Closed
Bug 1870007
Opened 2 years ago
Closed 2 years ago
Assert during dragging file@UpdateDefaultPreventedOnContentForDragEvent
Categories
(Core :: DOM: Copy & Paste and Drag & Drop, defect)
Core
DOM: Copy & Paste and Drag & Drop
Tracking
()
RESOLVED
DUPLICATE
of bug 1850213
People
(Reporter: jhorak, Unassigned)
Details
The tab aborts in the nightly when debug build is enabled.
Reproducer:
- open https://www.uschovna.cz/poslat-zasilku
- drag file from file manager to the drop area
The following assert fails:
MOZ_ASSERT_IF(dragEvent->mInHTMLEditorEventListener,
mEvent->mCurrentTarget->IsRootWindow());
stating mEvent->mCurrentTarget->IsRootWindow() is false.
Without debug, the assert is not addressed, so no crash or failure happens.
|
||
Comment 1•2 years ago
•
|
||
Not depended on GTK. I can reproduce this on Windows.
When calling event.preventDefault on drop event handler, this assertion is hit
(lldb) bt
* thread #1, name = 'Isolated Web Co', stop reason = signal SIGSEGV: invalid address (fault address: 0x0)
* frame #0: 0x00007f0f7e7c6739 libxul.so`mozilla::dom::Event::UpdateDefaultPreventedOnContentForDragEvent(this=0x00007f0f6bc03670) at Event.cpp:459:548
frame #1: 0x00007f0f7df88cdf libxul.so`mozilla::dom::Event_Binding::preventDefault(cx=0x00007f0f7612e100, obj=<unavailable>, void_self=0x00007f0f6bc03670, args=0x00007ffd75fe0fa0) at EventBinding.cpp:640:11
frame #2: 0x00007f0f7e248909 libxul.so`bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(cx=0x00007f0f7612e100, argc=<unavailable>, vp=<unavailable>) at BindingUtils.cpp:3320:13
frame #3: 0x00007f0f823d0c75 libxul.so`CallJSNative(cx=0x00007f0f7612e100, native=(libxul.so`bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) at BindingUtils.cpp:3294), reason=Call, args=0x00007ffd75fe14f0) at Interpreter.cpp:479:13
frame #4: 0x00007f0f823ac25e libxul.so`js::InternalCallOrConstruct(cx=0x00007f0f7612e100, args=0x00007ffd75fe14f0, construct=NO_CONSTRUCT, reason=Call) at Interpreter.cpp:573:12
frame #5: 0x00007f0f823ad05d libxul.so`InternalCall(cx=<unavailable>, args=<unavailable>, reason=<unavailable>) at Interpreter.cpp:640:10 [artificial]
frame #6: 0x00007f0f823bc069 libxul.so`js::Interpret(JSContext*, js::RunState&) [inlined] js::CallFromStack(cx=<unavailable>, args=0x00007ffd75fe14f0, reason=<unavailable>) at Interpreter.cpp:645:10
frame #7: 0x00007f0f823bc064 libxul.so`js::Interpret(cx=0x00007f0f7612e100, state=0x00007ffd75fe1600) at Interpreter.cpp:3060:16
frame #8: 0x00007f0f823abae9 libxul.so`MaybeEnterInterpreterTrampoline(cx=<unavailable>, state=<unavailable>) at Interpreter.cpp:393:10 [artificial]
frame #9: 0x00007f0f823ab79f libxul.so`js::RunScript(cx=0x00007f0f7612e100, state=0x00007ffd75fe1600) at Interpreter.cpp:451:13
frame #10: 0x00007f0f823ac17e libxul.so`js::InternalCallOrConstruct(cx=0x00007f0f7612e100, args=0x00007ffd75fe1788, construct=NO_CONSTRUCT, reason=Call) at Interpreter.cpp:605:13
frame #11: 0x00007f0f823ad05d libxul.so`InternalCall(cx=<unavailable>, args=<unavailable>, reason=<unavailable>) at Interpreter.cpp:640:10 [artificial]
frame #12: 0x00007f0f823ad27a libxul.so`js::Call(cx=0x00007f0f7612e100, fval=JS::HandleValue @ scalar, thisv=JS::HandleValue @ scalar, args=0x00007ffd75fe1788, rval=JS::MutableHandleValue @ 0x00007ffd75fe1680, reason=Call) at Interpreter.cpp:672:8
frame #13: 0x00007f0f82f72f7e libxul.so`js::jit::InvokeFunction(cx=0x00007f0f7612e100, obj=JS::HandleObject @ scalar, constructing=<unavailable>, ignoresReturnValue=false, argc=1, argv=0x00007ffd75fe1990, rval=JS::MutableHandleValue @ 0x00007ffd75fe1778) at VMFunctions.cpp:544:10
frame #14: 0x00007f0f82f735ef libxul.so`js::jit::InvokeFromInterpreterStub(cx=0x00007f0f7612e100, frame=<unavailable>) at VMFunctions.cpp:568:8
frame #15: 0x000005144e605f20
frame #16: 0x000005144e7c0090
frame #17: 0x000005144e710e34
frame #18: 0x000005144e603d81
frame #19: 0x00007f0f833a2a89 libxul.so`js::jit::MaybeEnterJit(JSContext*, js::RunState&) at Jit.cpp:115:5
frame #20: 0x00007f0f833a2658 libxul.so`js::jit::MaybeEnterJit(cx=0x00007f0f7612e100, state=<unavailable>) at Jit.cpp:261:10
frame #21: 0x00007f0f823ab76f libxul.so`js::RunScript(cx=0x00007f0f7612e100, state=0x00007ffd75fe1eb0) at Interpreter.cpp:441:32
frame #22: 0x00007f0f823ac17e libxul.so`js::InternalCallOrConstruct(cx=0x00007f0f7612e100, args=0x00007ffd75fe1fa8, construct=NO_CONSTRUCT, reason=Call) at Interpreter.cpp:605:13
frame #23: 0x00007f0f823ad05d libxul.so`InternalCall(cx=<unavailable>, args=<unavailable>, reason=<unavailable>) at Interpreter.cpp:640:10 [artificial]
frame #24: 0x00007f0f823ad27a libxul.so`js::Call(cx=0x00007f0f7612e100, fval=<unavailable>, thisv=<unavailable>, args=0x00007ffd75fe1fa8, rval=JS::MutableHandleValue @ 0x00007ffd75fe1f30, reason=Call) at Interpreter.cpp:672:8
frame #25: 0x00007f0f824ae758 libxul.so`JS::Call(cx=0x00007f0f7612e100, thisv=Handle<JS::Value> @ 0x00007ffd75fe1fa0, fval=Handle<JS::Value> @ 0x00007ffd75fe1f98, args=0x00007ffd75fe2100, rval=MutableHandle<JS::Value> @ 0x00007ffd75fe1f80) at CallAndConstruct.cpp:119:10
frame #26: 0x00007f0f7df2f0ad libxul.so`mozilla::dom::EventListener::HandleEvent(this=0x00007f0f71f98a80, cx=0x00007ffd75fe2428, aThisVal=Handle<JS::Value> @ r14, event=<unavailable>, aRv=0x00007ffd75fe24c0) at EventListenerBinding.cpp:62:8
Component: Widget: Gtk → DOM: Copy & Paste and Drag & Drop
|
|
||
Comment 2•2 years ago
|
||
Minimal sample is https://www.wontfix.net/bugs/drop.html. When drop image into red border area, this will occur.
|
|
||
Comment 3•2 years ago
|
||
Is this regression by bug 1848409?
|
|
||
Updated•2 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•