[Webkit-unassigned] [Bug 216828] [gtk] evolution's html composer incorrectly allows dragging files as path causing crashes

Tue Sep 22 09:06:29 PDT 2020

https://bugs.webkit.org/show_bug.cgi?id=216828

Milan Crha <mcrha at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mcrha at redhat.com

--- Comment #1 from Milan Crha <mcrha at redhat.com> ---
This seems to be caused by a change in WebKitGTK, because the crash cannot be reproduced with 2.28.4, but can be reproduced with 2.30.0. The steps are like this:

a) open evolution composer, can be like this: evolution mailto:a at b.c
b) open nautilus and drag a file into the message body - if it lets you (the cursor is with "+"), then the drop will paste the file path into the body; it doesn't crash yet.
c) drag the same file from the nautilus, but this time drag it above the body, then up above the headers (To/Cc/...) after which the application crashes.

An extended backtrace:

#0  0x0000000000000000 in  ()
#1  0x00007f5be0036bf9 in webkit_editor_drag_data_received_cb
    (widget=0x56437986fa30, context=0x56437871f920, x=0, y=0, selection=0x7ffe0018a790, info=6, time=4002858)
    at /home/hussam/cache/system/gnome/evolution/src/evolution/src/modules/webkit-editor/e-webkit-editor.c:5082
#6  0x00007f5bebfc0134 in Python Exception <class 'gdb.error'> value has been optimized out: 
#7  0x00007f5bec3d6f68 in gtk_drag_selection_received
    (widget=widget at entry=0x56437a6fc7c0, selection_data=selection_data at entry=0x7ffe0018a790, time=4002858, data=0x56437986fa30) at ../gtk/gtk/gtkdnd.c:1189
#8  0x00007f5bec6a1e4e in _gtk_marshal_VOID__BOXED_UINTv
    (closure=0x56437a6c98d0, return_value=<optimized out>, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x5643783c8050) at gtk/gtkmarshalers.c:3608
#9  0x00007f5bebfbf0a0 in _g_closure_invoke_va
    (param_types=0x5643783c8050, n_params=<optimized out>, args=0x7ffe0018a670, instance=0x56437a6fc7c0, return_value=0x0, closure=0x56437a6c98d0)
    at ../glib/gobject/gclosure.c:873
#10 g_signal_emit_valist
    (instance=instance at entry=0x56437a6fc7c0, signal_id=signal_id at entry=81, detail=detail at entry=0, var_args=var_args at entry=0x7ffe0018a670)
    at ../glib/gobject/gsignal.c:3407
#11 0x00007f5bebfc0134 in g_signal_emit_by_name
    (instance=<optimized out>, detailed_signal=detailed_signal at entry=0x7f5bec6c4219 "selection-received") at ../glib/gobject/gsignal.c:3594
#12 0x00007f5bec4ce5b7 in gtk_selection_retrieval_report
    (info=info at entry=0x5643790ee000, type=<optimized out>, format=<optimized out>, buffer=<optimized out>, length=length at entry=49, time=4002858)
    at ../gtk/gtk/gtkselection.c:3079
#13 0x00007f5bec4ceb02 in _gtk_selection_notify
    (widget=widget at entry=0x56437a6fc7c0, event=event at entry=0x7f5bc000da10)
    at ../gtk/gtk/gtkselection.c:2883
#14 0x00007f5bec6a7e9c in _gtk_marshal_BOOLEAN__BOXEDv
    (closure=0x5643783c7de0, return_value=0x7ffe0018a990, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x5643783c7e10) at gtk/gtkmarshalers.c:130
#15 0x00007f5bebfbf0a0 in _g_closure_invoke_va
    (param_types=0x5643783c7e10, n_params=<optimized out>, args=0x7ffe0018aa40, instance=0x56437a6fc7c0, return_value=0x7ffe0018a990, closure=0x5643783c7de0)
    at ../glib/gobject/gclosure.c:873
#16 g_signal_emit_valist
    (instance=0x56437a6fc7c0, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args at entry=0x7ffe0018aa40) at ../glib/gobject/gsignal.c:3407
#17 0x00007f5bebfc06b0 in g_signal_emit
    (instance=instance at entry=0x56437a6fc7c0, signal_id=<optimized out>, detail=detail at entry=0) at ../glib/gobject/gsignal.c:3554
#18 0x00007f5bec410bc6 in gtk_widget_event_internal
    (event=0x7f5bc000da10, widget=0x56437a6fc7c0)
    at ../gtk/gtk/gtkwidget.c:7808
#19 gtk_widget_event_internal (widget=0x56437a6fc7c0, event=0x7f5bc000da10)
    at ../gtk/gtk/gtkwidget.c:7677
#20 0x00007f5bec55a343 in gtk_main_do_event (event=0x7f5bc000da10)
    at ../gtk/gtk/gtkmain.c:1860
#21 gtk_main_do_event (event=<optimized out>) at ../gtk/gtk/gtkmain.c:1690
#22 0x00007f5be8261654 in _gdk_event_emit (event=0x7f5bc000da10)
    at ../gtk/gdk/gdkevents.c:73
#23 _gdk_event_emit (event=0x7f5bc000da10) at ../gtk/gdk/gdkevents.c:67
#24 0x00007f5be820dc34 in gdk_event_source_dispatch
    (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at ../gtk/gdk/x11/gdkeventsource.c:367
#25 0x00007f5becab85fe in g_main_dispatch (context=0x5643783ac6a0)
    at ../glib/glib/gmain.c:3309
#26 g_main_context_dispatch (context=context at entry=0x5643783ac6a0)
    at ../glib/glib/gmain.c:3974
#27 0x00007f5becaba471 in g_main_context_iterate
    (context=0x5643783ac6a0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../glib/glib/gmain.c:4047
#28 0x00007f5becabb483 in g_main_loop_run (loop=0x56437834e490)
    at ../glib/glib/gmain.c:4241
#29 0x00007f5bec553dcf in gtk_main () at ../gtk/gtk/gtkmain.c:1328
#30 0x00005643769813af in main (argc=1, argv=0x7ffe0018aec8)
    at /home/hussam/cache/system/gnome/evolution/src/evolution/src/shell/main.c:694

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200922/ea0c59b1/attachment-0001.htm>