<a class="header-button" href="https://bugzilla.mozilla.org/home" title="Go to home page"> Bugzilla

Pushlog https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=ffd1b16f058b&tochange=4ddadc870ef6

Comment 4

•

10 years ago

Blocks: 1071562

Keywords: crash, regression

Comment 5

•

10 years ago

Probably need to modify this to support copy/paste of files across processes.

https://hg.mozilla.org/integration/mozilla-inbound/rev/0f8df14dfebb

Assignee

Comment 6

•

10 years ago

We try to support it, but it fails because we call PContent::GetClipboard (a sync message) from the child, which then tries to create a blob to send to the parent and return that blob. However, in receiving the returned blob in the child, we haven't yet processed its constructor and crash. There's no especially clean way to fix this (we could special-case constructors for objects created in sync messages, but I'm kind of scared of doing that). I'm going to cheat a lot and read the file in the parent and (if it's an image) send the raw image data down to the child. We only care about image files for copy/paste, so I think that's the fastest way to victory.

Pulsebot

Comment 7

•

10 years ago

Assignee

Comment 8

•

10 years ago

Oops, that was the wrong bug number.

Updated

•

10 years ago

Severity: normal → critical

Keywords: reproducible

https://hg.mozilla.org/mozilla-central/rev/0f8df14dfebb

Updated

•

10 years ago

Crash Signature: [@ mozalloc_abort(char const* const) | NS_DebugBreak | mozilla::ipc::FatalError(char const*, char const*, unsigned long, bool) | mozilla::dom::PContentChild::FatalError(char const* const) | mozilla::dom::PContentChild::Read(mozilla::dom::IPCDataTransferIt…

Carsten Book [:Tomcat]

Comment 9

•

10 years ago

Status: NEW → RESOLVED

Closed: 10 years ago

status-firefox41: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → Firefox 41

Comment 10

•

10 years ago

[Tracking Requested - why for this release]: (In reply to Carsten Book [:Tomcat] from comment #9) > https://hg.mozilla.org/mozilla-central/rev/0f8df14dfebb This is wrong bug number. typo change note, see Bug 1176447 Comment 6

Status: RESOLVED → REOPENED

status-firefox41: fixed → affected

tracking-firefox41: --- → ?

Resolution: FIXED → ---

Ritu Kothari (:ritu) (Inactive, please n-i to RyanVM, jcristau, or pascal)

Updated

•

10 years ago

status-firefox40: --- → affected

Component: Untriaged → DOM: Core & HTML

Product: Firefox → Core

Target Milestone: Firefox 41 → ---

Comment 11

•

10 years ago

Adding a tracking flag for FF41. Also setting qe-verify:+ to ensure QA team gets a chance to test the fix.

tracking-firefox41: ? → +

Flags: qe-verify+

Robert Kaiser

Updated

•

10 years ago

Crash Signature: , bool) | mozilla::dom::PContentChild::FatalError(char const* const) | mozilla::dom::PContentChild::Read(mozilla::dom::IPCDataTransferIt...] → , bool) | mozilla::dom::PContentChild::FatalError(char const* const) | mozilla::dom::PContentChild::Read(mozilla::dom::IPCDataTransferIt...] [@ mozalloc_abort | NS_DebugBreak | mozilla::ipc::FatalError | mozilla::dom::PContentChild::FatalError | mozilla:…

Brad Lassey [:blassey] (use needinfo?)

Updated

•

10 years ago

tracking-e10s: m7+ → m8+

Boris Chiou [:boris]

Updated

•

10 years ago

Blocks: 1181467

Boris Chiou [:boris]

Updated

•

10 years ago

No longer blocks: 1181467

Ritu Kothari (:ritu) (Inactive, please n-i to RyanVM, jcristau, or pascal)

Comment 12

•

10 years ago

Untracking for FF41 as e10s is not enabled by default. Tracked for FF42 instead.

status-firefox42: --- → ?

tracking-firefox41: + → -

tracking-firefox42: --- → +

Assignee

Comment 13

•

10 years ago

Attached patch Patch v1 — Details — Splinter Review

I stared at this for a long time and there's no obviously good solution for it. This crashes because we're in a sync message (GetClipboard) which tries to create a Blob to to pass to the child but we don't process the constructor message before trying to use the blob in the child, which crashes. Additionally, there's currently no nsIFile implementation that's not backed by blobs. I thought about slurping the contents of the file and passing them down as a string, possibly only if it contains an image, (I'll do that in a separate patch) but that'll break non-paste consumers of nsIClipboard::GetClipboard (if those exist). We should definitely fix ths crash now, though. The blob code is correct for the drag and drop case.

