NEW 195886
webkitWebViewPopulateContextMenu emits context-menu signal with NULL event (illegal) 
https://bugs.webkit.org/show_bug.cgi?id=195886
Summary webkitWebViewPopulateContextMenu emits context-menu signal with NULL event (i...
Michael Catanzaro
Reported 2019-03-18 08:01:24 PDT
Truncated backtrace: Thread no. 1 (10 frames) #0 ephy_embed_event_new at ../embed/ephy-embed-event.c:68 #1 populate_context_menu at ../src/ephy-window.c:1459 #2 ffi_call_unix64 at ../src/x86/unix64.S:76 #3 ffi_call at ../src/x86/ffi64.c:525 #4 g_cclosure_marshal_generic at gclosure.c:1496 #9 webkitWebViewPopulateContextMenu at /usr/src/debug/webkit2gtk3-2.22.6-1.fc29.x86_64/Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:2319 #10 ContextMenuClient::getContextMenuFromProposedMenu at /usr/src/debug/webkit2gtk3-2.22.6-1.fc29.x86_64/Source/WebKit/UIProcess/API/glib/WebKitContextMenuClient.cpp:50 #11 WebKit::WebContextMenuProxyGtk::show at /usr/src/debug/webkit2gtk3-2.22.6-1.fc29.x86_64/x86_64-redhat-linux-gnu/DerivedSources/ForwardingHeaders/wtf/Vector.h:365 #12 WebKit::WebPageProxy::showContextMenu at /usr/src/debug/webkit2gtk3-2.22.6-1.fc29.x86_64/x86_64-redhat-linux-gnu/DerivedSources/ForwardingHeaders/wtf/DumbPtrTraits.h:41 #13 IPC::callMemberFunctionImpl<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WebKit::ContextMenuContextData&&, WebKit::UserData const&), std::tuple<WebKit::ContextMenuContextData, WebKit::UserData>, 0ul, 1ul> at /usr/src/debug/webkit2gtk3-2.22.6-1.fc29.x86_64/Source/WebKit/Platform/IPC/HandleMessage.h:45 (full backtrace in the downstream bug) This looks like a WebKit bug (or a GTK bug). The documentation of WebKitWebView's context-menu signal says this of the event parameter: """ The event is expected to be one of the following types: a GdkEventButton of type GDK_BUTTON_PRESS when the context menu was triggered with mouse. a GdkEventKey of type GDK_KEY_PRESS if the keyboard was used to show the menu. a generic GdkEvent of type GDK_NOTHING when the “popup-menu” signal was used to show the context menu. """ Epiphany just assumes it's non-NULL, but here WebKit is emitting context-menu with a NULL event. It's not Epiphany's job to handle that: it's WebKit's job to ensure it doesn't happen. (Actually, Epiphany is wrong to cast it to a GdkEventButton without checking the type of the event. So there is an Epiphany bug here too. But that can't cause this crash, and it's not what happened in this backtrace.)
Attachments
Add attachment proposed patch, testcase, etc.
Carlos Garcia Campos
Comment 1 2019-03-27 04:25:29 PDT
We need a way to reproduce this. The web process is sending the ShowContextMenu message without a right click event. We need to understand why.
Michael Catanzaro
Comment 2 2019-03-27 08:29:07 PDT
I've asked in the downstream bug, but usually reporters don't know anything about how it crashes. Jan-Michael asked elsewhere about what happens when the context menu is opened via a touch event (long press or something?). Maybe this is related to touch? The documentation seems to indicate this can't happen, but perhaps the documentation is outdated.
Adrian Perez
Comment 3 2019-10-21 16:06:57 PDT
(In reply to Michael Catanzaro from comment #2) > I've asked in the downstream bug, but usually reporters don't know anything > about how it crashes. > > Jan-Michael asked elsewhere about what happens when the context menu is > opened via a touch event (long press or something?). Maybe this is related > to touch? The documentation seems to indicate this can't happen, but perhaps > the documentation is outdated. I *suppose* that another way of opening a context menu without using a mouse event would be with the menu key from the keyboard ¬_¬
Carlos Garcia Campos
Comment 4 2019-10-22 01:38:42 PDT
(In reply to Adrian Perez from comment #3) > (In reply to Michael Catanzaro from comment #2) > > I've asked in the downstream bug, but usually reporters don't know anything > > about how it crashes. > > > > Jan-Michael asked elsewhere about what happens when the context menu is > > opened via a touch event (long press or something?). Maybe this is related > > to touch? The documentation seems to indicate this can't happen, but perhaps > > the documentation is outdated. > > I *suppose* that another way of opening a context menu without using > a mouse event would be with the menu key from the keyboard ¬_¬ In that case we pass the keyboard event, see the first comment: """ The event is expected to be one of the following types: a GdkEventButton of type GDK_BUTTON_PRESS when the context menu was triggered with mouse. a GdkEventKey of type GDK_KEY_PRESS if the keyboard was used to show the menu. a generic GdkEvent of type GDK_NOTHING when the “popup-menu” signal was used to show the context menu. """
Note You need to log in before you can comment on or make changes to this bug.