- Revision
- 195668
- Author
- [email protected]
- Date
- 2016-01-27 05:40:50 -0800 (Wed, 27 Jan 2016)
Log Message
Merge r195586 - [GTK] WebProcess crashes when quickly attempting many DnD operations
https://bugs.webkit.org/show_bug.cgi?id=138468
Reviewed by Michael Catanzaro.
Source/WebKit2:
Do not allow different DnD operations over the same element at the
same time, so that any new attempt to DnD an element happening before
a previous attempt has ended will take precedence, cancelling the older
operation before going ahead with the new one.
This is consistent with how WebCore::EventHandler handles DnD operations,
preventing the web process from crashing in scenarios where the user might
try to perform many DnD operations over the same element very quickly.
* UIProcess/gtk/DragAndDropHandler.cpp:
(WebKit::DragAndDropHandler::DragAndDropHandler): Initialized new member.
(WebKit::DragAndDropHandler::startDrag): Ensure a previous DnD operation
is cancelled before handling the new one that has just started.
(WebKit::DragAndDropHandler::fillDragData): Protect against calling this
function from webkitWebViewBaseDragDataGet for already cancelled operations.
(WebKit::DragAndDropHandler::finishDrag): Protect against calling this
function from webkitWebViewBaseDragEnd for already cancelled operations.
* UIProcess/gtk/DragAndDropHandler.h:
LayoutTests:
New test added to check that the web process does not crash when multiple
DnD operations are quickly attempted over the same draggable element.
* fast/events/drag-and-drop-link-fast-multiple-times-does-not-crash-expected.txt: Added.
* fast/events/drag-and-drop-link-fast-multiple-times-does-not-crash.html: Added.
Added the new test to the failure expectations for mac-wk2, as there's no
suitable implementation of eventSender in place yet (see bug 42194).
* platform/mac-wk2/TestExpectations: Added failure expectation for the new test.
Modified Paths
Added Paths
Diff
Modified: releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog (195667 => 195668)
--- releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog 2016-01-27 13:33:55 UTC (rev 195667)
+++ releases/WebKitGTK/webkit-2.10/LayoutTests/ChangeLog 2016-01-27 13:40:50 UTC (rev 195668)
@@ -1,3 +1,21 @@
+2016-01-26 Mario Sanchez Prada <[email protected]>
+
+ [GTK] WebProcess crashes when quickly attempting many DnD operations
+ https://bugs.webkit.org/show_bug.cgi?id=138468
+
+ Reviewed by Michael Catanzaro.
+
+ New test added to check that the web process does not crash when multiple
+ DnD operations are quickly attempted over the same draggable element.
+
+ * fast/events/drag-and-drop-link-fast-multiple-times-does-not-crash-expected.txt: Added.
+ * fast/events/drag-and-drop-link-fast-multiple-times-does-not-crash.html: Added.
+
+ Added the new test to the failure expectations for mac-wk2, as there's no
+ suitable implementation of eventSender in place yet (see bug 42194).
+
+ * platform/mac-wk2/TestExpectations: Added failure expectation for the new test.
