From ee0a912ab4699f3e24563a856177d9b090a022fd Mon Sep 17 00:00:00 2001
From: Joerg Bornemann <joerg.bornemann@qt.io>
Date: Wed, 26 Oct 2016 14:43:54 +0200
Subject: Prevent crash with overridden drag 'n drop event handlers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Suppose the user overrides QWebEngineView::dragEnterEvent without
calling the base implementation and without overriding dragLeaveEvent.
Then our implementation will notify chromium about the drag leave
without having ever seen a drag entering and crash. Only notify chromium
about leave/drop/move events if we've notified it about the drag enter
before. Also, catch the case where the user overrides dragLeaveEvent
without calling the base implementation.

Task-number: QTBUG-54896
Change-Id: Ib958040e5fa7ecab86bac9b724d478c81a521fcc
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
---
 src/webenginewidgets/api/qwebengineview.cpp | 12 ++++++++++++
 src/webenginewidgets/api/qwebengineview_p.h |  1 +
 2 files changed, 13 insertions(+)

(limited to 'src/webenginewidgets')

diff --git a/src/webenginewidgets/api/qwebengineview.cpp b/src/webenginewidgets/api/qwebengineview.cpp
index 6171391e3..8b4053e73 100644
--- a/src/webenginewidgets/api/qwebengineview.cpp
+++ b/src/webenginewidgets/api/qwebengineview.cpp
@@ -107,6 +107,7 @@ static QAccessibleInterface *webAccessibleFactory(const QString &, QObject *obje
 QWebEngineViewPrivate::QWebEngineViewPrivate()
     : page(0)
     , m_pendingContextMenuEvent(false)
+    , m_dragEntered(false)
 {
 #ifndef QT_NO_ACCESSIBILITY
     QAccessible::installFactory(&webAccessibleFactory);
@@ -350,7 +351,10 @@ void QWebEngineView::dragEnterEvent(QDragEnterEvent *e)
 {
     Q_D(QWebEngineView);
     e->accept();
+    if (d->m_dragEntered)
+        d->page->d_ptr->adapter->leaveDrag();
     d->page->d_ptr->adapter->enterDrag(e, mapToGlobal(e->pos()));
+    d->m_dragEntered = true;
 }
 
 /*!
@@ -359,8 +363,11 @@ void QWebEngineView::dragEnterEvent(QDragEnterEvent *e)
 void QWebEngineView::dragLeaveEvent(QDragLeaveEvent *e)
 {
     Q_D(QWebEngineView);
+    if (!d->m_dragEntered)
+        return;
     e->accept();
     d->page->d_ptr->adapter->leaveDrag();
+    d->m_dragEntered = false;
 }
 
 /*!
@@ -369,6 +376,8 @@ void QWebEngineView::dragLeaveEvent(QDragLeaveEvent *e)
 void QWebEngineView::dragMoveEvent(QDragMoveEvent *e)
 {
     Q_D(QWebEngineView);
+    if (!d->m_dragEntered)
+        return;
     QtWebEngineCore::WebContentsAdapter *adapter = d->page->d_ptr->adapter.data();
     Qt::DropAction dropAction = adapter->updateDragPosition(e, mapToGlobal(e->pos()));
     if (Qt::IgnoreAction == dropAction) {
@@ -385,8 +394,11 @@ void QWebEngineView::dragMoveEvent(QDragMoveEvent *e)
 void QWebEngineView::dropEvent(QDropEvent *e)
 {
     Q_D(QWebEngineView);
+    if (!d->m_dragEntered)
+        return;
     e->accept();
     d->page->d_ptr->adapter->endDragging(e->pos(), mapToGlobal(e->pos()));
+    d->m_dragEntered = false;
 }
 
 #ifndef QT_NO_ACCESSIBILITY
diff --git a/src/webenginewidgets/api/qwebengineview_p.h b/src/webenginewidgets/api/qwebengineview_p.h
index b98c553f4..45b3e266e 100644
--- a/src/webenginewidgets/api/qwebengineview_p.h
+++ b/src/webenginewidgets/api/qwebengineview_p.h
@@ -71,6 +71,7 @@ public:
 
     QWebEnginePage *page;
     bool m_pendingContextMenuEvent;
+    bool m_dragEntered;
 };
 
 #ifndef QT_NO_ACCESSIBILITY
-- 
cgit v1.2.3