Environment: - WebKit trunk r229973 - Gnome Wayland - Arch Linux - MacBook Pro Retina mid 2015 Steps to reproduce: - Run dyz and scroll using MacBook's touchpad (with usb mouse it doesn't crash) Backtrace: Program terminated with signal SIGFPE, Arithmetic exception. #0 WebKit::WebEventFactory::createWebWheelEvent (event=0x7ffc2a854f40, deviceScaleFactor=1) at ../../Source/WebKit/Shared/wpe/WebEventFactory.cpp:156 156 wheelTicks = WebCore::FloatSize(event->value / std::abs(event->value), 0); [Current thread is 1 (Thread 0x7f854eedee80 (LWP 21448))] (gdb) bt #0 WebKit::WebEventFactory::createWebWheelEvent (event=0x7ffc2a854f40, deviceScaleFactor=1) at ../../Source/WebKit/Shared/wpe/WebEventFactory.cpp:156 #1 0x00007f8544aaeb06 in WebKit::NativeWebWheelEvent::NativeWebWheelEvent (this=0x7ffc2a854e60, event=0x7ffc2a854f40, deviceScaleFactor=1) at ../../Source/WebKit/Shared/wpe/NativeWebWheelEventWPE.cpp:36 #2 0x00007f8544b7197e in WKWPE::View::<lambda(void*, wpe_input_axis_event*)>::operator()(void *, wpe_input_axis_event *) const (__closure=0x0, data=0x7f852e5dd000, event=0x7ffc2a854f40) at ../../Source/WebKit/UIProcess/API/wpe/WPEView.cpp:119 #3 0x00007f8544b719cd in WKWPE::View::<lambda(void*, wpe_input_axis_event*)>::_FUN(void *, wpe_input_axis_event *) () at ../../Source/WebKit/UIProcess/API/wpe/WPEView.cpp:116 #4 0x00007f853a724c0c in wpe_view_backend_dispatch_axis_event () from /home/cadubentzen/git/github/webkit/WebKitBuild/DependenciesWPE/Root/lib/libWPEBackend.so.0 #5 0x00007f852cedae8b in Wayland::{lambda(void*, wl_pointer*, unsigned int, unsigned int, int)#12}::operator()(void*, wl_pointer*, unsigned int, unsigned int, int) const () from /home/cadubentzen/git/github/webkit/WebKitBuild/DependenciesWPE/Root/lib/libWPEBackend-default.so #6 0x00007f852cedaee0 in Wayland::{lambda(void*, wl_pointer*, unsigned int, unsigned int, int)#12}::_FUN(void*, wl_pointer*, unsigned int, unsigned int, int) () from /home/cadubentzen/git/github/webkit/WebKitBuild/DependenciesWPE/Root/lib/libWPEBackend-default.so #7 0x00007f854d35827a in ffi_call_unix64 () from /home/cadubentzen/git/github/webkit/WebKitBuild/DependenciesWPE/Root/lib/libffi.so.5 #8 0x00007f854d3571d6 in ffi_call (cif=<optimized out>, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>) at /home/cadubentzen/git/github/webkit/WebKitBuild/DependenciesWPE/Source/libffi-3.0.10/src/x86/ffi64.c:486 #9 0x00007f8530c0cbad in ?? () from /usr/lib/libwayland-client.so.0 #10 0x00007f8530c09679 in ?? () from /usr/lib/libwayland-client.so.0 #11 0x00007f8530c0a9b4 in wl_display_dispatch_queue_pending () from /usr/lib/libwayland-client.so.0 #12 0x00007f852ceda396 in Wayland::EventSource::{lambda(_GSource*, int (*)(void*), void*)#3}::operator()(_GSource*, int (*)(void*), void*) const () from /home/cadubentzen/git/github/webkit/WebKitBuild/DependenciesWPE/Root/lib/libWPEBackend-default.so #13 0x00007f852ceda3ed in Wayland::EventSource::{lambda(_GSource*, int (*)(void*), void*)#3}::_FUN(_GSource*, int (*)(void*), void*) () from /home/cadubentzen/git/github/webkit/WebKitBuild/DependenciesWPE/Root/lib/libWPEBackend-default.so #14 0x00007f854da36b27 in g_main_dispatch (context=0x55d483567f90) at /home/cadubentzen/git/github/webkit/WebKitBuild/DependenciesWPE/Source/glib-2.54.3/glib/gmain.c:3142 #15 g_main_context_dispatch (context=context@entry=0x55d483567f90) at /home/cadubentzen/git/github/webkit/WebKitBuild/DependenciesWPE/Source/glib-2.54.3/glib/gmain.c:3795 #16 0x00007f854da36d60 in g_main_context_iterate (context=0x55d483567f90, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /home/cadubentzen/git/github/webkit/WebKitBuild/DependenciesWPE/Source/glib-2.54.3/glib/gmain.c:3868 #17 0x00007f854da37072 in g_main_loop_run (loop=0x55d483569190) at /home/cadubentzen/git/github/webkit/WebKitBuild/DependenciesWPE/Source/glib-2.54.3/glib/gmain.c:4064 #18 0x00007f854ea7e49b in ?? () from /usr/lib/libluajit-5.1.so.2 #19 0x00007f854eab5db7 in ?? () from /usr/lib/libluajit-5.1.so.2 #20 0x00007f854eab64b0 in ?? () from /usr/lib/libluajit-5.1.so.2 #21 0x00007f854ea7c316 in ?? () from /usr/lib/libluajit-5.1.so.2 #22 0x00007f854eac1e7c in ?? () from /usr/lib/libluajit-5.1.so.2 #23 0x00007f854ea7c316 in ?? () from /usr/lib/libluajit-5.1.so.2 #24 0x00007f854eac1e7c in ?? () from /usr/lib/libluajit-5.1.so.2 #25 0x00007f854ea7c316 in ?? () from /usr/lib/libluajit-5.1.so.2 #26 0x00007f854eac1fe0 in lua_pcall () from /usr/lib/libluajit-5.1.so.2 #27 0x000055d482c60b14 in main () It turns out event->value is 0 sometimes.
Created attachment 336583 [details] Patch
The patch is only a double-check to prevent crashing but I believe it should be investigated further to prevent sending events with value = 0.
Hi! I don't know if this is right or not. I'm sure Zan will review it soon; he knows this code.
Comment on attachment 336583 [details] Patch >Subversion Revision: 229973 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 6b224d55338fbfcc0f7299a83aa63d06a640291a..b5539ff8f658ba0f5344d4b619ddd953f9f28280 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,13 @@ >+2018-03-27 Carlos Eduardo Ramalho <cadubentzen@gmail.com> >+ >+ [WPE] Floating point exception in WebEventFactory::createWebWheelEvent >+ https://bugs.webkit.org/show_bug.cgi?id=184037 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * Shared/wpe/WebEventFactory.cpp: >+ (WebKit::WebEventFactory::createWebWheelEvent): >+ > 2018-03-25 Carlos Garcia Campos <cgarcia@igalia.com> > > [GTK][WPE] Add API to convert between DOM and JSCValue >diff --git a/Source/WebKit/Shared/wpe/WebEventFactory.cpp b/Source/WebKit/Shared/wpe/WebEventFactory.cpp >index 6bedf6a465552951a4b63a4f0c41a6c25011e6dc..626829f6ac158e3f6dca941c4f1d2f73053a5b00 100644 >--- a/Source/WebKit/Shared/wpe/WebEventFactory.cpp >+++ b/Source/WebKit/Shared/wpe/WebEventFactory.cpp >@@ -134,6 +134,9 @@ WebMouseEvent WebEventFactory::createWebMouseEvent(struct wpe_input_pointer_even > > WebWheelEvent WebEventFactory::createWebWheelEvent(struct wpe_input_axis_event* event, float deviceScaleFactor) > { >+ if (!event->value) >+ return { }; >+ > // FIXME: We shouldn't hard-code this. > enum Axis { > Vertical,
Opss.. Edited the patch as comment by mistake. I'll send another just fixing Changelog format. Newcomer being newcomer.
Created attachment 336737 [details] Patch
Comment on attachment 336737 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=336737&action=review Let's just avoid any division by using something like `(event->value >= 0 ? 1.0 : -1.0) * std::abs(event->value)`. Or better yet, use std::copysign(). > Source/WebKit/ChangeLog:9 > + * Shared/wpe/WebEventFactory.cpp: > + (WebKit::WebEventFactory::createWebWheelEvent): Please describe the changes that are done here. See other ChangeLog entries for examples.
Created attachment 336769 [details] Patch
Comment on attachment 336769 [details] Patch Clearing flags on attachment: 336769 Committed r230074: <https://trac.webkit.org/changeset/230074>
All reviewed patches have been landed. Closing bug.