+
2016-01-23 Wonchul Lee <[email protected]>
[GTK] Fix media controls displaying without controls attribute
Added: releases/WebKitGTK/webkit-2.10/LayoutTests/fast/events/drag-and-drop-link-fast-multiple-times-does-not-crash-expected.txt (0 => 195668)
--- releases/WebKitGTK/webkit-2.10/LayoutTests/fast/events/drag-and-drop-link-fast-multiple-times-does-not-crash-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.10/LayoutTests/fast/events/drag-and-drop-link-fast-multiple-times-does-not-crash-expected.txt 2016-01-27 13:40:50 UTC (rev 195668)
@@ -0,0 +1,35 @@
+HTML hyperlink
+
+This test checks that quickly attempting a drag'n'drop operation multiple times over the same element does not crash the web process.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+Dragging HTML hyperlink around. Attempt #1
+Dragging HTML hyperlink around. Attempt #2
+Dragging HTML hyperlink around. Attempt #3
+Dragging HTML hyperlink around. Attempt #4
+Dragging HTML hyperlink around. Attempt #5
+Dragging HTML hyperlink around. Attempt #6
+Dragging HTML hyperlink around. Attempt #7
+Dragging HTML hyperlink around. Attempt #8
+Dragging HTML hyperlink around. Attempt #9
+Dragging HTML hyperlink around. Attempt #10
+Dragging HTML hyperlink around. Attempt #11
+Dragging HTML hyperlink around. Attempt #12
+Dragging HTML hyperlink around. Attempt #13
+Dragging HTML hyperlink around. Attempt #14
+Dragging HTML hyperlink around. Attempt #15
+Dragging HTML hyperlink around. Attempt #16
+Dragging HTML hyperlink around. Attempt #17
+Dragging HTML hyperlink around. Attempt #18
+Dragging HTML hyperlink around. Attempt #19
+Dragging HTML hyperlink around. Attempt #20
+
+
+PASS dragHasStarted is true
+PASS dragHasEnded is true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: releases/WebKitGTK/webkit-2.10/LayoutTests/fast/events/drag-and-drop-link-fast-multiple-times-does-not-crash.html (0 => 195668)
--- releases/WebKitGTK/webkit-2.10/LayoutTests/fast/events/drag-and-drop-link-fast-multiple-times-does-not-crash.html (rev 0)
+++ releases/WebKitGTK/webkit-2.10/LayoutTests/fast/events/drag-and-drop-link-fast-multiple-times-does-not-crash.html 2016-01-27 13:40:50 UTC (rev 195668)
@@ -0,0 +1,89 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+<script>
+window.jsTestIsAsync = true;
+
+var htmlHyperlink;
+var dragBeginPositionX;
+var dragBeginPositionY;
+var dragEndPositionX;
+var dragEndPositionY;
+
+var dragHasStarted = false;
+var dragHasEnded = false;
+var maxNumberOfRuns = 20;
+var currentRun = 0;
+
+function finishTest()
+{
+ debug("<br>");
+ shouldBeTrue("dragHasStarted");
+ shouldBeTrue("dragHasEnded");
+ finishJSTest();
+}
+
+function dragStart(e) {
+ dragHasStarted = true;
+}
+
+function dragEnd(e) {
+ dragHasEnded = true;
+ if (currentRun < maxNumberOfRuns)
+ return;
+ window.setTimeout(finishTest, 0);
+}
+
+function dragAndDrop(beginX, beginY, endX, endY)
+{
+ if (!window.eventSender)
+ return;
+
+ eventSender.mouseMoveTo(beginX, beginY);
+ eventSender.mouseDown();
+ eventSender.leapForward(100);
+ eventSender.mouseMoveTo(endX, endY);
+ eventSender.mouseUp();
+}
+
+function runNextStep()
+{
+ if (currentRun++ >= maxNumberOfRuns)
+ return;
+
+ debug("Dragging HTML hyperlink around. Attempt #" + currentRun);
+ dragAndDrop(dragBeginPositionX, dragBeginPositionY, dragEndPositionX, dragEndPositionY);
+ window.setTimeout(runNextStep, 0);
+}
+
+function runTest()
+{
+ if (!window.testRunner)
+ return;
+
+ htmlHyperlink = document.getElementById("htmlHyperlink");
+
+ htmlHyperlink._ondragstart_ = dragStart;
+ htmlHyperlink._ondragend_ = dragEnd;
+
+ dragBeginPositionX = htmlHyperlink.offsetLeft + htmlHyperlink.offsetWidth / 2;
+ dragBeginPositionY = htmlHyperlink.offsetTop + htmlHyperlink.offsetHeight / 2;
+ dragEndPositionX = dragBeginPositionX + htmlHyperlink.offsetWidth + 50;
+ dragEndPositionY = dragBeginPositionY + htmlHyperlink.offsetHeight + 50;
+
+ runNextStep();
+}
+</script>
+</head>
+<body _onload_="runTest()">
+<p>
+ <a id="htmlHyperlink" href="" hyperlink</a>
+<p>
+<div id="console"></div>
+<script>
+description("This test checks that quickly attempting a drag'n'drop operation multiple times over the same element does not crash the web process.");
+</script>
+<script src=""
+</body>
+</html>
Modified: releases/WebKitGTK/webkit-2.10/LayoutTests/platform/mac-wk2/TestExpectations (195667 => 195668)
--- releases/WebKitGTK/webkit-2.10/LayoutTests/platform/mac-wk2/TestExpectations 2016-01-27 13:33:55 UTC (rev 195667)
+++ releases/WebKitGTK/webkit-2.10/LayoutTests/platform/mac-wk2/TestExpectations 2016-01-27 13:40:50 UTC (rev 195668)
@@ -81,6 +81,7 @@
fast/events/drag-and-drop-fire-drag-dragover.html
fast/events/drag-and-drop.html
fast/events/drag-and-drop-link.html
+fast/events/drag-and-drop-link-fast-multiple-times-does-not-crash.html
fast/events/drag-in-frames.html
fast/events/drag-parent-node.html
fast/events/dropzone-001.html
Modified: releases/WebKitGTK/webkit-2.10/Source/WebKit2/ChangeLog (195667 => 195668)
--- releases/WebKitGTK/webkit-2.10/Source/WebKit2/ChangeLog 2016-01-27 13:33:55 UTC (rev 195667)
+++ releases/WebKitGTK/webkit-2.10/Source/WebKit2/ChangeLog 2016-01-27 13:40:50 UTC (rev 195668)
@@ -1,3 +1,29 @@
+2016-01-26 Mario Sanchez Prada <[email protected]>
+
+ [GTK] WebProcess crashes when quickly attempting many DnD operations
+ https://bugs.webkit.org/show_bug.cgi?id=138468
+
+ Reviewed by Michael Catanzaro.
+
+ Do not allow different DnD operations over the same element at the
+ same time, so that any new attempt to DnD an element happening before
+ a previous attempt has ended will take precedence, cancelling the older
+ operation before going ahead with the new one.
+
+ This is consistent with how WebCore::EventHandler handles DnD operations,
+ preventing the web process from crashing in scenarios where the user might
+ try to perform many DnD operations over the same element very quickly.
+
+ * UIProcess/gtk/DragAndDropHandler.cpp:
+ (WebKit::DragAndDropHandler::DragAndDropHandler): Initialized new member.
+ (WebKit::DragAndDropHandler::startDrag): Ensure a previous DnD operation
+ is cancelled before handling the new one that has just started.
+ (WebKit::DragAndDropHandler::fillDragData): Protect against calling this
+ function from webkitWebViewBaseDragDataGet for already cancelled operations.
+ (WebKit::DragAndDropHandler::finishDrag): Protect against calling this
+ function from webkitWebViewBaseDragEnd for already cancelled operations.
+ * UIProcess/gtk/DragAndDropHandler.h:
+
2016-01-21 Simon Fraser <[email protected]>
REGRESSION (r168244): Content in horizontal-bt page is offset such that only the end is viewable and there is a white gap at the top
Modified: releases/WebKitGTK/webkit-2.10/Source/WebKit2/UIProcess/gtk/DragAndDropHandler.cpp (195667 => 195668)
--- releases/WebKitGTK/webkit-2.10/Source/WebKit2/UIProcess/gtk/DragAndDropHandler.cpp 2016-01-27 13:33:55 UTC (rev 195667)
+++ releases/WebKitGTK/webkit-2.10/Source/WebKit2/UIProcess/gtk/DragAndDropHandler.cpp 2016-01-27 13:40:50 UTC (rev 195668)
@@ -44,6 +44,7 @@
DragAndDropHandler::DragAndDropHandler(WebPageProxy& page)
: m_page(page)
+ , m_dragContext(nullptr)
{
}
@@ -110,14 +111,21 @@
void DragAndDropHandler::startDrag(const DragData& dragData, PassRefPtr<ShareableBitmap> dragImage)
{
- RefPtr<DataObjectGtk> dataObject = adoptRef(dragData.platformData());
- GRefPtr<GtkTargetList> targetList = adoptGRef(PasteboardHelper::singleton().targetListForDataObject(dataObject.get()));
+ m_draggingDataObject = adoptRef(dragData.platformData());
+
+ GRefPtr<GtkTargetList> targetList = adoptGRef(PasteboardHelper::singleton().targetListForDataObject(m_draggingDataObject.get()));
GUniquePtr<GdkEvent> currentEvent(gtk_get_current_event());
GdkDragContext* context = gtk_drag_begin(m_page.viewWidget(), targetList.get(), dragOperationToGdkDragActions(dragData.draggingSourceOperationMask()),
GDK_BUTTON_PRIMARY, currentEvent.get());
- m_draggingDataObjects.set(context, dataObject.get());
+ // WebCore::EventHandler does not support more than one DnD operation at the same time for
+ // a given page, so we should cancel any previous operation whose context we might have
+ // stored, should we receive a new startDrag event before finishing a previous DnD operation.
+ if (m_dragContext)
+ gtk_drag_cancel(m_dragContext.get());
+ m_dragContext = context;
+
if (dragImage) {
RefPtr<cairo_surface_t> image(dragImage->createCairoSurface());
// Use the center of the drag image as hotspot.
@@ -129,15 +137,28 @@
void DragAndDropHandler::fillDragData(GdkDragContext* context, GtkSelectionData* selectionData, unsigned info)
{
- if (DataObjectGtk* dataObject = m_draggingDataObjects.get(context))
- PasteboardHelper::singleton().fillSelectionData(selectionData, info, dataObject);
+ // This can happen when attempting to call finish drag from webkitWebViewBaseDragDataGet()
+ // for a obsolete DnD operation that got previously cancelled in startDrag().
+ if (m_dragContext.get() != context)
+ return;
+
+ ASSERT(m_draggingDataObject);
+ PasteboardHelper::singleton().fillSelectionData(selectionData, info, m_draggingDataObject.get());
}
void DragAndDropHandler::finishDrag(GdkDragContext* context)
{
- if (!m_draggingDataObjects.remove(context))
+ // This can happen when attempting to call finish drag from webkitWebViewBaseDragEnd()
+ // for a obsolete DnD operation that got previously cancelled in startDrag().
+ if (m_dragContext.get() != context)
return;
+ if (!m_draggingDataObject)
+ return;
+
+ m_dragContext = nullptr;
+ m_draggingDataObject = nullptr;
+
GdkDevice* device = gdk_drag_context_get_device(context);
int x = 0, y = 0;
gdk_device_get_window_at_position(device, &x, &y);
Modified: releases/WebKitGTK/webkit-2.10/Source/WebKit2/UIProcess/gtk/DragAndDropHandler.h (195667 => 195668)
--- releases/WebKitGTK/webkit-2.10/Source/WebKit2/UIProcess/gtk/DragAndDropHandler.h 2016-01-27 13:33:55 UTC (rev 195667)
+++ releases/WebKitGTK/webkit-2.10/Source/WebKit2/UIProcess/gtk/DragAndDropHandler.h 2016-01-27 13:40:50 UTC (rev 195668)
@@ -74,8 +74,9 @@
WebCore::DataObjectGtk* requestDragData(GdkDragContext*, const WebCore::IntPoint& position, unsigned time);
WebPageProxy& m_page;
+ GRefPtr<GdkDragContext> m_dragContext;
+ RefPtr<WebCore::DataObjectGtk> m_draggingDataObject;
HashMap<GdkDragContext*, std::unique_ptr<DroppingContext>> m_droppingContexts;
- HashMap<GdkDragContext*, RefPtr<WebCore::DataObjectGtk>> m_draggingDataObjects;
};
} // namespace WebKit
