[Webkit-unassigned] [Bug 226811] New: [GTK] Crash when dragging an account node above WebView
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jun 9 03:50:54 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=226811
Bug ID: 226811
Summary: [GTK] Crash when dragging an account node above
WebView
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKitGTK
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcrha at redhat.com
CC: bugs-noreply at webkitgtk.org
Moving this from a downstream bug report:
https://gitlab.gnome.org/GNOME/evolution/-/issues/1526
In Evolution, when a user drags a mail account node above the composer window, WebKitGTK crashes the application. The preview panel doesn't do that. When I try the "drag above" with the MiniBrowser, then it crashes regardless whether it's being in the editor mode or not.
This is with evolution 3.40.1-1 (from Debian experimental), webkit 2.32.1-1 and GNOME 3.38 on Debian bullseye. (I see that with Fedora 34 and the same evo/WebKitGTK versions as well).
The downstream bug report contains a whole backtrace, with all threads, but it's too long. See it attached at the end of the description there, if needed.
#0 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
set = {__val = {0, 42, 834, 5, 94402006640432, 94402006649584, 139949534068928, 94401995203384, 4, 94402006649584, 4, 139949533776257, 140735894193728, 94402029678352, 94401996349664, 140735894194048}}
pid = <optimized out>
tid = <optimized out>
#1 0x00007f488f12b537 in __GI_abort () at abort.c:79
save_stage = 1
act = {__sigaction_handler = {sa_handler = 0x55dbae126840, sa_sigaction = 0x55dbae126840}, sa_mask = {__val = {139949533666252, 0, 0, 94401995203384, 3584923175664, 139948495672560, 94401995201360, 94402029678352, 9272222391884015360, 94401995203344, 94402006649584, 94401995203344, 94402006649584, 94402029678352, 139949533644401, 24395876352}}, sa_flags = -1700043008, sa_restorer = 0x55dbae128af0}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007f48899487a8 in WTF::fromUTF8Impl<false>(unsigned char const*, unsigned long) () at ../Source/WTF/wtf/text/WTFString.cpp:845
#3 0x00007f4889947e2e in WTF::String::fromUTF8(unsigned char const*, unsigned long) () at ../Source/WTF/wtf/text/WTFString.cpp:872
#4 0x00007f488c398df2 in WebKit::DropTarget::dataReceived(WebCore::IntPoint&&, _GtkSelectionData*, unsigned int, unsigned int) () at ../Source/WebKit/UIProcess/API/gtk/DropTargetGtk3.cpp:185
#5 0x00007f488c398fe4 in operator() () at ../Source/WebKit/UIProcess/API/gtk/DropTargetGtk3.cpp:85
#6 _FUN() () at ../Source/WebKit/UIProcess/API/gtk/DropTargetGtk3.cpp:85
#7 0x00007f488fd65344 in _gtk_marshal_VOID__OBJECT_INT_INT_BOXED_UINT_UINTv (closure=closure at entry=0x55dbadf4e300, return_value=return_value at entry=0x0, instance=instance at entry=0x55dbaf21f3b0, args=args at entry=0x7fffa0fb13f8, marshal_data=marshal_data at entry=0x0, n_params=n_params at entry=6, param_types=0x55dbacdeafb0) at gtkmarshalers.c:5998
data1 = 0x55dbaf21f3b0
data2 = <optimized out>
callback = 0x7f488c398f90 <_FUN()>
arg0 = 0x55dbace0f010
arg1 = 0
arg2 = -1894507295
arg3 = 0x7fffa0fb1980
arg4 = 2700805552
arg5 = 2700805552
args_copy = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7fffa0fb1540, reg_save_area = 0x7fffa0fb1440}}