Attachment #8666976 - Flags: review?(enndeakin)

Assignee

Comment 14

•

10 years ago

Attached patch Factor out file-slurping code from editor — Details — Splinter Review

Attachment #8668148 - Flags: review?(enndeakin)

Assignee

Comment 15

•

10 years ago

Attached patch Allow pasting images into HTML — Details — Splinter Review

This applies on top of the other patches.

Attachment #8668149 - Flags: review?(enndeakin)

https://treeherder.mozilla.org/#/jobs?repo=try&revision=527615ebed8c

Assignee

Comment 16

•

10 years ago

Sylvestre Ledru [:Sylvestre]

Comment 17

•

10 years ago

[Tracking Requested - why for this release]: e10s is disabled in 42 too. Liz will see if she wants that to be fixed in 43 or not.

status-firefox42: ? → wontfix

status-firefox43: --- → affected

tracking-firefox42: + → -

tracking-firefox43: --- → ?

Liz Henry (:lizzard) (relman/hg->git project)

Comment 18

•

10 years ago

Sure. Assuming this affects 44 as well, we can track it there too.

status-firefox44: --- → ?

tracking-firefox43: ? → +

tracking-firefox44: --- → +

Liz Henry (:lizzard) (relman/hg->git project)

Comment 19

•

10 years ago

These crash sigs do show up for 44 so I'll assume so.

status-firefox44: ? → affected

Updated

•

10 years ago

Attachment #8666976 - Flags: review?(enndeakin) → review+

Updated

•

10 years ago

Attachment #8668148 - Flags: review?(enndeakin) → review+

Comment 20

•

10 years ago

Comment on attachment 8668149 [details] [diff] [review] Allow pasting images into HTML > // Otherwise, handle this as a file. > nsCOMPtr<BlobImpl> blobImpl; > nsCOMPtr<nsIFile> file = do_QueryInterface(data); > if (file) { >+ // If we can send this over as a blob, do so. Otherwise, we're >+ // responding to a sync message and the child can't process the blob >+ // constructor before processing our response, which would crash. In >+ // that case, hope that the caller is nsClipboardProxy::GetData, >+ // called from editor and send over images as raw data. The caller might not be the editor after bug 906420. Is that a problem?

Attachment #8668149 - Flags: review?(enndeakin) → review+

https://hg.mozilla.org/integration/mozilla-inbound/rev/36fd2c273344

Assignee

Comment 21

•

10 years ago

(In reply to Neil Deakin from comment #20) > The caller might not be the editor after bug 906420. Is that a problem? It shouldn't be a problem. I was thinking more in terms of compatibility because editor only cares if the file is an image (and if so it reads it synchronously and pastes the image into the document). Other callers might actually want to use the file.

Pulsebot

Comment 22

•

10 years ago

Carsten Book [:Tomcat]

Comment 23

•

10 years ago

https://hg.mozilla.org/mozilla-central/rev/36fd2c273344

Status: REOPENED → RESOLVED

Closed: 10 years ago → 10 years ago

status-firefox44: affected → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla44

Ada [:adalucinet]

Comment 24

•

10 years ago

Reproduced with Nightly (from 2015-10-03): bp-71b65e8c-c01f-4646-9410-687f62151118 With latest 44.0a2 and 45.0a1 (from 2015-11-17) and the provided STR, I constantly hit crash bug 1225829. Any ideas?

Flags: needinfo?(mrbkap)

Liz Henry (:lizzard) (relman/hg->git project)

Comment 25

•

10 years ago

Wontfix for 43, as e10s isn't enabled on beta yet.

status-firefox43: affected → wontfix