<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[270081] releases/WebKitGTK/webkit-2.30/Source/WebKit</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/270081">270081</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2020-11-20 02:16:09 -0800 (Fri, 20 Nov 2020)</dd>
</dl>

<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/269620">r269620</a> - [GTK] Crash in WebKit::DropTarget::drop
https://bugs.webkit.org/show_bug.cgi?id=217482

Reviewed by Michael Catanzaro.

If we don't have selection data when drop is called, just return early to let leave continue. Also change
accept() to receive the drop context and position to be set after leaving any previous operation.

* UIProcess/API/gtk/DropTarget.h:
* UIProcess/API/gtk/DropTargetGtk3.cpp:
(WebKit::DropTarget::DropTarget):
(WebKit::DropTarget::accept):
(WebKit::DropTarget::drop):
* UIProcess/API/gtk/DropTargetGtk4.cpp:
(WebKit::DropTarget::DropTarget):
(WebKit::DropTarget::accept):</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit230SourceWebKitChangeLog">releases/WebKitGTK/webkit-2.30/Source/WebKit/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit230SourceWebKitUIProcessAPIgtkDropTargeth">releases/WebKitGTK/webkit-2.30/Source/WebKit/UIProcess/API/gtk/DropTarget.h</a></li>
<li><a href="#releasesWebKitGTKwebkit230SourceWebKitUIProcessAPIgtkDropTargetGtk3cpp">releases/WebKitGTK/webkit-2.30/Source/WebKit/UIProcess/API/gtk/DropTargetGtk3.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit230SourceWebKitUIProcessAPIgtkDropTargetGtk4cpp">releases/WebKitGTK/webkit-2.30/Source/WebKit/UIProcess/API/gtk/DropTargetGtk4.cpp</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit230SourceWebKitChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.30/Source/WebKit/ChangeLog (270080 => 270081)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.30/Source/WebKit/ChangeLog   2020-11-20 10:15:52 UTC (rev 270080)
+++ releases/WebKitGTK/webkit-2.30/Source/WebKit/ChangeLog      2020-11-20 10:16:09 UTC (rev 270081)
</span><span class="lines">@@ -1,3 +1,22 @@
</span><ins>+2020-11-10  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        [GTK] Crash in WebKit::DropTarget::drop
+        https://bugs.webkit.org/show_bug.cgi?id=217482
+
+        Reviewed by Michael Catanzaro.
+
+        If we don't have selection data when drop is called, just return early to let leave continue. Also change
+        accept() to receive the drop context and position to be set after leaving any previous operation.
+
+        * UIProcess/API/gtk/DropTarget.h:
+        * UIProcess/API/gtk/DropTargetGtk3.cpp:
+        (WebKit::DropTarget::DropTarget):
+        (WebKit::DropTarget::accept):
+        (WebKit::DropTarget::drop):
+        * UIProcess/API/gtk/DropTargetGtk4.cpp:
+        (WebKit::DropTarget::DropTarget):
+        (WebKit::DropTarget::accept):
+
</ins><span class="cx"> 2020-11-06  Milan Crha  <mcrha@redhat.com>
</span><span class="cx"> 
</span><span class="cx">         [GTK] Application cannot override drag&drop callbacks
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit230SourceWebKitUIProcessAPIgtkDropTargeth"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.30/Source/WebKit/UIProcess/API/gtk/DropTarget.h (270080 => 270081)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.30/Source/WebKit/UIProcess/API/gtk/DropTarget.h      2020-11-20 10:15:52 UTC (rev 270080)
+++ releases/WebKitGTK/webkit-2.30/Source/WebKit/UIProcess/API/gtk/DropTarget.h 2020-11-20 10:16:09 UTC (rev 270081)
</span><span class="lines">@@ -39,9 +39,11 @@
</span><span class="cx"> 
</span><span class="cx"> #if USE(GTK4)
</span><span class="cx"> typedef struct _GdkDrop GdkDrop;
</span><ins>+using PlatformDropContext = GdkDrop;
</ins><span class="cx"> #else
</span><span class="cx"> typedef struct _GdkDragContext GdkDragContext;
</span><span class="cx"> typedef struct _GtkSelectionData GtkSelectionData;
</span><ins>+using PlatformDropContext = GdkDragContext;
</ins><span class="cx"> #endif
</span><span class="cx"> 
</span><span class="cx"> namespace WebKit {
</span><span class="lines">@@ -57,7 +59,7 @@
</span><span class="cx">     void didPerformAction();
</span><span class="cx"> 
</span><span class="cx"> private:
</span><del>-    void accept(unsigned = 0);
</del><ins>+    void accept(PlatformDropContext*, Optional<WebCore::IntPoint> = WTF::nullopt, unsigned = 0);
</ins><span class="cx">     void enter(WebCore::IntPoint&&, unsigned = 0);