#8 0x00007f488f6e0889 in _g_closure_invoke_va (closure=closure at entry=0x55dbadf4e300, return_value=return_value at entry=0x0, instance=instance at entry=0x55dbaf21f3b0, args=args at entry=0x7fffa0fb13f8, n_params=6, param_types=0x55dbacdeafb0) at ../../../gobject/gclosure.c:873
marshal = 0x7f488fd651f0 <_gtk_marshal_VOID__OBJECT_INT_INT_BOXED_UINT_UINTv>
marshal_data = 0x0
in_marshal = 0
real_closure = 0x55dbadf4e2e0
__func__ = "_g_closure_invoke_va"
#9 0x00007f488f6f8fe8 in g_signal_emit_valist (instance=instance at entry=0x55dbaf21f3b0, signal_id=signal_id at entry=114, detail=detail at entry=0, var_args=var_args at entry=0x7fffa0fb13f8) at ../../../gobject/gsignal.c:3406
return_accu = <optimized out>
accu = {g_type = 0x0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
accumulator = 0x0
emission = {next = 0x7fffa0fb16f0, instance = 0x55dbaf21f3b0, ihint = {signal_id = 114, detail = 0, run_type = (G_SIGNAL_RUN_LAST | G_SIGNAL_ACCUMULATOR_FIRST_RUN)}, state = EMISSION_RUN, chain_type = 0x55dbae857d60 [EWebKitEditor/WebKitWebView/WebKitWebViewBase/GtkContainer/GtkWidget/GInitiallyUnowned]}
signal_id = 114
instance_type = <optimized out>
emission_return = {g_type = 0x0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
rtype = 0x4 [void]
static_scope = 0
fastpath_handler = <optimized out>
closure = <optimized out>
run_type = <optimized out>
hlist = <optimized out>
l = <optimized out>
fastpath = 1
instance_and_params = <optimized out>
signal_return_type = <optimized out>
param_values = <optimized out>
node = <optimized out>
i = <optimized out>
n_params = <optimized out>
__func__ = "g_signal_emit_valist"
#10 0x00007f488f6f93ff in g_signal_emit_by_name (instance=instance at entry=0x55dbaf21f3b0, detailed_signal=detailed_signal at entry=0x7f488fd6e6f8 "drag-data-received") at ../../../gobject/gsignal.c:3593
var_args = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffa0fb1530, reg_save_area = 0x7fffa0fb1440}}
detail = 0
signal_id = 114
itype = 0x55dbae857d60 [EWebKitEditor/WebKitWebView/WebKitWebViewBase/GtkContainer/GtkWidget/GInitiallyUnowned]
__func__ = "g_signal_emit_by_name"
#11 0x00007f488fd35d1d in gtk_drag_selection_received (widget=0x55dbadc93a30 [GtkWindow], selection_data=0x7fffa0fb1980, time=501869454, data=0x55dbaf21f3b0) at ../../../../gtk/gtkdnd.c:1189
site = <optimized out>
context = 0x55dbace0f010 [GdkWaylandDragContext]
info = 0x7f2fa06bf410
drop_widget = 0x55dbaf21f3b0 [EWebKitEditor]
target = 0x51
#12 0x00007f488fd62b7c in _gtk_marshal_VOID__BOXED_UINTv (closure=closure at entry=0x55dbaf775e50, return_value=return_value at entry=0x0, instance=instance at entry=0x55dbadc93a30, args=args at entry=0x7fffa0fb17f8, marshal_data=marshal_data at entry=0x0, n_params=n_params at entry=2, param_types=0x55dbace09580) at gtkmarshalers.c:3607
data1 = 0x55dbadc93a30
data2 = <optimized out>
callback = 0x7f488fd35be0 <gtk_drag_selection_received>
arg0 = 0x7fffa0fb1980
arg1 = 0
args_copy = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffa0fb1930, reg_save_area = 0x7fffa0fb1840}}
#13 0x00007f488f6e0889 in _g_closure_invoke_va (closure=closure at entry=0x55dbaf775e50, return_value=return_value at entry=0x0, instance=instance at entry=0x55dbadc93a30, args=args at entry=0x7fffa0fb17f8, n_params=2, param_types=0x55dbace09580) at ../../../gobject/gclosure.c:873
