fix: don't return a nullptr from TargetForRect#51586
Merged
Merged
Conversation
jkleinsc
previously requested changes
May 12, 2026
jkleinsc
left a comment
Member
There was a problem hiding this comment.
Needs changes as specified by clang-tidy: https://github.com/electron/electron/actions/runs/25694157588/job/75445336029?pr=51586#step:19:63
Contributor
Author
|
I forgot to escape my backticks in my last commit message. It was supposed to be |
Member
|
Marking as It's also marked as needing manual for 41-x-y. If/when that happens, this should get backported to that branch too. |
3 tasks
VerteDinde
approved these changes
May 13, 2026
Member
|
Fast-tracking this, as it fixes an active crash in a production build |
|
Release Notes Persisted
|
Contributor
|
I have automatically backported this PR to "42-x-y", please check out #51605 |
Contributor
|
I have automatically backported this PR to "43-x-y", please check out #51606 |
Member
|
/trop run backport-to 41-x-y |
Contributor
|
The backport process for this PR has been manually initiated - sending your PR to |
Contributor
|
I was unable to backport this PR to "41-x-y" cleanly; |
Contributor
|
@VerteDinde has manually backported this PR to "41-x-y", please check out #51611 |
Member
|
@ckerr Correct me if I'm wrong, but I don't think the original issue ever landed in 41-x-y? Looks like it was slated to be backported, but never was |
3 tasks
MarshallOfSound
added a commit
that referenced
this pull request
May 14, 2026
fix: simplify content_view_ hit-test transparency on macOS Replace the RootViewMac-level TargetForRect override added in #51586 with a DoesIntersectRect override on content_view_'s own targeter, restoring the structure of #50330 but fixing its actual defect. The original bug (#51576) was that ContentViewTargeterDelegate::TargetForRect returned nullptr when no descendant covered the hit rect, violating the ViewTargeterDelegate contract. RootView::UpdateCursor and RootView::HandleMouseEnteredOrMoved dereference GetEventHandlerForPoint() without null checks, so the nullptr crashed with SIGSEGV when a right-click in a -webkit-app-region: drag region disabled the HTCAPTION early-exit. #51586 fixed the crash by moving the transparency logic to RootViewMac and re-implementing the parent targeter's child-walk loop so it could skip content_view_ and return a sibling instead. That re-implementation duplicates ~25 lines of upstream logic with a subtle rounding divergence (ToEnclosedRectIgnoringError vs ToEnclosingRect), and threads a new content_view_hit_test_transparent_ flag through the platform-neutral NativeWindow/BrowserWindow headers. The same fall-through can be achieved with the existing hit-test hook: override DoesIntersectRect on content_view_ to return false when no visible, processable child intersects the rect. The parent's default TargetForRect loop already skips children whose HitTestRect is false, so hit-testing naturally continues to the WebContentsView sibling and resolves to its NativeViewHost (kSubView) without ever returning nullptr from TargetForRect or re-implementing the walk. This reverts the NativeWindow flag, the BrowserWindow constructor change, and the RootViewMacTargeterDelegate, leaving the fix entirely in native_window_mac.mm at the same install site as #50330.
This was referenced May 14, 2026
VerteDinde
added a commit
that referenced
this pull request
May 14, 2026
Backport of #51617 to 42-x-y. Replace the RootViewMac-level TargetForRect override added in #51586 with a DoesIntersectRect override on content_view_'s own targeter, restoring the structure of #50330 but fixing its actual defect. The original bug (#51576) was that ContentViewTargeterDelegate::TargetForRect returned nullptr when no descendant covered the hit rect, violating the ViewTargeterDelegate contract. RootView::UpdateCursor and RootView::HandleMouseEnteredOrMoved dereference GetEventHandlerForPoint() without null checks, so the nullptr crashed with SIGSEGV when a right-click in a -webkit-app-region: drag region disabled the HTCAPTION early-exit. #51586 fixed the crash by moving the transparency logic to RootViewMac and re-implementing the parent targeter's child-walk loop so it could skip content_view_ and return a sibling instead. That re-implementation duplicates ~25 lines of upstream logic with a subtle rounding divergence (ToEnclosedRectIgnoringError vs ToEnclosingRect), and threads a new content_view_hit_test_transparent_ flag through the platform-neutral NativeWindow/BrowserWindow headers. The same fall-through can be achieved with the existing hit-test hook: override DoesIntersectRect on content_view_ to return false when no visible, processable child intersects the rect. The parent's default TargetForRect loop already skips children whose HitTestRect is false, so hit-testing naturally continues to the WebContentsView sibling and resolves to its NativeViewHost (kSubView) without ever returning nullptr from TargetForRect or re-implementing the walk. This reverts the NativeWindow flag, the BrowserWindow constructor change, and the RootViewMacTargeterDelegate, leaving the fix entirely in native_window_mac.mm at the same install site as #50330. Co-authored-by: Claude <svc-devxp-claude@slack-corp.com>
VerteDinde
added a commit
that referenced
this pull request
May 15, 2026
