<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - [GTK] Crash performing drag-and-drop"

   href="https://bugs.webkit.org/show_bug.cgi?id=146267">146267</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>[GTK] Crash performing drag-and-drop

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>WebKit

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>528+ (Nightly build)

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>Normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P2

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>WebKit Gtk

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>webkit-unassigned&#64;lists.webkit.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>mcatanzaro&#64;igalia.com

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=255454" name="attach_255454" title="backtrace">attachment 255454</a> <a href="attachment.cgi?id=255454&amp;action=edit" title="backtrace">[details]</a></span>

backtrace

Try to drag and drop anything from the web view with GTK+ 3.17.2 or higher. The UI process will crash with the attached backtrace.

The problem is in WebKit::DragAndDropHandler::startDrag:

GUniquePtr&lt;GdkEvent&gt; currentEvent(gtk_get_current_event());

GdkDragContext* context = gtk_drag_begin(m_page.viewWidget(), targetList.get(), dragOperationToGdkDragActions(dragData.draggingSourceOperationMask()),

    GDK_BUTTON_PRIMARY, currentEvent.get());

gtk_get_current_event is nullable but the last parameter to gtk_drag_begin is not, so we should check to ensure it is not null here. This of course does not fix drag and drop, but it does fix the crash. Without this, the web process could force the UI process to crash by sending fake startDrag messages.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>