marshal = 0x7f488fd62ad0 <_gtk_marshal_VOID__BOXED_UINTv>
marshal_data = 0x0
in_marshal = 0
real_closure = 0x55dbaf775e30
__func__ = "_g_closure_invoke_va"
#14 0x00007f488f6f8fe8 in g_signal_emit_valist (instance=instance at entry=0x55dbadc93a30, signal_id=signal_id at entry=102, detail=detail at entry=0, var_args=var_args at entry=0x7fffa0fb17f8) at ../../../gobject/gsignal.c:3406
return_accu = <optimized out>
accu = {g_type = 0x0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
accumulator = 0x0
emission = {next = 0x7fffa0fb1c60, instance = 0x55dbadc93a30, ihint = {signal_id = 102, detail = 0, run_type = (G_SIGNAL_RUN_FIRST | G_SIGNAL_ACCUMULATOR_FIRST_RUN)}, state = EMISSION_RUN, chain_type = 0x55dbacdf0a70 [GtkWindow/GtkBin/GtkContainer/GtkWidget/GInitiallyUnowned]}
signal_id = 102
instance_type = <optimized out>
emission_return = {g_type = 0x0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
rtype = 0x4 [void]
static_scope = 0
fastpath_handler = <optimized out>
closure = <optimized out>
run_type = <optimized out>
hlist = <optimized out>
l = <optimized out>
fastpath = 1
instance_and_params = <optimized out>
signal_return_type = <optimized out>
param_values = <optimized out>
node = <optimized out>
i = <optimized out>
n_params = <optimized out>
__func__ = "g_signal_emit_valist"
#15 0x00007f488f6f93ff in g_signal_emit_by_name (instance=0x55dbadc93a30, detailed_signal=detailed_signal at entry=0x7f488fdcb20f "selection-received") at ../../../gobject/gsignal.c:3593
var_args = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffa0fb1930, reg_save_area = 0x7fffa0fb1840}}
detail = 0
signal_id = 102
itype = 0x55dbacdf0a70 [GtkWindow/GtkBin/GtkContainer/GtkWidget/GInitiallyUnowned]
__func__ = "g_signal_emit_by_name"
#16 0x00007f488fc47b64 in gtk_selection_retrieval_report (time=501869454, length=<optimized out>, buffer=<optimized out>, format=<optimized out>, type=<optimized out>, info=0x55dbad975840) at ../../../../gtk/gtkselection.c:3079
data = {selection = 0x46, target = 0x51, type = 0x0, format = 0, data = 0x0, length = -1, display = 0x55dbacda0130 [GdkWaylandDisplay]}
owner_widget = <optimized out>
owner_widget_ptr = 0x55dbadc93790
selection_data = {selection = 0x46, target = 0x51, type = 0x0, format = 0, data = 0x0, length = -1, display = 0x55dbacda0130 [GdkWaylandDisplay]}
info = 0x55dbad975840
tmp_list = <optimized out>
owner_window = <optimized out>
display = 0x55dbacda0130 [GdkWaylandDisplay]
id = <optimized out>
__func__ = "gtk_selection_convert"
#17 gtk_selection_convert (widget=0x55dbadc93a30 [GtkWindow], selection=0x46, target=0x51, time_=501869454) at ../../../../gtk/gtkselection.c:1172
owner_widget = <optimized out>
owner_widget_ptr = 0x55dbadc93790
selection_data = {selection = 0x46, target = 0x51, type = 0x0, format = 0, data = 0x0, length = -1, display = 0x55dbacda0130 [GdkWaylandDisplay]}
info = 0x55dbad975840
tmp_list = <optimized out>
owner_window = <optimized out>
display = 0x55dbacda0130 [GdkWaylandDisplay]
id = <optimized out>
__func__ = "gtk_selection_convert"
#18 0x00007f488c399837 in WebKit::DropTarget::accept(_GdkDragContext*, WTF::Optional<WebCore::IntPoint>, unsigned int) () at ../Source/WebKit/UIProcess/API/gtk/DropTargetGtk3.cpp:140
#19 0x00007f488c399a6a in operator() () at ../Source/WebKit/UIProcess/API/gtk/DropTargetGtk3.cpp:59