Backport of #51617 to 43-x-y. Replace the RootViewMac-level TargetForRect override added in #51586 with a DoesIntersectRect override on content_view_'s own targeter, restoring the structure of #50330 but fixing its actual defect. The original bug (#51576) was that ContentViewTargeterDelegate::TargetForRect returned nullptr when no descendant covered the hit rect, violating the ViewTargeterDelegate contract. RootView::UpdateCursor and RootView::HandleMouseEnteredOrMoved dereference GetEventHandlerForPoint() without null checks, so the nullptr crashed with SIGSEGV when a right-click in a -webkit-app-region: drag region disabled the HTCAPTION early-exit. #51586 fixed the crash by moving the transparency logic to RootViewMac and re-implementing the parent targeter's child-walk loop so it could skip content_view_ and return a sibling instead. That re-implementation duplicates ~25 lines of upstream logic with a subtle rounding divergence (ToEnclosedRectIgnoringError vs ToEnclosingRect), and threads a new content_view_hit_test_transparent_ flag through the platform-neutral NativeWindow/BrowserWindow headers. The same fall-through can be achieved with the existing hit-test hook: override DoesIntersectRect on content_view_ to return false when no visible, processable child intersects the rect. The parent's default TargetForRect loop already skips children whose HitTestRect is false, so hit-testing naturally continues to the WebContentsView sibling and resolves to its NativeViewHost (kSubView) without ever returning nullptr from TargetForRect or re-implementing the walk. This reverts the NativeWindow flag, the BrowserWindow constructor change, and the RootViewMacTargeterDelegate, leaving the fix entirely in native_window_mac.mm at the same install site as #50330. Co-authored-by: Claude <svc-devxp-claude@slack-corp.com>
ckerr
pushed a commit
that referenced
this pull request
May 19, 2026
fix: simplify content_view_ hit-test transparency on macOS Replace the RootViewMac-level TargetForRect override added in #51586 with a DoesIntersectRect override on content_view_'s own targeter, restoring the structure of #50330 but fixing its actual defect. The original bug (#51576) was that ContentViewTargeterDelegate::TargetForRect returned nullptr when no descendant covered the hit rect, violating the ViewTargeterDelegate contract. RootView::UpdateCursor and RootView::HandleMouseEnteredOrMoved dereference GetEventHandlerForPoint() without null checks, so the nullptr crashed with SIGSEGV when a right-click in a -webkit-app-region: drag region disabled the HTCAPTION early-exit. re-implementing the parent targeter's child-walk loop so it could skip content_view_ and return a sibling instead. That re-implementation duplicates ~25 lines of upstream logic with a subtle rounding divergence (ToEnclosedRectIgnoringError vs ToEnclosingRect), and threads a new content_view_hit_test_transparent_ flag through the platform-neutral NativeWindow/BrowserWindow headers. The same fall-through can be achieved with the existing hit-test hook: override DoesIntersectRect on content_view_ to return false when no visible, processable child intersects the rect. The parent's default TargetForRect loop already skips children whose HitTestRect is false, so hit-testing naturally continues to the WebContentsView sibling and resolves to its NativeViewHost (kSubView) without ever returning nullptr from TargetForRect or re-implementing the walk. This reverts the NativeWindow flag, the BrowserWindow constructor change, and the RootViewMacTargeterDelegate, leaving the fix entirely in native_window_mac.mm at the same install site as #50330. Co-authored-by: GitHub Copilot <copilot@github.com>
jkleinsc
pushed a commit
that referenced
this pull request
May 27, 2026
* chore: remove macos hittest workaround patch Reverts the temporary Chromium patch and restores the original macOS hit-test workaround behavior in Electron. Co-authored-by: Charles Kerr <charles@charleskerr.com> * fix: do not return root from TargetForRect Restore the macOS hit-testing behavior that keeps BrowserWindow web contents interactive when content_view_ has no matching child. Co-authored-by: Charles Kerr <charles@charleskerr.com> * refactor: simplify content_view_ hit-test transparency on macOS (#51617) fix: simplify content_view_ hit-test transparency on macOS Replace the RootViewMac-level TargetForRect override added in #51586 with a DoesIntersectRect override on content_view_'s own targeter, restoring the structure of #50330 but fixing its actual defect. The original bug (#51576) was that ContentViewTargeterDelegate::TargetForRect returned nullptr when no descendant covered the hit rect, violating the ViewTargeterDelegate contract. RootView::UpdateCursor and RootView::HandleMouseEnteredOrMoved dereference GetEventHandlerForPoint() without null checks, so the nullptr crashed with SIGSEGV when a right-click in a -webkit-app-region: drag region disabled the HTCAPTION early-exit. re-implementing the parent targeter's child-walk loop so it could skip content_view_ and return a sibling instead. That re-implementation duplicates ~25 lines of upstream logic with a subtle rounding divergence (ToEnclosedRectIgnoringError vs ToEnclosingRect), and threads a new content_view_hit_test_transparent_ flag through the platform-neutral NativeWindow/BrowserWindow headers. The same fall-through can be achieved with the existing hit-test hook: override DoesIntersectRect on content_view_ to return false when no visible, processable child intersects the rect. The parent's default TargetForRect loop already skips children whose HitTestRect is false, so hit-testing naturally continues to the WebContentsView sibling and resolves to its NativeViewHost (kSubView) without ever returning nullptr from TargetForRect or re-implementing the walk. This reverts the NativeWindow flag, the BrowserWindow constructor change, and the RootViewMacTargeterDelegate, leaving the fix entirely in native_window_mac.mm at the same install site as #50330. Co-authored-by: GitHub Copilot <copilot@github.com> --------- Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com> Co-authored-by: Noah Gregory <nmggithub@electronjs.org> Co-authored-by: Samuel Attard <sam@electronjs.org> Co-authored-by: GitHub Copilot <copilot@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of Change
Resolves #51576.
The above bug was introduced by this PR: #50330.
While well-intentioned, the choice to return
nullptrfrom a function whose contract does not explicitly allow it caused anullptr-dereference exception inside Chromium.RootView::UpdateCursorView* View::GetEventHandlerForPointView* View::GetEventHandlerForRectViewTargeter:TargetForRectreturnsnullptrRootView::UpdateCursorattempts to dereference thenullptrChecklist
npm testpassesRelease Notes
Notes: Fixed a crash on MacOS when a user clicked into a title bar or top view.