1471157 - Crash in mozilla::dom::DataTransfer::GetTypes

Status: RESOLVED FIXED

(Core :: DOM: Core & HTML, defect)

Description

[[:philipp]]

This bug was filed from the Socorro interface and is
report bp-442fabe4-9b1d-4efd-ae93-30c110180626.
=============================================================

Top 10 frames of crashing thread:

0 xul.dll mozilla::dom::DataTransfer::GetTypes dom/events/DataTransfer.cpp:294
1 xul.dll nsFileControlFrame::DnDListener::IsValidDropData layout/forms/nsFileControlFrame.cpp:387
2 xul.dll nsFileControlFrame::DnDListener::HandleEvent layout/forms/nsFileControlFrame.cpp:253
3 xul.dll mozilla::EventListenerManager::HandleEventSubType dom/events/EventListenerManager.cpp:1124
4 xul.dll mozilla::EventListenerManager::HandleEventInternal dom/events/EventListenerManager.cpp:1291
5 xul.dll mozilla::EventTargetChainItem::HandleEventTargetChain dom/events/EventDispatcher.cpp:528
6 xul.dll mozilla::EventTargetChainItem::HandleEventTargetChain dom/events/EventDispatcher.cpp:591
7 xul.dll mozilla::EventDispatcher::Dispatch dom/events/EventDispatcher.cpp:961
8 xul.dll mozilla::PresShell::DispatchEventToDOM layout/base/PresShell.cpp:8000
9 xul.dll mozilla::PresShell::HandleEventInternal layout/base/PresShell.cpp:7677

=============================================================

this is a low volume crash signature regressing during the 61 cycle, so far reports are only coming from windows installations. could this be related to bug 1444686 or 1455052?

Comment 1

[Boris Zbarsky [:bzbarsky]]

This is definitely fallout from bug 1444686.

Comment 2

[Boris Zbarsky [:bzbarsky]]

Attachment: Fix null-deref crash when a drop event has no DataTransfer

https://hg.mozilla.org/mozilla-central/rev/41d99ad7144f removed a null-check
that shouldn't have been removed: the datatransfer argument might actually be
null here.

Comment 3

[Boris Zbarsky [:bzbarsky]]

Attachment: Fix null-deref crash when a drop event has no DataTransfer

https://hg.mozilla.org/mozilla-central/rev/41d99ad7144f removed a null-check
that shouldn't have been removed: the datatransfer argument might actually be
null here.

Comment 4

[Boris Zbarsky [:bzbarsky]]

Attachment: Fix null-deref crash when a drop event has no DataTransfer

https://hg.mozilla.org/mozilla-central/rev/41d99ad7144f removed a null-check
that shouldn't have been removed: the datatransfer argument might actually be
null here.

Comment 5

[Liz Henry (:lizzard) (relman/hg->git project)]

Keeping an eye on this for release, and could take the patch for beta 62 as well.

Comment 6

[Pulsebot]

Pushed by bzbarsky@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/0ee5b54dab6c
Fix null-deref crash when a drop event has no DataTransfer.  r=nika

Comment 7

[Boris Zbarsky [:bzbarsky]]

Comment on attachment 8988000 [details] [diff] [review]
Fix null-deref crash when a drop event has no DataTransfer

Approval Request Comment
[Feature/Bug causing the regression]: Bug 1444686.
[User impact if declined]: Crashes on drag and drop in some cases.
[Is this code covered by automated tests?]: Yes.
[Has the fix been verified in Nightly?]: Yes.
[Needs manual test from QE? If yes, steps to reproduce]: No.
[List of other uplifts needed for the feature/fix]: None.
[Is the change risky?]: No.
[Why is the change risky/not risky?]: Just adds a null-check that used to be
   there already.
[String changes made/needed]: None.

Comment 8

[Liz Henry (:lizzard) (relman/hg->git project)]

Comment on attachment 8988000 [details] [diff] [review]
Fix null-deref crash when a drop event has no DataTransfer

Crash fix, verified in Nightly, let's take this for beta 4.

Comment 9

[Cosmin Sabou [:CosminS]]

https://hg.mozilla.org/mozilla-central/rev/0ee5b54dab6c

Comment 10

[Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)]

https://hg.mozilla.org/releases/mozilla-beta/rev/7ccdd10cf1b0