Bug 216828 - [gtk] evolution's html composer incorrectly allows dragging files as path causing crashes
Summary: [gtk] evolution's html composer incorrectly allows dragging files as path cau...
Status: VERIFIED DUPLICATE of bug 218562
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: Other
Hardware: Unspecified Linux
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-22 09:01 PDT by Hussam Al-Tayeb
Modified: 2020-11-20 11:43 PST (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hussam Al-Tayeb 2020-09-22 09:01:42 PDT 
in 2.28.4, dragging a file to evolution composer automatically expands the attachment bar and attaches the file.
in 2.30.0, dragging a file pastes its path as text and I drag it directly to the attachment bar, evo crashes

f 1
#1 0x00007fffea2cabf9 in webkit_editor_drag_data_received_cb (
widget=0x555556aae230, context=0x555555989920, x=0, y=0,
selection=0x7fffffffdf40, info=6, time=4772764)
at /home/hussam/cache/system/gnome/evolution/src/evolution/src/modules/webkit-editor/e-webkit-editor.c:5082
5082 if (!GTK_WIDGET_CLASS (e_webkit_editor_parent_class)->drag_drop (widget, context, x, y, time)) {
Comment 1 Milan Crha 2020-09-22 09:06:29 PDT 
This seems to be caused by a change in WebKitGTK, because the crash cannot be reproduced with 2.28.4, but can be reproduced with 2.30.0. The steps are like this:

a) open evolution composer, can be like this: evolution mailto:a@b.c
b) open nautilus and drag a file into the message body - if it lets you (the cursor is with "+"), then the drop will paste the file path into the body; it doesn't crash yet.
c) drag the same file from the nautilus, but this time drag it above the body, then up above the headers (To/Cc/...) after which the application crashes.

An extended backtrace:

#0  0x0000000000000000 in  ()
#1  0x00007f5be0036bf9 in webkit_editor_drag_data_received_cb
    (widget=0x56437986fa30, context=0x56437871f920, x=0, y=0, selection=0x7ffe0018a790, info=6, time=4002858)
    at /home/hussam/cache/system/gnome/evolution/src/evolution/src/modules/webkit-editor/e-webkit-editor.c:5082
#6  0x00007f5bebfc0134 in Python Exception <class 'gdb.error'> value has been optimized out: 
#7  0x00007f5bec3d6f68 in gtk_drag_selection_received
    (widget=widget@entry=0x56437a6fc7c0, selection_data=selection_data@entry=0x7ffe0018a790, time=4002858, data=0x56437986fa30) at ../gtk/gtk/gtkdnd.c:1189
#8  0x00007f5bec6a1e4e in _gtk_marshal_VOID__BOXED_UINTv
    (closure=0x56437a6c98d0, return_value=<optimized out>, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x5643783c8050) at gtk/gtkmarshalers.c:3608
#9  0x00007f5bebfbf0a0 in _g_closure_invoke_va
    (param_types=0x5643783c8050, n_params=<optimized out>, args=0x7ffe0018a670, instance=0x56437a6fc7c0, return_value=0x0, closure=0x56437a6c98d0)
    at ../glib/gobject/gclosure.c:873
#10 g_signal_emit_valist
    (instance=instance@entry=0x56437a6fc7c0, signal_id=signal_id@entry=81, detail=detail@entry=0, var_args=var_args@entry=0x7ffe0018a670)
    at ../glib/gobject/gsignal.c:3407
#11 0x00007f5bebfc0134 in g_signal_emit_by_name
    (instance=<optimized out>, detailed_signal=detailed_signal@entry=0x7f5bec6c4219 "selection-received") at ../glib/gobject/gsignal.c:3594
#12 0x00007f5bec4ce5b7 in gtk_selection_retrieval_report
    (info=info@entry=0x5643790ee000, type=<optimized out>, format=<optimized out>, buffer=<optimized out>, length=length@entry=49, time=4002858)
    at ../gtk/gtk/gtkselection.c:3079
#13 0x00007f5bec4ceb02 in _gtk_selection_notify
    (widget=widget@entry=0x56437a6fc7c0, event=event@entry=0x7f5bc000da10)
    at ../gtk/gtk/gtkselection.c:2883
#14 0x00007f5bec6a7e9c in _gtk_marshal_BOOLEAN__BOXEDv
    (closure=0x5643783c7de0, return_value=0x7ffe0018a990, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x5643783c7e10) at gtk/gtkmarshalers.c:130
#15 0x00007f5bebfbf0a0 in _g_closure_invoke_va
    (param_types=0x5643783c7e10, n_params=<optimized out>, args=0x7ffe0018aa40, instance=0x56437a6fc7c0, return_value=0x7ffe0018a990, closure=0x5643783c7de0)
    at ../glib/gobject/gclosure.c:873
#16 g_signal_emit_valist
    (instance=0x56437a6fc7c0, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffe0018aa40) at ../glib/gobject/gsignal.c:3407
#17 0x00007f5bebfc06b0 in g_signal_emit
    (instance=instance@entry=0x56437a6fc7c0, signal_id=<optimized out>, detail=detail@entry=0) at ../glib/gobject/gsignal.c:3554
#18 0x00007f5bec410bc6 in gtk_widget_event_internal
    (event=0x7f5bc000da10, widget=0x56437a6fc7c0)
    at ../gtk/gtk/gtkwidget.c:7808
#19 gtk_widget_event_internal (widget=0x56437a6fc7c0, event=0x7f5bc000da10)
    at ../gtk/gtk/gtkwidget.c:7677
#20 0x00007f5bec55a343 in gtk_main_do_event (event=0x7f5bc000da10)
    at ../gtk/gtk/gtkmain.c:1860
#21 gtk_main_do_event (event=<optimized out>) at ../gtk/gtk/gtkmain.c:1690
#22 0x00007f5be8261654 in _gdk_event_emit (event=0x7f5bc000da10)
    at ../gtk/gdk/gdkevents.c:73
#23 _gdk_event_emit (event=0x7f5bc000da10) at ../gtk/gdk/gdkevents.c:67
#24 0x00007f5be820dc34 in gdk_event_source_dispatch
    (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at ../gtk/gdk/x11/gdkeventsource.c:367
#25 0x00007f5becab85fe in g_main_dispatch (context=0x5643783ac6a0)
    at ../glib/glib/gmain.c:3309
#26 g_main_context_dispatch (context=context@entry=0x5643783ac6a0)
    at ../glib/glib/gmain.c:3974
#27 0x00007f5becaba471 in g_main_context_iterate
    (context=0x5643783ac6a0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/glib/gmain.c:4047
#28 0x00007f5becabb483 in g_main_loop_run (loop=0x56437834e490)
    at ../glib/glib/gmain.c:4241
#29 0x00007f5bec553dcf in gtk_main () at ../gtk/gtk/gtkmain.c:1328
#30 0x00005643769813af in main (argc=1, argv=0x7ffe0018aec8)
    at /home/hussam/cache/system/gnome/evolution/src/evolution/src/shell/main.c:694
Comment 2 Milan Crha 2020-09-22 09:36:22 PDT 
(In reply to Hussam Al-Tayeb from comment #0)
> #1 0x00007fffea2cabf9 in webkit_editor_drag_data_received_cb (
> widget=0x555556aae230, context=0x555555989920, x=0, y=0,
> selection=0x7fffffffdf40, info=6, time=4772764)
> at
> /home/hussam/cache/system/gnome/evolution/src/evolution/src/modules/webkit-
> editor/e-webkit-editor.c:5082
> 5082 if (!GTK_WIDGET_CLASS (e_webkit_editor_parent_class)->drag_drop
> (widget, context, x, y, time)) {

The EWebKitEditor derives from WebKitWebView and the line above calls the parent method, which causes the crash. After a bit more debugging the `GTK_WIDGET_CLASS (e_webkit_editor_parent_class)->drag_drop` is NULL. It splits this bug into two pieces:

1) make sure evolution doesn't dereference NULL here
2) WebKitGTK should not accept the file as a text input for the WebView content
Comment 3 Milan Crha 2020-09-22 09:45:42 PDT 
(In reply to Milan Crha from comment #2)
> 1) make sure evolution doesn't dereference NULL here

Done with [1] for 3.39.1+ and 3.38.1+.

[1] https://gitlab.gnome.org/GNOME/evolution/commit/6ad8626d93
Comment 4 Carlos Garcia Campos 2020-11-06 03:29:58 PST 
I think this is a duplicate of #218562. The problem is that we were not allowing evo to handle the drop.

*** This bug has been marked as a duplicate of bug 218562 ***
Comment 5 Milan Crha 2020-11-06 03:38:28 PST 
I agree, it might be the same thing.
Comment 6 Hussam Al-Tayeb 2020-11-20 11:43:22 PST 
(In reply to Milan Crha from comment #5)
> I agree, it might be the same thing.

Indeed it is. It is fixed in 2.30.3
Milan, please CC me when filing webkit bugs that effect evolution so I can time local updates.
Thank you!