[Webkit-unassigned] [Bug 195886] New: webkitWebViewPopulateContextMenu emits context-menu signal with NULL event (illegal)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Mar 18 08:01:24 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=195886

            Bug ID: 195886
           Summary: webkitWebViewPopulateContextMenu emits context-menu
                    signal with NULL event (illegal)
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com
                CC: bugs-noreply at webkitgtk.org

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 ephy_embed_event_new at ../embed/ephy-embed-event.c:68
 #1 populate_context_menu at ../src/ephy-window.c:1459
 #2 ffi_call_unix64 at ../src/x86/unix64.S:76
 #3 ffi_call at ../src/x86/ffi64.c:525
 #4 g_cclosure_marshal_generic at gclosure.c:1496
 #9 webkitWebViewPopulateContextMenu at /usr/src/debug/webkit2gtk3-2.22.6-1.fc29.x86_64/Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:2319
 #10 ContextMenuClient::getContextMenuFromProposedMenu at /usr/src/debug/webkit2gtk3-2.22.6-1.fc29.x86_64/Source/WebKit/UIProcess/API/glib/WebKitContextMenuClient.cpp:50
 #11 WebKit::WebContextMenuProxyGtk::show at /usr/src/debug/webkit2gtk3-2.22.6-1.fc29.x86_64/x86_64-redhat-linux-gnu/DerivedSources/ForwardingHeaders/wtf/Vector.h:365
 #12 WebKit::WebPageProxy::showContextMenu at /usr/src/debug/webkit2gtk3-2.22.6-1.fc29.x86_64/x86_64-redhat-linux-gnu/DerivedSources/ForwardingHeaders/wtf/DumbPtrTraits.h:41
 #13 IPC::callMemberFunctionImpl<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WebKit::ContextMenuContextData&&, WebKit::UserData const&), std::tuple<WebKit::ContextMenuContextData, WebKit::UserData>, 0ul, 1ul> at /usr/src/debug/webkit2gtk3-2.22.6-1.fc29.x86_64/Source/WebKit/Platform/IPC/HandleMessage.h:45

(full backtrace in the downstream bug)

This looks like a WebKit bug (or a GTK bug). The documentation of WebKitWebView's context-menu signal says this of the event parameter:

"""
The event is expected to be one of the following types:

a GdkEventButton of type GDK_BUTTON_PRESS when the context menu was triggered with mouse.

a GdkEventKey of type GDK_KEY_PRESS if the keyboard was used to show the menu.

a generic GdkEvent of type GDK_NOTHING when the “popup-menu” signal was used to show the context menu.
"""

Epiphany just assumes it's non-NULL, but here WebKit is emitting context-menu with a NULL event. It's not Epiphany's job to handle that: it's WebKit's job to ensure it doesn't happen. (Actually, Epiphany is wrong to cast it to a GdkEventButton without checking the type of the event. So there is an Epiphany bug here too. But that can't cause this crash, and it's not what happened in this backtrace.)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190318/549e5264/attachment-0001.html>

More information about the webkit-unassigned mailing list