RESOLVED FIXED 226811
[GTK] Crash when dragging an account node above WebView 
https://bugs.webkit.org/show_bug.cgi?id=226811
Summary [GTK] Crash when dragging an account node above WebView
Milan Crha
Reported 2021-06-09 03:50:54 PDT
Moving this from a downstream bug report: https://gitlab.gnome.org/GNOME/evolution/-/issues/1526 In Evolution, when a user drags a mail account node above the composer window, WebKitGTK crashes the application. The preview panel doesn't do that. When I try the "drag above" with the MiniBrowser, then it crashes regardless whether it's being in the editor mode or not. This is with evolution 3.40.1-1 (from Debian experimental), webkit 2.32.1-1 and GNOME 3.38 on Debian bullseye. (I see that with Fedora 34 and the same evo/WebKitGTK versions as well). The downstream bug report contains a whole backtrace, with all threads, but it's too long. See it attached at the end of the description there, if needed. #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 set = {__val = {0, 42, 834, 5, 94402006640432, 94402006649584, 139949534068928, 94401995203384, 4, 94402006649584, 4, 139949533776257, 140735894193728, 94402029678352, 94401996349664, 140735894194048}} pid = <optimized out> tid = <optimized out> #1 0x00007f488f12b537 in __GI_abort () at abort.c:79 save_stage = 1 act = {__sigaction_handler = {sa_handler = 0x55dbae126840, sa_sigaction = 0x55dbae126840}, sa_mask = {__val = {139949533666252, 0, 0, 94401995203384, 3584923175664, 139948495672560, 94401995201360, 94402029678352, 9272222391884015360, 94401995203344, 94402006649584, 94401995203344, 94402006649584, 94402029678352, 139949533644401, 24395876352}}, sa_flags = -1700043008, sa_restorer = 0x55dbae128af0} sigs = {__val = {32, 0 <repeats 15 times>}} #2 0x00007f48899487a8 in WTF::fromUTF8Impl<false>(unsigned char const*, unsigned long) () at ../Source/WTF/wtf/text/WTFString.cpp:845 #3 0x00007f4889947e2e in WTF::String::fromUTF8(unsigned char const*, unsigned long) () at ../Source/WTF/wtf/text/WTFString.cpp:872 #4 0x00007f488c398df2 in WebKit::DropTarget::dataReceived(WebCore::IntPoint&&, _GtkSelectionData*, unsigned int, unsigned int) () at ../Source/WebKit/UIProcess/API/gtk/DropTargetGtk3.cpp:185 #5 0x00007f488c398fe4 in operator() () at ../Source/WebKit/UIProcess/API/gtk/DropTargetGtk3.cpp:85 #6 _FUN() () at ../Source/WebKit/UIProcess/API/gtk/DropTargetGtk3.cpp:85 #7 0x00007f488fd65344 in _gtk_marshal_VOID__OBJECT_INT_INT_BOXED_UINT_UINTv (closure=closure@entry=0x55dbadf4e300, return_value=return_value@entry=0x0, instance=instance@entry=0x55dbaf21f3b0, args=args@entry=0x7fffa0fb13f8, marshal_data=marshal_data@entry=0x0, n_params=n_params@entry=6, param_types=0x55dbacdeafb0) at gtkmarshalers.c:5998 data1 = 0x55dbaf21f3b0 data2 = <optimized out> callback = 0x7f488c398f90 <_FUN()> arg0 = 0x55dbace0f010 arg1 = 0 arg2 = -1894507295 arg3 = 0x7fffa0fb1980 arg4 = 2700805552 arg5 = 2700805552 args_copy = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7fffa0fb1540, reg_save_area = 0x7fffa0fb1440}} #8 0x00007f488f6e0889 in _g_closure_invoke_va (closure=closure@entry=0x55dbadf4e300, return_value=return_value@entry=0x0, instance=instance@entry=0x55dbaf21f3b0, args=args@entry=0x7fffa0fb13f8, n_params=6, param_types=0x55dbacdeafb0) at ../../../gobject/gclosure.c:873 marshal = 0x7f488fd651f0 <_gtk_marshal_VOID__OBJECT_INT_INT_BOXED_UINT_UINTv> marshal_data = 0x0 in_marshal = 0 real_closure = 0x55dbadf4e2e0 __func__ = "_g_closure_invoke_va" #9 0x00007f488f6f8fe8 in g_signal_emit_valist (instance=instance@entry=0x55dbaf21f3b0, signal_id=signal_id@entry=114, detail=detail@entry=0, var_args=var_args@entry=0x7fffa0fb13f8) at ../../../gobject/gsignal.c:3406 return_accu = <optimized out> accu = {g_type = 0x0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} accumulator = 0x0 emission = {next = 0x7fffa0fb16f0, instance = 0x55dbaf21f3b0, ihint = {signal_id = 114, detail = 0, run_type = (G_SIGNAL_RUN_LAST | G_SIGNAL_ACCUMULATOR_FIRST_RUN)}, state = EMISSION_RUN, chain_type = 0x55dbae857d60 [EWebKitEditor/WebKitWebView/WebKitWebViewBase/GtkContainer/GtkWidget/GInitiallyUnowned]} signal_id = 114 instance_type = <optimized out> emission_return = {g_type = 0x0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} rtype = 0x4 [void] static_scope = 0 fastpath_handler = <optimized out> closure = <optimized out> run_type = <optimized out> hlist = <optimized out> l = <optimized out> fastpath = 1 instance_and_params = <optimized out> signal_return_type = <optimized out> param_values = <optimized out> node = <optimized out> i = <optimized out> n_params = <optimized out> __func__ = "g_signal_emit_valist" #10 0x00007f488f6f93ff in g_signal_emit_by_name (instance=instance@entry=0x55dbaf21f3b0, detailed_signal=detailed_signal@entry=0x7f488fd6e6f8 "drag-data-received") at ../../../gobject/gsignal.c:3593 var_args = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffa0fb1530, reg_save_area = 0x7fffa0fb1440}} detail = 0 signal_id = 114 itype = 0x55dbae857d60 [EWebKitEditor/WebKitWebView/WebKitWebViewBase/GtkContainer/GtkWidget/GInitiallyUnowned] __func__ = "g_signal_emit_by_name" #11 0x00007f488fd35d1d in gtk_drag_selection_received (widget=0x55dbadc93a30 [GtkWindow], selection_data=0x7fffa0fb1980, time=501869454, data=0x55dbaf21f3b0) at ../../../../gtk/gtkdnd.c:1189 site = <optimized out> context = 0x55dbace0f010 [GdkWaylandDragContext] info = 0x7f2fa06bf410 drop_widget = 0x55dbaf21f3b0 [EWebKitEditor] target = 0x51 #12 0x00007f488fd62b7c in _gtk_marshal_VOID__BOXED_UINTv (closure=closure@entry=0x55dbaf775e50, return_value=return_value@entry=0x0, instance=instance@entry=0x55dbadc93a30, args=args@entry=0x7fffa0fb17f8, marshal_data=marshal_data@entry=0x0, n_params=n_params@entry=2, param_types=0x55dbace09580) at gtkmarshalers.c:3607 data1 = 0x55dbadc93a30 data2 = <optimized out> callback = 0x7f488fd35be0 <gtk_drag_selection_received> arg0 = 0x7fffa0fb1980 arg1 = 0 args_copy = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffa0fb1930, reg_save_area = 0x7fffa0fb1840}} #13 0x00007f488f6e0889 in _g_closure_invoke_va (closure=closure@entry=0x55dbaf775e50, return_value=return_value@entry=0x0, instance=instance@entry=0x55dbadc93a30, args=args@entry=0x7fffa0fb17f8, n_params=2, param_types=0x55dbace09580) at ../../../gobject/gclosure.c:873 marshal = 0x7f488fd62ad0 <_gtk_marshal_VOID__BOXED_UINTv> marshal_data = 0x0 in_marshal = 0 real_closure = 0x55dbaf775e30 __func__ = "_g_closure_invoke_va" #14 0x00007f488f6f8fe8 in g_signal_emit_valist (instance=instance@entry=0x55dbadc93a30, signal_id=signal_id@entry=102, detail=detail@entry=0, var_args=var_args@entry=0x7fffa0fb17f8) at ../../../gobject/gsignal.c:3406 return_accu = <optimized out> accu = {g_type = 0x0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} accumulator = 0x0 emission = {next = 0x7fffa0fb1c60, instance = 0x55dbadc93a30, ihint = {signal_id = 102, detail = 0, run_type = (G_SIGNAL_RUN_FIRST | G_SIGNAL_ACCUMULATOR_FIRST_RUN)}, state = EMISSION_RUN, chain_type = 0x55dbacdf0a70 [GtkWindow/GtkBin/GtkContainer/GtkWidget/GInitiallyUnowned]} signal_id = 102 instance_type = <optimized out> emission_return = {g_type = 0x0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} rtype = 0x4 [void] static_scope = 0 fastpath_handler = <optimized out> closure = <optimized out> run_type = <optimized out> hlist = <optimized out> l = <optimized out> fastpath = 1 instance_and_params = <optimized out> signal_return_type = <optimized out> param_values = <optimized out> node = <optimized out> i = <optimized out> n_params = <optimized out> __func__ = "g_signal_emit_valist" #15 0x00007f488f6f93ff in g_signal_emit_by_name (instance=0x55dbadc93a30, detailed_signal=detailed_signal@entry=0x7f488fdcb20f "selection-received") at ../../../gobject/gsignal.c:3593 var_args = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffa0fb1930, reg_save_area = 0x7fffa0fb1840}} detail = 0 signal_id = 102 itype = 0x55dbacdf0a70 [GtkWindow/GtkBin/GtkContainer/GtkWidget/GInitiallyUnowned] __func__ = "g_signal_emit_by_name" #16 0x00007f488fc47b64 in gtk_selection_retrieval_report (time=501869454, length=<optimized out>, buffer=<optimized out>, format=<optimized out>, type=<optimized out>, info=0x55dbad975840) at ../../../../gtk/gtkselection.c:3079 data = {selection = 0x46, target = 0x51, type = 0x0, format = 0, data = 0x0, length = -1, display = 0x55dbacda0130 [GdkWaylandDisplay]} owner_widget = <optimized out> owner_widget_ptr = 0x55dbadc93790 selection_data = {selection = 0x46, target = 0x51, type = 0x0, format = 0, data = 0x0, length = -1, display = 0x55dbacda0130 [GdkWaylandDisplay]} info = 0x55dbad975840 tmp_list = <optimized out> owner_window = <optimized out> display = 0x55dbacda0130 [GdkWaylandDisplay] id = <optimized out> __func__ = "gtk_selection_convert" #17 gtk_selection_convert (widget=0x55dbadc93a30 [GtkWindow], selection=0x46, target=0x51, time_=501869454) at ../../../../gtk/gtkselection.c:1172 owner_widget = <optimized out> owner_widget_ptr = 0x55dbadc93790 selection_data = {selection = 0x46, target = 0x51, type = 0x0, format = 0, data = 0x0, length = -1, display = 0x55dbacda0130 [GdkWaylandDisplay]} info = 0x55dbad975840 tmp_list = <optimized out> owner_window = <optimized out> display = 0x55dbacda0130 [GdkWaylandDisplay] id = <optimized out> __func__ = "gtk_selection_convert" #18 0x00007f488c399837 in WebKit::DropTarget::accept(_GdkDragContext*, WTF::Optional<WebCore::IntPoint>, unsigned int) () at ../Source/WebKit/UIProcess/API/gtk/DropTargetGtk3.cpp:140 #19 0x00007f488c399a6a in operator() () at ../Source/WebKit/UIProcess/API/gtk/DropTargetGtk3.cpp:59 #20 _FUN() () at ../Source/WebKit/UIProcess/API/gtk/DropTargetGtk3.cpp:59 #25 0x00007f488f6f93ff in <emit signal 0x7f488fd9e4ad "drag-motion" on instance 0x55dbaf21f3b0 [EWebKitEditor]> (instance=instance@entry=0x55dbaf21f3b0, detailed_signal=detailed_signal@entry=0x7f488fd9e4ad "drag-motion") at ../../../gobject/gsignal.c:3593 var_args = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7fffa0fb2010, reg_save_area = 0x7fffa0fb1f20}} detail = 0 signal_id = 111 itype = 0x55dbae857d60 [EWebKitEditor/WebKitWebView/WebKitWebViewBase/GtkContainer/GtkWidget/GInitiallyUnowned] __func__ = "g_signal_emit_by_name" #21 0x00007f488fd5eaa7 in _gtk_marshal_BOOLEAN__OBJECT_INT_INT_UINT (closure=closure@entry=0x55dbad923170, return_value=return_value@entry=0x7fffa0fb1c90, n_param_values=n_param_values@entry=5, param_values=param_values@entry=0x7fffa0fb1cf0, invocation_hint=invocation_hint@entry=0x7fffa0fb1c70, marshal_data=marshal_data@entry=0x0) at gtkmarshalers.c:826 cc = 0x55dbad923170 data1 = 0x55dbaf21f3b0 data2 = <optimized out> callback = 0x7f488c399a30 <_FUN()> v_return = <optimized out> __func__ = "_gtk_marshal_BOOLEAN__OBJECT_INT_INT_UINT" #22 0x00007f488f6e065f in g_closure_invoke (closure=0x55dbad923170, return_value=return_value@entry=0x7fffa0fb1c90, n_param_values=5, param_values=param_values@entry=0x7fffa0fb1cf0, invocation_hint=invocation_hint@entry=0x7fffa0fb1c70) at ../../../gobject/gclosure.c:810 marshal = 0x7f488fd5ea30 <_gtk_marshal_BOOLEAN__OBJECT_INT_INT_UINT> marshal_data = 0x0 in_marshal = 0 real_closure = 0x55dbad923150 __func__ = "g_closure_invoke" #23 0x00007f488f6f2ba2 in signal_emit_unlocked_R (node=<optimized out>, detail=detail@entry=0, instance=instance@entry=0x55dbaf21f3b0, emission_return=emission_return@entry=0x7fffa0fb1e20, instance_and_params=instance_and_params@entry=0x7fffa0fb1cf0) at ../../../gobject/gsignal.c:3812 tmp = <optimized out> handler = 0x55dbaf9b2e00 accumulator = 0x55dbace0a470 emission = {next = 0x0, instance = 0x55dbaf21f3b0, ihint = {signal_id = 111, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 0x4 [void]} class_closure = 0x55dbacd687e0 hlist = <optimized out> handler_list = <optimized out> return_accu = 0x7fffa0fb1c90 accu = {g_type = 0x14 [gboolean], data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} signal_id = 111 max_sequential_handler_number = 2726343 return_value_altered = <optimized out> #24 0x00007f488f6f87f9 in g_signal_emit_valist (instance=instance@entry=0x55dbaf21f3b0, signal_id=signal_id@entry=111, detail=detail@entry=0, var_args=var_args@entry=0x7fffa0fb1ed8) at ../../../gobject/gsignal.c:3507 return_value = {g_type = 0x14 [gboolean], data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} error = 0x0 rtype = 0x14 [gboolean] static_scope = 0 instance_and_params = 0x7fffa0fb1cf0 signal_return_type = <optimized out> param_values = 0x7fffa0fb1d08 node = <optimized out> i = <optimized out> n_params = <optimized out> __func__ = "g_signal_emit_valist" #26 0x00007f488fd36bea in gtk_drag_dest_motion (widget=widget@entry=0x55dbaf21f3b0 [EWebKitEditor], context=context@entry=0x55dbace0f010 [GdkWaylandDragContext], x=206, y=3, time=time@entry=501869454) at ../../../../gtk/gtkdnd.c:1572 