[Webkit-unassigned] [Bug 282384] New: Crash in WebKit::WebPageProxy::sendWheelEvent

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 31 06:23:37 PDT 2024 

https://bugs.webkit.org/show_bug.cgi?id=282384

            Bug ID: 282384
           Summary: Crash in WebKit::WebPageProxy::sendWheelEvent
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit2
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at redhat.com
                CC: kkinnunen at apple.com

(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo at entry=6, no_tid=no_tid at entry=0) at pthread_kill.c:44
#1  0x00007f344273be03 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78
#2  0x00007f34426e308e in __GI_raise (sig=sig at entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007f34426ca882 in __GI_abort () at abort.c:79
#4  0x00007f343e0e8ddf in WTFCrashWithInfo () at WTF/Headers/wtf/Assertions.h:864
#5  0x00007f343e5329d6 in WebKit::AuxiliaryProcessProxy::connection (this=0x0)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/AuxiliaryProcessProxy.h:131
#6  WebKit::WebPageProxy::sendWheelEvent
    (this=0x7f342570dd80, frameID=..., event=..., processingSteps=..., rubberBandableEdges=..., willStartSwipe=std::optional [no contained value], wasHandledForScrolling=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/WebPageProxy.cpp:3807
#7  0x00007f343e5322d8 in WebKit::WebPageProxy::continueWheelEventHandling
    (this=0x7f342570dd80, wheelEvent=..., result=..., willStartSwipe=std::optional [no contained value])
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/WebPageProxy.cpp:3798
#8  0x00007f343e532096 in WebKit::WebPageProxy::handleWheelEvent (this=0x7f342570dd80, wheelEvent=...)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/WebPageProxy.cpp:3767
#9  WebKit::WebPageProxy::handleNativeWheelEvent (this=0x7f342570dd80, nativeWheelEvent=<optimized out>)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/WebPageProxy.cpp:3758
#10 0x00007f343e63e9ae in handleScroll
    (webViewBase=0x55cd50dc5200 [EphyWebView], deltaX=<error reading variable: That operation is not available on integers of more than 8 bytes.>, deltaY=<error reading variable: That operation is not available on integers of more than 8 bytes.>, isEnd=false, eventController=<optimized out>)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp:1650
#15 0x00007f34436d41b3 in <emit signal 'scroll' on instance 0x55cd52594f00 [GtkEventControllerScroll]>
    (instance=instance at entry=0x55cd52594f00, signal_id=<optimized out>, detail=detail at entry=0) at ../gobject/gsignal.c:3582

Crash is here:

void WebPageProxy::sendWheelEvent(WebCore::FrameIdentifier frameID, const WebWheelEvent& event, OptionSet<WheelEventProcessingSteps> processingSteps, RectEdges<bool> rubberBandableEdges, std::optional<bool> willStartSwipe, bool wasHandledForScrolling)
{
#if HAVE(DISPLAY_LINK)
    internals().wheelEventActivityHysteresis.impulse();
#endif

    Ref connection = m_legacyMainFrameProcess->connection();

AuxiliaryProcessProxy::connection returns a RefPtr, but we incorrectly assume that it's not nul and assign it directly to a Ref.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20241031/b85c72d9/attachment-0001.htm>

More information about the webkit-unassigned mailing list