Mouse events crash when SAFE_HEAP is enabled

[paradust7]

I just upgraded emsdk and started getting a new crash.

Version of emscripten/emsdk:

emcc (Emscripten gcc/clang-like replacement + linker emulating GNU ld) 3.1.51 (c0c2ca1)
clang version 18.0.0git (https://github.com/llvm/llvm-project f2464ca317bfeeedddb7cbdea3c2c8ec487890bb)
Target: wasm32-unknown-emscripten
Thread model: posix
InstalledDir: /home/mtuser/minetest-wasm/emsdk/upstream/bin

Here's an example of the stack trace I got:

Uncaught RuntimeError: Aborted(Assertion failed: attempt to write non-integer (undefined) into integer heap)
at abort (minetest.js:613:40)
at assert (minetest.js:375:3)
at checkInt (minetest.js:887:2)
at checkInt32 (minetest.js:898:27)
at setValue_safe (minetest.js:2238:3)
at SAFE_HEAP_STORE (minetest.js:322:2)
at Object.uiEventHandlerFunc [as handlerFunc] (minetest.js:10551:3)
at jsEventHandler (minetest.js:6507:17)

Another example:

Uncaught RuntimeError: Aborted(Assertion failed: attempt to write non-integer (1364.4119319915771) into integer heap)
at abort (minetest.js:613:40)
at assert (minetest.js:375:3)
at checkInt (minetest.js:887:2)
at checkInt32 (minetest.js:898:27)
at setValue_safe (minetest.js:2238:3)
at SAFE_HEAP_STORE (minetest.js:322:2)
at fillMouseEventData (minetest.js:10427:2)
at Object.mouseEventHandlerFunc [as handlerFunc] (minetest.js:10436:3)
at HTMLCanvasElement.jsEventHandler (minetest.js:6507:17)

These are the lines triggering a crash:

emscripten/src/library_html5.js

Lines 479 to 480 in 25308a1

	HEAP32[idx + {{{ C_STRUCTS.EmscriptenMouseEvent.canvasX / 4 }}}] = e.clientX - rect.left;
	HEAP32[idx + {{{ C_STRUCTS.EmscriptenMouseEvent.canvasY / 4 }}}] = e.clientY - rect.top;

emscripten/src/library_html5.js

Lines 487 to 488 in 25308a1

	HEAP32[idx + {{{ C_STRUCTS.EmscriptenMouseEvent.targetX / 4 }}}] = e.clientX - rect.left;
	HEAP32[idx + {{{ C_STRUCTS.EmscriptenMouseEvent.targetY / 4 }}}] = e.clientY - rect.top;

emscripten/src/library_html5.js

Line 708 in 25308a1

{{{ makeSetValue('uiEvent', C_STRUCTS.EmscriptenUiEvent.detail, 'e.detail', 'i32') }}};

emscripten/src/library_html5.js

Lines 1947 to 1948 in 25308a1

	HEAP32[idx + {{{ C_STRUCTS.EmscriptenTouchPoint.targetX / 4}}}] = t.clientX - targetRect.left;
	HEAP32[idx + {{{ C_STRUCTS.EmscriptenTouchPoint.targetY / 4}}}] = t.clientY - targetRect.top;

This list may not be exhaustive. Applying Math.round to the values being set made the errors stop. (except for e.detail, which sometimes not a number(?), so needed to be ignored in those cases)

[sbc100]

Hmm.. this seems a little unfortunate since assigning to a typed array will automatically convert to an integer, but I think it worth keeping these checks around as long as there are only a few places we need to inject these explicit truncations.

I think will be slightly better to use >> 0 than Math.round since that is that behavior of setting an element of a typed array view IIUC.

[cwoffenden]

This is caused by a combination of two things: mouse events are registered on a canvas (not the built-in targets, e.g. EMSCRIPTEN_EVENT_TARGET_DOCUMENT) and the browser is applying a zoom or other scaling factor.

A fix is in #21429 with an example of what happens with a zoom applied.