site = 0x55dbafc1a2a0 action = <optimized out> retval = -1881198131 __func__ = "gtk_drag_dest_motion" #27 0x00007f488fd37159 in gtk_drag_find_widget (callback=0x7f488fd36a90 <gtk_drag_dest_motion>, time=501869454, y=<optimized out>, x=<optimized out>, info=0x7f2fa06bf410, context=0x55dbace0f010 [GdkWaylandDragContext], widget=0x55dbaf21f3b0 [EWebKitEditor]) at ../../../../gtk/gtkdnd.c:1270 parent = 0x0 hierarchy = 0x55dbae94c660 = {0x55dbaf828780, 0x55dbaf7fe470, 0x55dbad83baa0, 0x55dbaf7fe9f0, 0x55dbaf243f10, 0x55dbaf21f3b0} found = 0 window = <optimized out> tx = 0 ty = 0 found = <optimized out> info = 0x7f2fa06bf410 context = 0x55dbace0f010 [GdkWaylandDragContext] __func__ = "_gtk_drag_dest_handle_event" #28 _gtk_drag_dest_handle_event (toplevel=toplevel@entry=0x55dbaf828780 [EMsgComposer], event=event@entry=0x55dbb19cc5c0) at ../../../../gtk/gtkdnd.c:1091 window = <optimized out> tx = 0 ty = 0 found = <optimized out> info = 0x7f2fa06bf410 context = 0x55dbace0f010 [GdkWaylandDragContext] __func__ = "_gtk_drag_dest_handle_event" #29 0x00007f488fbbc91b in gtk_main_do_event (event=0x55dbb19cc5c0) at ../../../../gtk/gtkmain.c:1938 grab_widget = <optimized out> window_group = 0x55dbb0708aa0 [GtkWindowGroup] rewritten_event = <optimized out> device = 0x55dbace0f0c0 [GdkWaylandDevice] tmp_list = <optimized out> event_widget = 0x55dbaf828780 [EMsgComposer] topmost_widget = <optimized out> __func__ = "gtk_main_do_event" __func__ = "gtk_main_do_event" #30 gtk_main_do_event (event=<optimized out>) at ../../../../gtk/gtkmain.c:1690 __func__ = "gtk_main_do_event" #31 0x00007f488f039785 in _gdk_event_emit (event=event@entry=0x55dbb19cc5c0) at ../../../../gdk/gdkevents.c:73 #32 0x00007f488f0993a2 in gdk_event_source_dispatch (base=<optimized out>, callback=<optimized out>, data=<optimized out>) at ../../../../../gdk/wayland/gdkeventsource.c:124 source = <optimized out> display = <optimized out> event = 0x55dbb19cc5c0 #33 0x00007f488f5ec85b in g_main_dispatch (context=0x55dbacdb1860) at ../../../glib/gmain.c:3337 dispatch = 0x7f488f099380 <gdk_event_source_dispatch> prev_source = 0x0 begin_time_nsec = 0 was_in_call = 0 user_data = 0x0 callback = 0x0 cb_funcs = <optimized out> cb_data = <optimized out> need_destroy = <optimized out> source = 0x55dbacdc4020 current = 0x55dbacd7f640 i = 0 __func__ = "g_main_dispatch" #34 g_main_context_dispatch (context=0x55dbacdb1860) at ../../../glib/gmain.c:4055 #35 0x00007f488f5ecb08 in g_main_context_iterate (context=0x55dbacdb1860, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4131 max_priority = 2147483647 timeout = 47 some_ready = 1 nfds = <optimized out> allocated_nfds = <optimized out> fds = 0x55dbb16911b0 #36 0x00007f488f5ecdfb in g_main_loop_run (loop=loop@entry=0x55dbad53cc80) at ../../../glib/gmain.c:4329 __func__ = "g_main_loop_run" #37 0x00007f488fbbba55 in gtk_main () at ../../../../gtk/gtkmain.c:1328 loop = 0x55dbad53cc80 #38 0x000055dbab65fec2 in main (argc=<optimized out>, argv=<optimized out>) at ./src/shell/main.c:681 shell = 0x55dbad1b71d0 [EShell] settings = <optimized out> success = 1 error = 0x0
Attachments
Patch (2.86 KB, patch)
