Changeset 195586 in webkit


Ignore:
Timestamp:
Jan 26, 2016 1:45:51 AM (8 years ago)
Author:
mario@webkit.org
Message:

[GTK] WebProcess crashes when quickly attempting many DnD operations
https://bugs.webkit.org/show_bug.cgi?id=138468

Reviewed by Michael Catanzaro.

Source/WebKit2:

Do not allow different DnD operations over the same element at the
same time, so that any new attempt to DnD an element happening before
a previous attempt has ended will take precedence, cancelling the older
operation before going ahead with the new one.

This is consistent with how WebCore::EventHandler handles DnD operations,
preventing the web process from crashing in scenarios where the user might
try to perform many DnD operations over the same element very quickly.

  • UIProcess/gtk/DragAndDropHandler.cpp:

(WebKit::DragAndDropHandler::DragAndDropHandler): Initialized new member.
(WebKit::DragAndDropHandler::startDrag): Ensure a previous DnD operation
is cancelled before handling the new one that has just started.
(WebKit::DragAndDropHandler::fillDragData): Protect against calling this
function from webkitWebViewBaseDragDataGet for already cancelled operations.
(WebKit::DragAndDropHandler::finishDrag): Protect against calling this
function from webkitWebViewBaseDragEnd for already cancelled operations.

  • UIProcess/gtk/DragAndDropHandler.h:

LayoutTests:

New test added to check that the web process does not crash when multiple
DnD operations are quickly attempted over the same draggable element.

  • fast/events/drag-and-drop-link-fast-multiple-times-does-not-crash-expected.txt: Added.
  • fast/events/drag-and-drop-link-fast-multiple-times-does-not-crash.html: Added.

Added the new test to the failure expectations for mac-wk2, as there's no
suitable implementation of eventSender in place yet (see bug 42194).

  • platform/mac-wk2/TestExpectations: Added failure expectation for the new test.
Location:
trunk
Files:
2 added
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r195583 r195586  
     12016-01-26  Mario Sanchez Prada  <mario@endlessm.com>
     2
     3        [GTK] WebProcess crashes when quickly attempting many DnD operations
     4        https://bugs.webkit.org/show_bug.cgi?id=138468
     5
     6        Reviewed by Michael Catanzaro.
     7
     8        New test added to check that the web process does not crash when multiple
     9        DnD operations are quickly attempted over the same draggable element.
     10
     11        * fast/events/drag-and-drop-link-fast-multiple-times-does-not-crash-expected.txt: Added.
     12        * fast/events/drag-and-drop-link-fast-multiple-times-does-not-crash.html: Added.
     13
     14        Added the new test to the failure expectations for mac-wk2, as there's no
     15        suitable implementation of eventSender in place yet (see bug 42194).
     16
     17        * platform/mac-wk2/TestExpectations: Added failure expectation for the new test.
     18
    1192016-01-25  Youenn Fablet  <youenn.fablet@crf.canon.fr>
    220
  • trunk/LayoutTests/platform/mac-wk2/TestExpectations

    r194364 r195586  
    9191fast/events/drag-and-drop.html
    9292fast/events/drag-and-drop-link.html
     93fast/events/drag-and-drop-link-fast-multiple-times-does-not-crash.html
    9394fast/events/drag-in-frames.html
    9495fast/events/drag-parent-node.html
  • trunk/Source/WebKit2/ChangeLog

    r195574 r195586  
     12016-01-26  Mario Sanchez Prada  <mario@endlessm.com>
     2
     3        [GTK] WebProcess crashes when quickly attempting many DnD operations
     4        https://bugs.webkit.org/show_bug.cgi?id=138468
     5
     6        Reviewed by Michael Catanzaro.
     7
     8        Do not allow different DnD operations over the same element at the
     9        same time, so that any new attempt to DnD an element happening before
     10        a previous attempt has ended will take precedence, cancelling the older
     11        operation before going ahead with the new one.
     12
     13        This is consistent with how WebCore::EventHandler handles DnD operations,
     14        preventing the web process from crashing in scenarios where the user might
     15        try to perform many DnD operations over the same element very quickly.
     16
     17        * UIProcess/gtk/DragAndDropHandler.cpp:
     18        (WebKit::DragAndDropHandler::DragAndDropHandler): Initialized new member.
     19        (WebKit::DragAndDropHandler::startDrag): Ensure a previous DnD operation
     20        is cancelled before handling the new one that has just started.
     21        (WebKit::DragAndDropHandler::fillDragData): Protect against calling this
     22        function from webkitWebViewBaseDragDataGet for already cancelled operations.
     23        (WebKit::DragAndDropHandler::finishDrag): Protect against calling this
     24        function from webkitWebViewBaseDragEnd for already cancelled operations.
     25        * UIProcess/gtk/DragAndDropHandler.h:
     26
    1272016-01-25  Enrica Casucci  <enrica@apple.com>
    228
  • trunk/Source/WebKit2/UIProcess/gtk/DragAndDropHandler.cpp

