Closed Bug 1471157 Opened Last year Closed Last year

Crash in mozilla::dom::DataTransfer::GetTypes

Categories

(Core :: DOM: Core & HTML, defect, critical)

61 Branch
All
Windows
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla63
Tracking Status
firefox-esr52 --- unaffected
firefox-esr60 --- unaffected
firefox61 --- wontfix
firefox62 --- fixed
firefox63 --- fixed

People

(Reporter: philipp, Assigned: bzbarsky)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file, 2 obsolete files)

This bug was filed from the Socorro interface and is
report bp-442fabe4-9b1d-4efd-ae93-30c110180626.
=============================================================

Top 10 frames of crashing thread:

0 xul.dll mozilla::dom::DataTransfer::GetTypes dom/events/DataTransfer.cpp:294
1 xul.dll nsFileControlFrame::DnDListener::IsValidDropData layout/forms/nsFileControlFrame.cpp:387
2 xul.dll nsFileControlFrame::DnDListener::HandleEvent layout/forms/nsFileControlFrame.cpp:253
3 xul.dll mozilla::EventListenerManager::HandleEventSubType dom/events/EventListenerManager.cpp:1124
4 xul.dll mozilla::EventListenerManager::HandleEventInternal dom/events/EventListenerManager.cpp:1291
5 xul.dll mozilla::EventTargetChainItem::HandleEventTargetChain dom/events/EventDispatcher.cpp:528
6 xul.dll mozilla::EventTargetChainItem::HandleEventTargetChain dom/events/EventDispatcher.cpp:591
7 xul.dll mozilla::EventDispatcher::Dispatch dom/events/EventDispatcher.cpp:961
8 xul.dll mozilla::PresShell::DispatchEventToDOM layout/base/PresShell.cpp:8000
9 xul.dll mozilla::PresShell::HandleEventInternal layout/base/PresShell.cpp:7677

=============================================================

this is a low volume crash signature regressing during the 61 cycle, so far reports are only coming from windows installations. could this be related to bug 1444686 or 1455052?
Flags: needinfo?(bzbarsky)
This is definitely fallout from bug 1444686.
Assignee: nobody → bzbarsky
Blocks: 1444686
Flags: needinfo?(bzbarsky)
https://hg.mozilla.org/mozilla-central/rev/41d99ad7144f removed a null-check
that shouldn't have been removed: the datatransfer argument might actually be
null here.
Attachment #8987996 - Flags: review?(nika)
https://hg.mozilla.org/mozilla-central/rev/41d99ad7144f removed a null-check
that shouldn't have been removed: the datatransfer argument might actually be
null here.
Attachment #8987999 - Flags: review?(nika)
Attachment #8987996 - Attachment is obsolete: true
Attachment #8987996 - Flags: review?(nika)
https://hg.mozilla.org/mozilla-central/rev/41d99ad7144f removed a null-check
that shouldn't have been removed: the datatransfer argument might actually be
null here.
Attachment #8988000 - Flags: review?(nika)
Attachment #8987999 - Attachment is obsolete: true
Attachment #8987999 - Flags: review?(nika)
Attachment #8988000 - Flags: review?(nika) → review+
Keeping an eye on this for release, and could take the patch for beta 62 as well.
Pushed by bzbarsky@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/0ee5b54dab6c
Fix null-deref crash when a drop event has no DataTransfer.  r=nika
Comment on attachment 8988000 [details] [diff] [review]
Fix null-deref crash when a drop event has no DataTransfer

Approval Request Comment
[Feature/Bug causing the regression]: Bug 1444686.
[User impact if declined]: Crashes on drag and drop in some cases.
[Is this code covered by automated tests?]: Yes.
[Has the fix been verified in Nightly?]: Yes.
[Needs manual test from QE? If yes, steps to reproduce]: No.
[List of other uplifts needed for the feature/fix]: None.
[Is the change risky?]: No.
[Why is the change risky/not risky?]: Just adds a null-check that used to be
   there already.
[String changes made/needed]: None.
Attachment #8988000 - Flags: approval-mozilla-beta?
Comment on attachment 8988000 [details] [diff] [review]
Fix null-deref crash when a drop event has no DataTransfer

Crash fix, verified in Nightly, let's take this for beta 4.
Attachment #8988000 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
https://hg.mozilla.org/mozilla-central/rev/0ee5b54dab6c
Status: NEW → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.