2021-06-10 12:58 PDT, Michael Catanzaro 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2021-06-09 05:03:40 PDT
(In reply to Milan Crha from comment #0) > Moving this from a downstream bug report: > https://gitlab.gnome.org/GNOME/evolution/-/issues/1526 > > In Evolution, when a user drags a mail account node above the composer > window, WebKitGTK crashes the application. The preview panel doesn't do > that. Er... where is this mail account node above the composer window? I see a combo box to select the mail account to use to send the mail, but I don't see anything dragable. > When I try the "drag above" with the MiniBrowser, then it crashes > regardless whether it's being in the editor mode or not. How exactly were you able to reproduce with MiniBrowser?
Milan Crha
Comment 2 2021-06-09 05:36:14 PDT
Run: $ evolution -c mail there is a side bar on the left with accounts and folders. Drag the account name, like the "On This Computer", and move the mouse above the MiniBrowser content area.
Michael Catanzaro
Comment 3 2021-06-09 12:07:42 PDT
I'm unable to reproduce. I wonder if it is X11-specific. Are you using X11?
Paul Wise
Comment 4 2021-06-09 16:45:49 PDT
I am using Wayland, haven't tried the MiniBrowser though.
Paul Wise
Comment 5 2021-06-09 16:47:53 PDT
I just tried it with the `MiniBrowser --editor-mode` and `MiniBrowser` and I don't get the crash.
Paul Wise
Comment 6 2021-06-09 16:48:51 PDT
I still do get the crash with the evolution composer window though.
Milan Crha
Comment 7 2021-06-10 01:38:33 PDT
(In reply to Michael Catanzaro from comment #3) > I'm unable to reproduce. I wonder if it is X11-specific. Are you using X11? Right, I'm on X11 when trying with the MiniBrowser. I can partly confirm Paul comments. When on Wayland, MiniBrowser doesn't crash, but for me only when it's in the --editor-mode, where I made it crash. Its console says: $ /usr/libexec/webkit2gtk-4.0/MiniBrowser --editor-mode (MiniBrowser:2130): Gdk-WARNING **: 04:36:24.066: gdkselection-wayland.c:280: error reading selection buffer: Operation was cancelled Aborted (core dumped)
Michael Catanzaro
Comment 8 2021-06-10 10:24:34 PDT
(In reply to Paul Wise from comment #6) > I still do get the crash with the evolution composer window though. OK, I see the crash when dragging "On This Computer" into the composer window.
Michael Catanzaro
Comment 9 2021-06-10 10:30:36 PDT
*** Bug 220059 has been marked as a duplicate of this bug. ***
Michael Catanzaro
Comment 10 2021-06-10 12:58:55 PDT
Created attachment 431114 [details] Patch
Michael Catanzaro
Comment 11 2021-06-10 12:59:52 PDT
Problem is data with zero size is indicated by -1 in the GTK 3 implementation, but the code wasn't prepared for negative size. (The GTK 4 implementation uses unsigned integers to indicate size, and so doesn't have this problem.)
EWS Watchlist
Comment 12 2021-06-10 13:01:05 PDT
Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See https://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API
EWS
Comment 13 2021-06-11 08:00:32 PDT
Committed r278761 (238721@main): <https://commits.webkit.org/238721@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 431114 [details].
Note You need to log in before you can comment on or make changes to this bug.