Bug 194698 - [GTK] Crash while filling selection data during drag and drop
Summary: [GTK] Crash while filling selection data during drag and drop
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-02-15 01:55 PST by Tomas Popela
Modified: 2019-02-18 15:15 PST (History)
3 users (show)

See Also:

Attachments
Patch (2.74 KB, patch)
2019-02-15 04:19 PST, Carlos Garcia Campos 		mcatanzaro: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tomas Popela 2019-02-15 01:55:31 PST 
We get these two reports in Fedora - one from Epiphany and the other on from yelp. The this@entry=0x8 seems suspicious.

Core was generated by `epiphany --application-mode --profile=/home/kusma/.config/epiphany/app-epiphany'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fd765b0398c in WTF::String::tryGetUtf8 (this=this@entry=0x8, mode=mode@entry=WTF::LenientConversion) at /usr/src/debug/webkit2gtk3-2.22.5-1.fc29.x86_64/Source/WTF/wtf/text/WTFString.cpp:843
[Current thread is 1 (Thread 0x7fd7609f7cc0 (LWP 18017))]

Thread 1 (Thread 0x7fd7609f7cc0 (LWP 18017)):
#0  0x00007fd765b0398c in WTF::String::tryGetUtf8 (this=this@entry=0x8, mode=mode@entry=WTF::LenientConversion) at /usr/src/debug/webkit2gtk3-2.22.5-1.fc29.x86_64/Source/WTF/wtf/text/WTFString.cpp:843
No locals.
#1  0x00007fd765b03a64 in WTF::String::utf8 (this=this@entry=0x8, mode=mode@entry=WTF::LenientConversion) at /usr/src/debug/webkit2gtk3-2.22.5-1.fc29.x86_64/Source/WTF/wtf/text/WTFString.cpp:854
        expectedString = {<std::experimental::fundamentals_v3::__expected_detail::base<WTF::CString, WTF::UTF8ConversionError>> = {s = {dummy = 0 '\000', val = {m_buffer = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, err = WTF::UTF8ConversionError::None}, has = false}, <No data fields>}
#2  0x00007fd765b03b03 in WTF::String::utf8 (this=this@entry=0x8) at /usr/src/debug/webkit2gtk3-2.22.5-1.fc29.x86_64/Source/WTF/wtf/text/WTFString.cpp:861
No locals.
#3  0x00007fd767cff996 in WebCore::PasteboardHelper::fillSelectionData (this=<optimized out>, selection=..., info=<optimized out>, selectionData=0x7ffe54cdec30) at /usr/src/debug/webkit2gtk3-2.22.5-1.fc29.x86_64/Source/WebCore/platform/gtk/SelectionData.h:38
No locals.
#4  0x00007fd7692403dd in g_closure_invoke (closure=0x55b536b1be50, return_value=0x0, n_param_values=5, param_values=0x7ffe54cde2b0, invocation_hint=0x7ffe54cde230) at gclosure.c:810
        marshal = 0x7fd76923e8c0 <g_type_class_meta_marshal>
        marshal_data = 0x268
        in_marshal = 0
        real_closure = 0x55b536b1be30
        __func__ = "g_closure_invoke"
#5  0x00007fd7692531b4 in signal_emit_unlocked_R (node=node@entry=0x55b536b1e360, detail=detail@entry=0, instance=instance@entry=0x55b53747f810, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffe54cde2b0) at gsignal.c:3673
        accumulator = 0x0
        emission = {next = 0x7ffe54cde7c0, instance = 0x55b53747f810, ihint = {signal_id = 110, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 94236795894320}
        class_closure = 0x55b536b1be50
        hlist = <optimized out>
        handler_list = <optimized out>
        return_accu = 0x0
        accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
        signal_id = 110
        max_sequential_handler_number = 68308
        return_value_altered = 0
#6  0x00007fd76925caaa in g_signal_emit_valist (instance=instance@entry=0x55b53747f810, signal_id=signal_id@entry=110, detail=detail@entry=0, var_args=var_args@entry=0x7ffe54cde518) at gsignal.c:3391
        instance_and_params = 0x7ffe54cde2b0
        signal_return_type = <optimized out>
        param_values = 0x7ffe54cde2c8
        node = <optimized out>
        i = <optimized out>
        n_params = <optimized out>
        __func__ = "g_signal_emit_valist"
#7  0x00007fd76925d584 in g_signal_emit_by_name (instance=0x55b53747f810, detailed_signal=detailed_signal@entry=0x7fd7698234d6 "drag-data-get") at gsignal.c:3487
        var_args = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7ffe54cde650, reg_save_area = 0x7ffe54cde560}}