</span><span class="cx">     void update(WebCore::IntPoint&&, unsigned = 0);
</span><span class="cx">     void leave();
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit230SourceWebKitUIProcessAPIgtkDropTargetGtk3cpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.30/Source/WebKit/UIProcess/API/gtk/DropTargetGtk3.cpp (270080 => 270081)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.30/Source/WebKit/UIProcess/API/gtk/DropTargetGtk3.cpp        2020-11-20 10:15:52 UTC (rev 270080)
+++ releases/WebKitGTK/webkit-2.30/Source/WebKit/UIProcess/API/gtk/DropTargetGtk3.cpp   2020-11-20 10:16:09 UTC (rev 270081)
</span><span class="lines">@@ -59,9 +59,7 @@
</span><span class="cx">     g_signal_connect_after(m_webView, "drag-motion", G_CALLBACK(+[](GtkWidget*, GdkDragContext* context, gint x, gint y, guint time, gpointer userData) -> gboolean {
</span><span class="cx">         auto& drop = *static_cast<DropTarget*>(userData);
</span><span class="cx">         if (drop.m_drop != context) {
</span><del>-            drop.m_drop = context;
-            drop.m_position = IntPoint(x, y);
-            drop.accept(time);
</del><ins>+            drop.accept(context, IntPoint(x, y), time);
</ins><span class="cx">         } else if (drop.m_drop == context)
</span><span class="cx">             drop.update({ x, y }, time);
</span><span class="cx">         return TRUE;
</span><span class="lines">@@ -97,7 +95,7 @@
</span><span class="cx">     g_signal_handlers_disconnect_by_data(m_webView, this);
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-void DropTarget::accept(unsigned time)
</del><ins>+void DropTarget::accept(GdkDragContext* drop, Optional<WebCore::IntPoint> position, unsigned time)
</ins><span class="cx"> {
</span><span class="cx">     if (m_leaveTimer.isActive()) {
</span><span class="cx">         m_leaveTimer.stop();
</span><span class="lines">@@ -104,6 +102,8 @@
</span><span class="cx">         leaveTimerFired();
</span><span class="cx">     }
</span><span class="cx"> 
</span><ins>+    m_drop = drop;
+    m_position = position;
</ins><span class="cx">     m_dataRequestCount = 0;
</span><span class="cx">     m_selectionData = WTF::nullopt;
</span><span class="cx"> 
</span><span class="lines">@@ -259,6 +259,10 @@
</span><span class="cx"> 
</span><span class="cx"> void DropTarget::drop(IntPoint&& position, unsigned time)
</span><span class="cx"> {
</span><ins>+    // If we don't have data at this point, allow the leave timer to fire, ending the drop operation.
+    if (!m_selectionData)
+        return;
+
</ins><span class="cx">     if (m_leaveTimer.isActive())
</span><span class="cx">         m_leaveTimer.stop();
</span><span class="cx"> 
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit230SourceWebKitUIProcessAPIgtkDropTargetGtk4cpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.30/Source/WebKit/UIProcess/API/gtk/DropTargetGtk4.cpp (270080 => 270081)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.30/Source/WebKit/UIProcess/API/gtk/DropTargetGtk4.cpp        2020-11-20 10:15:52 UTC (rev 270080)
+++ releases/WebKitGTK/webkit-2.30/Source/WebKit/UIProcess/API/gtk/DropTargetGtk4.cpp   2020-11-20 10:16:09 UTC (rev 270081)
</span><span class="lines">@@ -54,8 +54,7 @@
</span><span class="cx">         static_cast<GdkDragAction>(GDK_ACTION_COPY | GDK_ACTION_MOVE | GDK_ACTION_LINK));
</span><span class="cx">     g_signal_connect(target, "accept", G_CALLBACK(+[](GtkDropTargetAsync*, GdkDrop* gdkDrop, gpointer userData) -> gboolean {
</span><span class="cx">         auto& drop = *static_cast<DropTarget*>(userData);
</span><del>-        drop.m_drop = gdkDrop;
-        drop.accept();
</del><ins>+        drop.accept(gdkDrop);
</ins><span class="cx">         return TRUE;
</span><span class="cx">     }), this);
</span><span class="cx"> 
</span><span class="lines">@@ -102,9 +101,10 @@
</span><span class="cx">     g_cancellable_cancel(m_cancellable.get());
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-void DropTarget::accept(unsigned)
</del><ins>+void DropTarget::accept(GdkDrop* drop, Optional<WebCore::IntPoint> position, unsigned)
</ins><span class="cx"> {
</span><del>-    m_position = WTF::nullopt;
</del><ins>+    m_drop = drop;
+    m_position = position;
</ins><span class="cx">     m_selectionData = SelectionData();
</span><span class="cx">     m_dataRequestCount = 0;
</span><span class="cx">     m_cancellable = adoptGRef(g_cancellable_new());
</span></span></pre>
</div>
</div>

</body>
</html>