[Webkit-unassigned] [Bug 254196] [GTK] Kinetic scrolling intermittently stops

Mon Oct 23 17:37:28 PDT 2023

https://bugs.webkit.org/show_bug.cgi?id=254196

--- Comment #9 from Michael Catanzaro <mcatanzaro at redhat.com> ---
#25 0x00007ffff72b165e in gtk_widget_event (widget=widget at entry=0x555557088fd0 [EphyWebView], event=event at entry=0x5555576789d0 [GdkScrollEvent], target=target at entry=0x5555575ece70 [WebKitWebViewBase]) at ../gtk/gtkwidget.c:4775
        return_val = <optimized out>
        x = 4.6355722553119971e-310
        y = 0

Presumably the x value is messed up? I guess this means "scroll horizontally, but only an infinitesimally tiny distance"?

#9  0x00007ffff3080904 in webkitWebViewBaseSynthesizeWheelEvent(_WebKitWebViewBase*, double, double, int, int, WheelEventPhase, WheelEventPhase, bool) (webViewBase=0x3c0, deltaX=6.9533558071543795e-310, deltaY=6.9533482728850466e-310, x=1, y=0, phase=7, momentumPhase=WheelEventPhase::NoPhase, hasPreciseDeltas=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp:3347

OK, so not only are the scroll deltas messed up, but somehow webViewBase=0x3c0 which indicates memory corruption because we know the actual WebKitWebViewBase is at 0x555557088fd0 due to the other frames of the stack.

PageClientImpl contains a non-weak raw pointer to the viewWidget (the WebKitWebViewBase). Somehow that must have been corrupted, but how?

valgrind could catch this, but running Epiphany under valgrind for long enough to reproduce the bug is surely not practical. asan could work too, but then you'd have to figure out how to build with asan enabled, which is not easy.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20231024/50dec670/attachment-0001.htm>