        detail = 0
        signal_id = 110
        itype = 94236795894320
        __func__ = "g_signal_emit_by_name"
#8  0x00007fd7697ec355 in gtk_drag_selection_get (widget=<optimized out>, selection_data=0x7ffe54cdec30, sel_info=<optimized out>, time=90823832, data=0x55b5389732d0) at gtkdnd.c:2725
        info = 0x55b5389732d0
        null_atom = 0x86
        target_info = 1
#9  0x00007fd7692403dd in g_closure_invoke (closure=0x55b538a1c120, return_value=0x0, n_param_values=4, param_values=0x7ffe54cde850, invocation_hint=0x7ffe54cde7d0) at gclosure.c:810
        marshal = 0x7fd769817300 <_gtk_marshal_VOID__BOXED_UINT_UINT>
        marshal_data = 0x0
        in_marshal = 0
        real_closure = 0x55b538a1c100
        __func__ = "g_closure_invoke"
#10 0x00007fd769253983 in signal_emit_unlocked_R (node=node@entry=0x55b536b1dee0, detail=detail@entry=0, instance=instance@entry=0x55b536ae4d20, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffe54cde850) at gsignal.c:3635
        tmp = <optimized out>
        handler = 0x55b5379ecc40
        accumulator = 0x0
        emission = {next = 0x7ffe54cdef80, instance = 0x55b536ae4d20, ihint = {signal_id = 100, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4}
        class_closure = 0x55b536adff20
        hlist = <optimized out>
        handler_list = 0x55b5379ecc40
        return_accu = 0x0
        accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
        signal_id = 100
        max_sequential_handler_number = 68308
        return_value_altered = 0
#11 0x00007fd76925caaa in g_signal_emit_valist (instance=instance@entry=0x55b536ae4d20, signal_id=signal_id@entry=100, detail=detail@entry=0, var_args=var_args@entry=0x7ffe54cdeaa8) at gsignal.c:3391
        instance_and_params = 0x7ffe54cde850
        signal_return_type = <optimized out>
        param_values = 0x7ffe54cde868
        node = <optimized out>
        i = <optimized out>
        n_params = <optimized out>
        __func__ = "g_signal_emit_valist"
#12 0x00007fd76925d584 in g_signal_emit_by_name (instance=instance@entry=0x55b536ae4d20, detailed_signal=detailed_signal@entry=0x7fd76987de15 "selection-get") at gsignal.c:3487
        var_args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7ffe54cdebe0, reg_save_area = 0x7ffe54cdeaf0}}
        detail = 0
        signal_id = 100
        itype = 94236795183872
        __func__ = "g_signal_emit_by_name"
#13 0x00007fd769704beb in gtk_selection_invoke_handler (widget=0x55b536ae4d20, data=0x7ffe54cdec30, time=90823832) at gtkselection.c:3085
        target_list = <optimized out>
        info = 1
        __func__ = "gtk_selection_invoke_handler"
        _g_boolean_var_ = <optimized out>
#14 0x00007fd769704e65 in gtk_selection_convert (widget=0x55b536ae5500, selection=0x46, target=0x4f, time_=90823832) at gtkselection.c:1157
        owner_widget = <optimized out>
        owner_widget_ptr = 0x55b536ae4d20
        selection_data = {selection = 0x46, target = 0x4f, type = 0x0, format = 0, data = 0x0, length = -1, display = 0x55b536ab5010}
        info = 0x7fd6c8001d20
        tmp_list = <optimized out>
        owner_window = <optimized out>
        display = 0x55b536ab5010
        id = <optimized out>
        __func__ = "gtk_selection_convert"
#15 0x00007fd766695059 in WebKit::DragAndDropHandler::dragDataSelection (this=this@entry=0x55b536f8f1e0, context=<optimized out>, context@entry=0x55b536ab88b0, position=..., time=time@entry=90823832) at /usr/include/c++/8/bits/unique_ptr.h:342
        droppingContext = @0x7fd750e25c48: {_M_t = {_M_t = {<std::_Tuple_impl<0, WebKit::DragAndDropHandler::DroppingContext*, std::default_delete<WebKit::DragAndDropHandler::DroppingContext> >> = {<std::_Tuple_impl<1, std::default_delete<WebKit::DragAndDropHandler::DroppingContext> >> = {<std::_Head_base<1, std::default_delete<WebKit::DragAndDropHandler::DroppingContext>, true>> = {<std::default_delete<WebKit::DragAndDropHandler::DroppingContext>> = {<No data fields>}, <No data fields>}, <No data fields>}, <std::_Head_base<0, WebKit::DragAndDropHandler::DroppingContext*, false>> = {_M_head_impl = 0x55b5389857d0}, <No data fields>}, <No data fields>}}}