    r191786 r195586  
    4545DragAndDropHandler::DragAndDropHandler(WebPageProxy& page)
    4646    : m_page(page)
     47    , m_dragContext(nullptr)
    4748{
    4849}
     
    111112void DragAndDropHandler::startDrag(const DragData& dragData, PassRefPtr<ShareableBitmap> dragImage)
    112113{
    113     RefPtr<DataObjectGtk> dataObject = adoptRef(dragData.platformData());
    114     GRefPtr<GtkTargetList> targetList = adoptGRef(PasteboardHelper::singleton().targetListForDataObject(dataObject.get()));
     114    m_draggingDataObject = adoptRef(dragData.platformData());
     115
     116    GRefPtr<GtkTargetList> targetList = adoptGRef(PasteboardHelper::singleton().targetListForDataObject(m_draggingDataObject.get()));
    115117    GUniquePtr<GdkEvent> currentEvent(gtk_get_current_event());
    116118
    117119    GdkDragContext* context = gtk_drag_begin(m_page.viewWidget(), targetList.get(), dragOperationToGdkDragActions(dragData.draggingSourceOperationMask()),
    118120        GDK_BUTTON_PRIMARY, currentEvent.get());
    119     m_draggingDataObjects.set(context, dataObject.get());
     121
     122    // WebCore::EventHandler does not support more than one DnD operation at the same time for
     123    // a given page, so we should cancel any previous operation whose context we might have
     124    // stored, should we receive a new startDrag event before finishing a previous DnD operation.
     125    if (m_dragContext)
     126        gtk_drag_cancel(m_dragContext.get());
     127    m_dragContext = context;
    120128
    121129    if (dragImage) {
     
    130138void DragAndDropHandler::fillDragData(GdkDragContext* context, GtkSelectionData* selectionData, unsigned info)
    131139{
    132     if (DataObjectGtk* dataObject = m_draggingDataObjects.get(context))
    133         PasteboardHelper::singleton().fillSelectionData(selectionData, info, dataObject);
     140    // This can happen when attempting to call finish drag from webkitWebViewBaseDragDataGet()
     141    // for a obsolete DnD operation that got previously cancelled in startDrag().
     142    if (m_dragContext.get() != context)
     143        return;
     144
     145    ASSERT(m_draggingDataObject);
     146    PasteboardHelper::singleton().fillSelectionData(selectionData, info, m_draggingDataObject.get());
    134147}
    135148
    136149void DragAndDropHandler::finishDrag(GdkDragContext* context)
    137150{
    138     if (!m_draggingDataObjects.remove(context))
    139         return;
     151    // This can happen when attempting to call finish drag from webkitWebViewBaseDragEnd()
     152    // for a obsolete DnD operation that got previously cancelled in startDrag().
     153    if (m_dragContext.get() != context)
     154        return;
     155
     156    if (!m_draggingDataObject)
     157        return;
     158
     159    m_dragContext = nullptr;
     160    m_draggingDataObject = nullptr;
    140161
    141162    GdkDevice* device = gdk_drag_context_get_device(context);
  • trunk/Source/WebKit2/UIProcess/gtk/DragAndDropHandler.h

    r182175 r195586  
    7575
    7676    WebPageProxy& m_page;
     77    GRefPtr<GdkDragContext> m_dragContext;
     78    RefPtr<WebCore::DataObjectGtk> m_draggingDataObject;
    7779    HashMap<GdkDragContext*, std::unique_ptr<DroppingContext>> m_droppingContexts;
    78     HashMap<GdkDragContext*, RefPtr<WebCore::DataObjectGtk>> m_draggingDataObjects;
    7980};
    8081
Note: See TracChangeset for help on using the changeset viewer.