#20 _FUN() () at ../Source/WebKit/UIProcess/API/gtk/DropTargetGtk3.cpp:59
#25 0x00007f488f6f93ff in <emit signal 0x7f488fd9e4ad "drag-motion" on instance 0x55dbaf21f3b0 [EWebKitEditor]> (instance=instance at entry=0x55dbaf21f3b0, detailed_signal=detailed_signal at entry=0x7f488fd9e4ad "drag-motion") at ../../../gobject/gsignal.c:3593
var_args = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7fffa0fb2010, reg_save_area = 0x7fffa0fb1f20}}
detail = 0
signal_id = 111
itype = 0x55dbae857d60 [EWebKitEditor/WebKitWebView/WebKitWebViewBase/GtkContainer/GtkWidget/GInitiallyUnowned]
__func__ = "g_signal_emit_by_name"
#21 0x00007f488fd5eaa7 in _gtk_marshal_BOOLEAN__OBJECT_INT_INT_UINT (closure=closure at entry=0x55dbad923170, return_value=return_value at entry=0x7fffa0fb1c90, n_param_values=n_param_values at entry=5, param_values=param_values at entry=0x7fffa0fb1cf0, invocation_hint=invocation_hint at entry=0x7fffa0fb1c70, marshal_data=marshal_data at entry=0x0) at gtkmarshalers.c:826
cc = 0x55dbad923170
data1 = 0x55dbaf21f3b0
data2 = <optimized out>
callback = 0x7f488c399a30 <_FUN()>
v_return = <optimized out>
__func__ = "_gtk_marshal_BOOLEAN__OBJECT_INT_INT_UINT"
#22 0x00007f488f6e065f in g_closure_invoke (closure=0x55dbad923170, return_value=return_value at entry=0x7fffa0fb1c90, n_param_values=5, param_values=param_values at entry=0x7fffa0fb1cf0, invocation_hint=invocation_hint at entry=0x7fffa0fb1c70) at ../../../gobject/gclosure.c:810
marshal = 0x7f488fd5ea30 <_gtk_marshal_BOOLEAN__OBJECT_INT_INT_UINT>
marshal_data = 0x0
in_marshal = 0
real_closure = 0x55dbad923150
__func__ = "g_closure_invoke"
#23 0x00007f488f6f2ba2 in signal_emit_unlocked_R (node=<optimized out>, detail=detail at entry=0, instance=instance at entry=0x55dbaf21f3b0, emission_return=emission_return at entry=0x7fffa0fb1e20, instance_and_params=instance_and_params at entry=0x7fffa0fb1cf0) at ../../../gobject/gsignal.c:3812
tmp = <optimized out>
handler = 0x55dbaf9b2e00
accumulator = 0x55dbace0a470
emission = {next = 0x0, instance = 0x55dbaf21f3b0, ihint = {signal_id = 111, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 0x4 [void]}
class_closure = 0x55dbacd687e0
hlist = <optimized out>
handler_list = <optimized out>
return_accu = 0x7fffa0fb1c90
accu = {g_type = 0x14 [gboolean], data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
signal_id = 111
max_sequential_handler_number = 2726343
return_value_altered = <optimized out>
#24 0x00007f488f6f87f9 in g_signal_emit_valist (instance=instance at entry=0x55dbaf21f3b0, signal_id=signal_id at entry=111, detail=detail at entry=0, var_args=var_args at entry=0x7fffa0fb1ed8) at ../../../gobject/gsignal.c:3507
return_value = {g_type = 0x14 [gboolean], data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
error = 0x0
rtype = 0x14 [gboolean]
static_scope = 0
instance_and_params = 0x7fffa0fb1cf0
signal_return_type = <optimized out>
param_values = 0x7fffa0fb1d08
node = <optimized out>
i = <optimized out>
n_params = <optimized out>
__func__ = "g_signal_emit_valist"
#26 0x00007f488fd36bea in gtk_drag_dest_motion (widget=widget at entry=0x55dbaf21f3b0 [EWebKitEditor], context=context at entry=0x55dbace0f010 [GdkWaylandDragContext], x=206, y=3, time=time at entry=501869454) at ../../../../gtk/gtkdnd.c:1572