#16 0x00007fd766695243 in WebKit::DragAndDropHandler::dragMotion (this=0x55b536f8f1e0, context=context@entry=0x55b536ab88b0, position=..., time=time@entry=90823832) at /usr/src/debug/webkit2gtk3-2.22.5-1.fc29.x86_64/Source/WebKit/UIProcess/gtk/DragAndDropHandler.cpp:241
        selection = <optimized out>
        dragData = {m_clientPosition = {m_x = 0, m_y = 0}, m_globalPosition = {m_x = -2101622272, m_y = 474827403}, m_platformDragData = 0x55b5374a46a8, m_draggingSourceOperationMask = WebCore::DragOperationNone, m_applicationFlags = WebCore::DragApplicationNone, m_fileNames = {<WTF::VectorBuffer<WTF::String, 0>> = {<WTF::VectorBufferBase<WTF::String>> = {m_buffer = 0x7ffe54cdee90, m_capacity = 2193345024, m_size = 474827403}, <No data fields>}, <No data fields>}, m_dragDestinationAction = 1756547392}
        operation = <optimized out>
#17 0x00007fd766626b80 in webkitWebViewBaseDragMotion (widget=widget@entry=0x55b53747f810, context=0x55b536ab88b0, x=419, y=623, time=90823832) at /usr/src/debug/webkit2gtk3-2.22.5-1.fc29.x86_64/Source/WebCore/platform/graphics/IntPoint.h:72
No locals.
#18 0x00007fd769813496 in _gtk_marshal_BOOLEAN__OBJECT_INT_INT_UINT (closure=0x55b536b1c070, return_value=0x7ffe54cdefb0, n_param_values=<optimized out>, param_values=0x7ffe54cdf010, invocation_hint=<optimized out>, marshal_data=<optimized out>) at gtkmarshalers.c:713
        cc = 0x55b536b1c070
        data1 = 0x55b53747f810
        data2 = <optimized out>
        callback = 0x7fd766626b20 <webkitWebViewBaseDragMotion(GtkWidget*, GdkDragContext*, gint, gint, guint)>
        v_return = <optimized out>
        __func__ = "_gtk_marshal_BOOLEAN__OBJECT_INT_INT_UINT"
#19 0x00007fd7692403dd in g_closure_invoke (closure=0x55b536b1c070, return_value=0x7ffe54cdefb0, n_param_values=5, param_values=0x7ffe54cdf010, invocation_hint=0x7ffe54cdef90) at gclosure.c:810
        marshal = 0x7fd76923e8c0 <g_type_class_meta_marshal>
        marshal_data = 0x280
        in_marshal = 0
        real_closure = 0x55b536b1c050
        __func__ = "g_closure_invoke"
#20 0x00007fd7692531b4 in signal_emit_unlocked_R (node=node@entry=0x55b536b1e120, detail=detail@entry=0, instance=instance@entry=0x55b53747f810, emission_return=emission_return@entry=0x7ffe54cdf180, instance_and_params=instance_and_params@entry=0x7ffe54cdf010) at gsignal.c:3673
        accumulator = 0x55b536b1e190
        emission = {next = 0x0, instance = 0x55b53747f810, ihint = {signal_id = 108, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 94236795894320}
        class_closure = 0x55b536b1c070
        hlist = <optimized out>
        handler_list = <optimized out>
        return_accu = 0x7ffe54cdefb0
        accu = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
        signal_id = 108
        max_sequential_handler_number = 68307
        return_value_altered = 0
#21 0x00007fd76925c123 in g_signal_emit_valist (instance=instance@entry=0x55b53747f810, signal_id=signal_id@entry=108, detail=detail@entry=0, var_args=var_args@entry=0x7ffe54cdf278) at gsignal.c:3401
        return_value = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
        error = 0x0
        rtype = 20
        static_scope = 0
        instance_and_params = 0x7ffe54cdf010
        signal_return_type = <optimized out>
        param_values = 0x7ffe54cdf028
        node = <optimized out>
        i = <optimized out>
        n_params = <optimized out>
        __func__ = "g_signal_emit_valist"
#22 0x00007fd76925d584 in g_signal_emit_by_name (instance=instance@entry=0x55b53747f810, detailed_signal=detailed_signal@entry=0x7fd769851e10 "drag-motion") at gsignal.c:3487
        var_args = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7ffe54cdf3b0, reg_save_area = 0x7ffe54cdf2c0}}
        detail = 0
        signal_id = 108
        itype = 94236795894320
        __func__ = "g_signal_emit_by_name"
