 PDT
The problem is that m_operation is not engaged (i.e. is not set), that causes the Optional to RELEASE_ASSERT() when it is dereferenced. I haven't looked at this long enough to know if it's correct, but: if ((!operation && !m_operation) || *operation == *m_operation) The crash would surely not occur if this was an || check: if (!operation || !m_operation || *operation == *m_operation) That said, it looks like m_operation is not needed at all in the GTK 3 case. It can probably just be removed? OK I found a reproducer. Drag any file from nautilus into the web view. Crash. Created attachment 403681 [details]
Patch
Committed r264016: <https://trac.webkit.org/changeset/264016> |