NEW 239719
[GTK] NULL pointer dereference on Touch event when contents are being repeatedly updated 
https://bugs.webkit.org/show_bug.cgi?id=239719
Summary [GTK] NULL pointer dereference on Touch event when contents are being repeate...
Andrey
Reported 2022-04-25 07:12:13 PDT
When contents are repeatedly being updated using webkit_web_view_load_html() call touch event a NULL pointer dereference sometime occurs. Crash occurs when clicking on invisible window with propagating touch event further using GDK_EVENT_PROPAGATE return value. Debian package version: libwebkit2gtk-4.0-37:amd64 2.34.6-1~deb10u1 Address sanitizer logs: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7fa3d60e794d bp 0x621002f062a0 sp 0x7ffdccb1bcf0 T0) The signal is caused by a READ memory access. Hint: address points to the zero page. #0 0x7fa3d60e794c in webkitWebViewBaseTouchEvent ../Source/WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp:1571 #1 0x7fa3cf6df273 in _gtk_marshal_BOOLEAN__BOXEDv ../../../../gtk/gtkmarshalers.c:129 #2 0x7fa3cee3ced5 in _g_closure_invoke_va ../../../gobject/gclosure.c:873 #3 0x7fa3cee58db3 in g_signal_emit_valist ../../../gobject/gsignal.c:3301 #4 0x7fa3cee599be in g_signal_emit ../../../gobject/gsignal.c:3448 #5 0x7fa3cf68d323 in gtk_widget_event_internal ../../../../gtk/gtkwidget.c:7744 #6 0x7fa3cf54d975 in propagate_event_up ../../../../gtk/gtkmain.c:2592 #7 0x7fa3cf54d975 in propagate_event ../../../../gtk/gtkmain.c:2695 #8 0x7fa3cf54fa82 in gtk_main_do_event ../../../../gtk/gtkmain.c:1915 #9 0x7fa3cf54fa82 in gtk_main_do_event ../../../../gtk/gtkmain.c:1685 #10 0x7fa3cf251464 in _gdk_event_emit ../../../../gdk/gdkevents.c:73 #11 0x7fa3cf282111 in gdk_event_source_dispatch ../../../../../gdk/x11/gdkeventsource.c:367 #12 0x7fa3ced58fed in g_main_dispatch ../../../glib/gmain.c:3182 #13 0x7fa3ced58fed in g_main_context_dispatch ../../../glib/gmain.c:3847 #14 0x7fa3ced59287 in g_main_context_iterate ../../../glib/gmain.c:3920 #15 0x7fa3ced5931b in g_main_context_iteration ../../../glib/gmain.c:3981 #16 0x7fa3cef4ea3c in g_application_run ../../../gio/gapplication.c:2470 ... AddressSanitizer can not provide additional info. AddressSanitizer: SEGV ../Source/WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp:1571 in webkitWebViewBaseTouchEvent Affected code: case GDK_TOUCH_UPDATE: { auto it = priv->touchEvents.find(sequence); ASSERT(it != priv->touchEvents.end()); it->value.reset(gdk_event_copy(touchEvent)); break; } Line WebKitWebViewBase.cpp:1571: it->value.reset(gdk_event_copy(touchEvent));
Attachments
Add attachment proposed patch, testcase, etc.
Note You need to log in before you can comment on or make changes to this bug.