site = 0x55dbafc1a2a0
action = <optimized out>
retval = -1881198131
__func__ = "gtk_drag_dest_motion"
#27 0x00007f488fd37159 in gtk_drag_find_widget (callback=0x7f488fd36a90 <gtk_drag_dest_motion>, time=501869454, y=<optimized out>, x=<optimized out>, info=0x7f2fa06bf410, context=0x55dbace0f010 [GdkWaylandDragContext], widget=0x55dbaf21f3b0 [EWebKitEditor]) at ../../../../gtk/gtkdnd.c:1270
parent = 0x0
hierarchy = 0x55dbae94c660 = {0x55dbaf828780, 0x55dbaf7fe470, 0x55dbad83baa0, 0x55dbaf7fe9f0, 0x55dbaf243f10, 0x55dbaf21f3b0}
found = 0
window = <optimized out>
tx = 0
ty = 0
found = <optimized out>
info = 0x7f2fa06bf410
context = 0x55dbace0f010 [GdkWaylandDragContext]
__func__ = "_gtk_drag_dest_handle_event"
#28 _gtk_drag_dest_handle_event (toplevel=toplevel at entry=0x55dbaf828780 [EMsgComposer], event=event at entry=0x55dbb19cc5c0) at ../../../../gtk/gtkdnd.c:1091
window = <optimized out>
tx = 0
ty = 0
found = <optimized out>
info = 0x7f2fa06bf410
context = 0x55dbace0f010 [GdkWaylandDragContext]
__func__ = "_gtk_drag_dest_handle_event"
#29 0x00007f488fbbc91b in gtk_main_do_event (event=0x55dbb19cc5c0) at ../../../../gtk/gtkmain.c:1938
grab_widget = <optimized out>
window_group = 0x55dbb0708aa0 [GtkWindowGroup]
rewritten_event = <optimized out>
device = 0x55dbace0f0c0 [GdkWaylandDevice]
tmp_list = <optimized out>
event_widget = 0x55dbaf828780 [EMsgComposer]
topmost_widget = <optimized out>
__func__ = "gtk_main_do_event"
__func__ = "gtk_main_do_event"
#30 gtk_main_do_event (event=<optimized out>) at ../../../../gtk/gtkmain.c:1690
__func__ = "gtk_main_do_event"
#31 0x00007f488f039785 in _gdk_event_emit (event=event at entry=0x55dbb19cc5c0) at ../../../../gdk/gdkevents.c:73
#32 0x00007f488f0993a2 in gdk_event_source_dispatch (base=<optimized out>, callback=<optimized out>, data=<optimized out>) at ../../../../../gdk/wayland/gdkeventsource.c:124
source = <optimized out>
display = <optimized out>
event = 0x55dbb19cc5c0
#33 0x00007f488f5ec85b in g_main_dispatch (context=0x55dbacdb1860) at ../../../glib/gmain.c:3337
dispatch = 0x7f488f099380 <gdk_event_source_dispatch>
prev_source = 0x0
begin_time_nsec = 0
was_in_call = 0
user_data = 0x0
callback = 0x0
cb_funcs = <optimized out>
cb_data = <optimized out>
need_destroy = <optimized out>
source = 0x55dbacdc4020
current = 0x55dbacd7f640
i = 0
__func__ = "g_main_dispatch"
#34 g_main_context_dispatch (context=0x55dbacdb1860) at ../../../glib/gmain.c:4055
#35 0x00007f488f5ecb08 in g_main_context_iterate (context=0x55dbacdb1860, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../../../glib/gmain.c:4131
max_priority = 2147483647
timeout = 47
some_ready = 1
nfds = <optimized out>
allocated_nfds = <optimized out>
fds = 0x55dbb16911b0
#36 0x00007f488f5ecdfb in g_main_loop_run (loop=loop at entry=0x55dbad53cc80) at ../../../glib/gmain.c:4329
__func__ = "g_main_loop_run"
#37 0x00007f488fbbba55 in gtk_main () at ../../../../gtk/gtkmain.c:1328
loop = 0x55dbad53cc80
#38 0x000055dbab65fec2 in main (argc=<optimized out>, argv=<optimized out>) at ./src/shell/main.c:681
shell = 0x55dbad1b71d0 [EShell]
settings = <optimized out>
success = 1
error = 0x0
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210609/ea95fbc2/attachment-0001.htm>
More information about the webkit-unassigned
mailing list