#23 0x00007fd7697ed58e in gtk_drag_dest_motion (widget=0x55b53747f810, context=0x55b536ab88b0, x=419, y=623, time=90823832) at gtkdnd.c:1572
        site = 0x55b536ffc380
        action = <optimized out>
        retval = 1770673408
        __func__ = "gtk_drag_dest_motion"
#24 0x00007fd7697edaf8 in gtk_drag_find_widget (callback=0x7fd7697ed450 <gtk_drag_dest_motion>, time=90823832, y=<optimized out>, x=<optimized out>, info=0x7fd6b80018d0, context=0x55b536ab88b0, widget=0x55b53747f810) at gtkdnd.c:1270
        parent = 0x0
        hierarchy = 0x55b53786ae20
        found = 0
#25 _gtk_drag_dest_handle_event (toplevel=toplevel@entry=0x55b536ede460, event=event@entry=0x7fd744007b60) at gtkdnd.c:1091
        window = <optimized out>
        tx = 0
        ty = 0
        found = <optimized out>
        info = 0x7fd6b80018d0
        context = 0x55b536ab88b0
        __func__ = "_gtk_drag_dest_handle_event"
#26 0x00007fd76967da8b in gtk_main_do_event (event=<optimized out>) at gtkmain.c:1933
        grab_widget = <optimized out>
        window_group = 0x55b536edbca0
        rewritten_event = <optimized out>
        device = 0x55b536ab8960
        tmp_list = <optimized out>
        event_widget = 0x55b536ede460
        topmost_widget = <optimized out>
        grab_widget = <optimized out>
        rewritten_event = <optimized out>
        tmp_list = <optimized out>
        __inst = <optimized out>
        window = <optimized out>
        __inst = <optimized out>
        __inst = <optimized out>
        window = <optimized out>
        __inst = <optimized out>
        event_widget = <optimized out>
        __t = <optimized out>
        __t = <optimized out>
        __t = <optimized out>
        __t = <optimized out>
        window_group = <optimized out>
        device = <optimized out>
        event = 0x7fd744007b60
        __func__ = "gtk_main_do_event"
        topmost_widget = <optimized out>
        __r = <optimized out>
        __r = <optimized out>
        __r = <optimized out>
        mnemonics_visible = <optimized out>
        __r = <optimized out>
        event_widget = <optimized out>
        window_group = <optimized out>
        device = <optimized out>
        tmp_list = <optimized out>
        __func__ = "gtk_main_do_event"
        __inst = <optimized out>
        __t = <optimized out>
        __r = <optimized out>
        window = <optimized out>
        __inst = <optimized out>
        __t = <optimized out>
        __r = <optimized out>
        __inst = <optimized out>
        __t = <optimized out>
        __r = <optimized out>
        mnemonics_visible = <optimized out>
        window = <optimized out>
        __inst = <optimized out>
        __t = <optimized out>
        __r = <optimized out>
#27 0x00007fd768bf0a39 in _gdk_event_emit (event=event@entry=0x7fd744007b60) at gdkevents.c:73
No locals.
#28 0x00007fd768c4d286 in gdk_event_source_dispatch (base=<optimized out>, callback=<optimized out>, data=<optimized out>) at gdkeventsource.c:124
        source = <optimized out>
        display = <optimized out>
        event = 0x7fd744007b60
#29 0x00007fd76915e06d in g_main_dispatch (context=0x55b536ac9980) at gmain.c:3182
        dispatch = 0x7fd768c4d260 <gdk_event_source_dispatch>
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x0
        callback = 0x0
        cb_funcs = 0x0
        cb_data = 0x0
        need_destroy = <optimized out>
        source = 0x55b536ade290
        current = 0x55b536a8ba30
        i = 0
        current = <optimized out>
        i = <optimized out>
        __func__ = "g_main_dispatch"
        source = <optimized out>
        _g_boolean_var_ = <optimized out>
        was_in_call = <optimized out>
        user_data = <optimized out>
        callback = <optimized out>
        cb_funcs = <optimized out>
        cb_data = <optimized out>
        need_destroy = <optimized out>
        dispatch = <optimized out>
        prev_source = <optimized out>
        _g_boolean_var_ = <optimized out>
#30 g_main_context_dispatch (context=context@entry=0x55b536ac9980) at gmain.c:3847
No locals.
