Closed Bug 1912160 Opened 3 months ago Closed 3 months ago

Crash in [@ nsDragSession::Schedule]

Categories

(Core :: Widget: Gtk, defect)

Product:
Core
Component:
Widget: Gtk
Platform:
Other
Linux
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
131 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- unaffected
firefox-esr128 --- fixed
firefox129 --- wontfix
firefox130 --- fixed
firefox131 --- fixed

People

(Reporter: release-mgmt-account-bot, Assigned: stransky)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(2 files)

Bug 1912160 [Linux] Don't do drag drop after D&D operation end r?emilio
48 bytes, text/x-phabricator-request
RyanVM
: approval-mozilla-beta+
Details | Review
Bug 1912160 [Linux] Don't do drag drop after D&D operation end
48 bytes, text/x-phabricator-request
phab-bot
: approval-mozilla-esr128+
Details | Review

Crash report: https://crash-stats.mozilla.org/report/index/fb623073-3a32-4da9-9d8c-69f9b0240724

Reason: SIGSEGV / SEGV_MAPERR

Top 10 frames of crashing thread:

0  libxul.so  nsDragSession::Schedule  widget/gtk/nsDragService.cpp:2610
1  libxul.so  nsDragSession::ScheduleDropEvent  widget/gtk/nsDragService.cpp:2573
2  libxul.so  WindowDragDropHandler  widget/gtk/nsWindow.cpp:8860
3  libgtk-3.so.0  _gtk_marshal_BOOLEAN__OBJECT_INT_INT_UINT  debian/build/deb/gtk/gtkmarshalers.c:827
4  libgobject-2.0.so.0  g_closure_invoke  gobject/gclosure.c:832
5  libgobject-2.0.so.0  signal_emit_unlocked_R  gobject/gsignal.c:3796
6  libgobject-2.0.so.0  g_signal_emit_valist  gobject/gsignal.c:3559
7  libgobject-2.0.so.0  g_signal_emit_by_name  gobject/gsignal.c:3648
8  libgtk-3.so.0  gtk_drag_dest_drop  gtk/gtkdnd.c:1674
9  libgtk-3.so.0  gtk_drag_find_widget  gtk/gtkdnd.c:1270

By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:

  • First crash report: 2024-07-11
  • Process type: Parent
  • Is startup crash: No
  • Has user comments: No
  • Is null crash: Yes - all crashes happened on null or near null memory address

The Bugbug bot thinks this bug should belong to the 'Core::Widget: Gtk' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: General → Widget: Gtk

I wonder if dragService->GetCurrentSession() returns nullptr here so we get the null pointer crash.

Assignee: nobody → stransky
Status: NEW → ASSIGNED
Pushed by stransky@redhat.com: https://hg.mozilla.org/integration/autoland/rev/08925220d323 [Linux] Don't do drag drop after D&D operation end r=emilio

https://hg.mozilla.org/mozilla-central/rev/08925220d323

Status: ASSIGNED → RESOLVED
Closed: 3 months ago
status-firefox131: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 131 Branch

ESR128 isn't technically affected at the moment, but the plan is to eventually uplift bug 1893119 there too.

status-firefox129: --- → wontfix
status-firefox130: --- → fix-optional
status-firefox-esr115: --- → unaffected
status-firefox-esr128: --- → affected
Keywords: regression
Regressed by: 1893119

The patch landed in nightly and beta is affected.
:stransky, is this bug important enough to require an uplift?

  • If yes, please nominate the patch for beta approval.
  • If no, please set status-firefox130 to wontfix.

For more information, please visit BugBot documentation.

Flags: needinfo?(stransky)

Comment on attachment 9418339 [details]
Bug 1912160 [Linux] Don't do drag drop after D&D operation end r?emilio

Beta/Release Uplift Approval Request

  • User impact if declined: It may cause crash on D&D operation end.
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Simple null pointer check.
  • String changes made/needed:
  • Is Android affected?: No
Flags: needinfo?(stransky)
Attachment #9418339 - Flags: approval-mozilla-beta?

Comment on attachment 9418339 [details]
Bug 1912160 [Linux] Don't do drag drop after D&D operation end r?emilio

Approved for 130.0b9.

Attachment #9418339 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Attachment #9422897 - Flags: approval-mozilla-esr128?

esr128 Uplift Approval Request

  • User impact if declined: crash in drag and drop on Linux if events come in an unexpected order
  • Code covered by automated testing: no
  • Fix verified in Nightly: yes
  • Needs manual QE test: no
  • Steps to reproduce for manual QE testing: n/a
  • Risk associated with taking this patch: low
  • Explanation of risk level: simple null check
  • String changes made/needed: no
  • Is Android affected?: no
Attachment #9422897 - Flags: approval-mozilla-esr128? → approval-mozilla-esr128+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: