[webkit-changes] [WebKit/WebKit] 1ebe54: REGRESSION(309943@main): Crashing under WebViewImp...

Thu, 09 Apr 2026 00:36:26 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 1ebe546b649dafed99e73e2da5f3cfc417422abb
      
https://github.com/WebKit/WebKit/commit/1ebe546b649dafed99e73e2da5f3cfc417422abb
  Author: Abrar Rahman Protyasha <[email protected]>
  Date:   2026-04-09 (Thu, 09 Apr 2026)

  Changed paths:
    M Source/WebKit/UIProcess/mac/WebViewImpl.mm
    A Tools/TestWebKitAPI/Resources/cocoa/draggable-with-tiny-drag-image.html
    M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/mac/DragAndDropTestsMac.mm

  Log Message:
  -----------
  REGRESSION(309943@main): Crashing under WebViewImpl::startDrag() on sub-pixel 
drag images
https://bugs.webkit.org/show_bug.cgi?id=311757
rdar://174306324

Reviewed by Richard Robinson and Aditya Keerthi.

NSDraggingItem.setDraggingFrame: throws NSRangeException for zero-size
frame rects. This was silently allowed prior to 309943@main by the older
dragImage: API. The frame is represented as an IntSize, so on a 2x
display, a 1×1 pixel bitmap scales to { 0, 0 }, leading to the problem.

In practice, this happens when sites call DataTransfer.setDragImage()
with a disconnected 1x1 <img> element (Slack does this). Since the image
elmeent is not connected, we store the cached image in m_dragImage
rather than the element in m_dragImageElement, following which we
snapshot this cached image, returning the raw pixel data - 1x1 sized.

This is not a problem for connected image elments since snapshotting
would render at CSS layout size in device pixels (i.e. producing a 2x2
bitmap in this case).

We fix this by simply using FloatSize instead of IntSize to preserve
sub-pixel frame sizes.

Tests: 
TestWebKitAPI.DragAndDropTests.DraggableElementWithTinyDragImageDoesNotCrash

* Source/WebKit/UIProcess/mac/WebViewImpl.mm:
(WebKit::WebViewImpl::startDrag):
* Tools/TestWebKitAPI/Resources/cocoa/draggable-with-tiny-drag-image.html: 
Added.
* Tools/TestWebKitAPI/Tests/WebKit/WKWebView/mac/DragAndDropTestsMac.mm:
(TEST(DragAndDropTests, DraggableElementWithTinyDragImageDoesNotCrash)):

Canonical link: https://commits.webkit.org/310831@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to