#31 0x00007fd76915e438 in g_main_context_iterate (context=context@entry=0x55b536ac9980, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3920
        max_priority = 0
        timeout = 0
        some_ready = 1
        nfds = <optimized out>
        allocated_nfds = 6
        fds = 0x55b536cc0ca0
#32 0x00007fd76915e4d0 in g_main_context_iteration (context=context@entry=0x55b536ac9980, may_block=may_block@entry=1) at gmain.c:3981
        retval = <optimized out>
#33 0x00007fd76932ed25 in g_application_run (application=0x55b536d921a0, argc=<optimized out>, argv=0x7ffe54cdf7f8) at gapplication.c:2470
        arguments = 0x55b536c458c0
        status = 0
        context = 0x55b536ac9980
        acquired_context = <optimized out>
        __func__ = "g_application_run"
#34 0x000055b53553cf5e in ?? ()
No symbol table info available.
#35 0x00007ffe54cdf7f8 in ?? ()
No symbol table info available.
#36 0x0000000168d6b5fd in ?? ()
No symbol table info available.
#37 0x00007fd7646007c2 in _g_module_symbol (symbol_name=0x7ffe54cdf7f8 "^\020\316T\376\177", handle=0x7ffe54cdf7f0) at gmodule-dl.c:163
        p = <optimized out>
        msg = <optimized out>
        p = <optimized out>
        msg = <optimized out>
#38 g_module_symbol (module=<optimized out>, symbol_name=0x7ffe54cdf7f8 "^\020\316T\376\177", symbol=0x1) at gmodule.c:800
        module_error = <optimized out>
        __func__ = "g_module_symbol"
#39 0x000055b53553dac0 in ?? ()
No symbol table info available.
#40 0x000055b53553d200 in ?? ()
No symbol table info available.
#41 0x00007ffe54cdf7f0 in ?? ()
No symbol table info available.
#42 0x00007fd768df7413 in __libc_start_main (main=0x55b53553c9b0, argc=4, argv=0x7ffe54cdf7f8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe54cdf7e8) at ../csu/libc-start.c:308
        self = <optimized out>
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 3686795047983546301, 94236772127232, 140730321205232, 0, 0, 7475099810769043389, 7489094244564762557}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7ffe54cdf820, 0x7fd769ce4150}, data = {prev = 0x0, cleanup = 0x0, canceltype = 1422784544}}}
        not_first_call = <optimized out>
#43 0x000055b53553d22e in ?? ()
No symbol table info available.
#44 0x00007ffe54cdf7e8 in ?? ()
No symbol table info available.
#45 0x00007fd769ce3fa0 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#46 0x0000000000000004 in ?? ()
No symbol table info available.
#47 0x00007ffe54ce105e in ?? ()
No symbol table info available.
#48 0x0000000000000000 in ?? ()
No symbol table info available.
Comment 1 Carlos Garcia Campos 2019-02-15 04:16:47 PST 
I can't reproduce this, but it seems that m_draggingSelectionData is nullptr in fillDragData(). That can happen when startDrag cancels a previous dnd operation, because the new m_draggingSelectionData is set before the current dnd operation si cancelled, which sets it to nullptr.
Comment 2 Carlos Garcia Campos 2019-02-15 04:19:01 PST 
Created attachment 362110 [details]
Patch
Comment 3 Michael Catanzaro 2019-02-15 08:23:02 PST 
Comment on attachment 362110 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=362110&action=review

> Source/WebKit/ChangeLog:9
> +        I can't reproduce this, but it seems that m_draggingSelectionData is nullptr in fillDragData(). That can happen
> +        when startDrag cancels a previous DND operation, because the new m_draggingSelectionData is set before the

Ughhh.

We have another bug here -- somewhere -- that's probably fixed by this. It's a frequent UI process crasher, and has been for years. I was always stumped because I didn't realize it was legal for GTK to call startDrag twice in a row like this. Reminds me to finish work on the similar load events problem we have right now.
Comment 4 Carlos Garcia Campos 2019-02-18 01:12:55 PST 
Committed r241659: <https://trac.webkit.org/changeset/241659>
Comment 5 Michael Catanzaro 2019-02-18 15:15:43 PST 
(In reply to Michael Catanzaro from comment #3)
> We have another bug here -- somewhere -- that's probably fixed by this. It's
> a frequent UI process crasher, and has been for years. I was always stumped
> because I didn't realize it was legal for GTK to call startDrag twice in a
> row like this.

Just stumbled onto it: https://bugs.webkit.org/show_bug.cgi?id=168516#c7. Not clear to me if you solved it here or not.