RESOLVED INVALID Bug 146267
[GTK] Crash performing drag-and-drop 
https://bugs.webkit.org/show_bug.cgi?id=146267
Summary [GTK] Crash performing drag-and-drop
Michael Catanzaro
Reported 2015-06-23 17:33:20 PDT
Created attachment 255454 [details] backtrace Try to drag and drop anything from the web view with GTK+ 3.17.2 or higher. The UI process will crash with the attached backtrace. The problem is in WebKit::DragAndDropHandler::startDrag: GUniquePtr<GdkEvent> currentEvent(gtk_get_current_event()); GdkDragContext* context = gtk_drag_begin(m_page.viewWidget(), targetList.get(), dragOperationToGdkDragActions(dragData.draggingSourceOperationMask()), GDK_BUTTON_PRIMARY, currentEvent.get()); gtk_get_current_event is nullable but the last parameter to gtk_drag_begin is not, so we should check to ensure it is not null here. This of course does not fix drag and drop, but it does fix the crash. Without this, the web process could force the UI process to crash by sending fake startDrag messages.
Attachments
backtrace (45.23 KB, text/plain)
2015-06-23 17:33 PDT, Michael Catanzaro 		no flags
Details
Patch (1.86 KB, patch)
2015-06-23 17:39 PDT, Michael Catanzaro 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2015-06-23 17:39:44 PDT
Created attachment 255455 [details] Patch
WebKit Commit Bot
Comment 2 2015-06-23 19:05:27 PDT
Comment on attachment 255455 [details] Patch Clearing flags on attachment: 255455 Committed r185896: <http://trac.webkit.org/changeset/185896>
WebKit Commit Bot
Comment 3 2015-06-23 19:05:30 PDT
All reviewed patches have been landed. Closing bug.
WebKit Commit Bot
Comment 4 2015-07-06 10:56:21 PDT
Re-opened since this is blocked by bug 146647
Note You need to log in before you can comment on or make changes to this bug.