Closed Bug 328077 Opened 20 years ago Closed 20 years ago

crash on attempt to drag image from a page [@ nsDragService::InvokeDragSession]

Categories

(Core :: DOM: Copy & Paste and Drag & Drop, defect)

Product:
Core
Component:
DOM: Copy & Paste and Drag & Drop
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: Peter6, Unassigned)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(2 files)

stack trace
4.38 KB, text/plain
Details
Proposed fix for the crash
3.18 KB, patch
roc
: review+
roc
: superreview+
Details | Diff | Splinter Review
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a1) Gecko/20060221 Firefox/1.6a1 ID:2006022109 repro: open a page with an image and try to drag it. result: crash takback: TB15440607Y regression from: bug 267426
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060221 Firefox/1.6a1 (BlueFyre) - Build ID: 2006022113 Confirmed
(In reply to comment #0) > Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a1) Gecko/20060221 > Firefox/1.6a1 ID:2006022109 > > repro: > open a page with an image and try to drag it. > > result: crash > > takback: TB15440607Y > > regression from: bug 267426 > Talkback not found.
Severity: major → critical
Keywords: crash, talkbackid
(In reply to comment #2) > (In reply to comment #0) > > Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a1) Gecko/20060221 > > Firefox/1.6a1 ID:2006022109 > > > > repro: > > open a page with an image and try to drag it. > > > > result: crash > > > > takback: TB15440607Y > > > > regression from: bug 267426 > > > > Talkback not found. > That incident's still in the queue, though it should be up in a few hours. A few more IDs (that aren't up just yet): TB15437595E TB15437856W TB15437917W TB15437917W TB15438468Z
Blocks: 267426
Attached file stack trace
Keywords: talkbackid
Summary: crash on attempt to drag image from a page → crash on attempt to drag image from a page [@ nsDragService::InvokeDragSession]
Doesn't happen in debug build. It seem to me this is one of those memory overwrite bugs that appear only in release builds. It didn't happen with the new API SHGetFolderLocation. Have to look take a closer SHGetSpecialFolderLocation then. This is my bug I'll work on it
(In reply to comment #0) > open a page with an image and try to drag it. > > result: crash confirmed for SeaMonkey Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060222 SeaMonkey/1.5a
This fixes the crash. It was a calling convention issue. Also added directory promise flavour to the transferable after the drag.
Attachment #212781 - Flags: superreview?(roc)
Attachment #212781 - Flags: review?(emaijala)
Comment on attachment 212781 [details] [diff] [review] Proposed fix for the crash Thanks for taking care of this quickly. I will check it in.
Attachment #212781 - Flags: superreview?(roc)
Attachment #212781 - Flags: superreview+
Attachment #212781 - Flags: review?(emaijala)
Attachment #212781 - Flags: review+
checked in
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Verified FIXED using build 2006-02-23-09 of SeaMonkey trunk on Windows XP, but it'd be really good to hear from others on 95/98/ME...
Status: RESOLVED → VERIFIED
*** Bug 328448 has been marked as a duplicate of this bug. ***
Might it be this still crashes from time to time? I sometimes (i cannot really reproduce) crash with a Win2k trunk build when trying to drag a image from a webpage. I clobbered my obj-dir and still see the crash. Just to be sure, the stacktrace i get (but it seems to be the same as the stacktrace attached to this bug): 0:000> kp ChildEBP RetAddr WARNING: Frame IP not in any known module. Following frames may be wrong. 0012ed24 01b5f8a8 0x0 *** WARNING: Unable to verify checksum for H:\MOZILLA\TREE-M~1\MOZILLA\SEAMON~1\DIST\BIN\components\gklayout.dll 0012ef9c 01756518 gkwidget!nsDragService::InvokeDragSession(class nsIDOMNode * aDOMNode = 0x00000000, class nsISupportsArray * anArrayTransferables = 0x034bff58, class nsIScriptableRegion * aRegion = 0x06278538, unsigned int aActionType = 7)+0x317 [h:/mozilla/tree-main/mozilla/widget/src/windows/nsDragService.cpp @ 191] 0012f014 01767521 gklayout!nsContentAreaDragDrop::DragGesture(class nsIDOMEvent * inMouseEvent = 0x06d2cc78)+0x274 [h:/mozilla/tree-main/mozilla/content/base/src/nsContentAreaDragDrop.cpp @ 803] 0012f02c 0176746b gklayout!DispatchToInterface(class nsIDOMEvent * aEvent = 0x06d2cc78, class nsIDOMEventListener * aListener = 0x034c6860, <function> * aMethod = 0x01768309, struct nsID * aIID = 0x01981340, int * aHasInterface = 0x0012f064)+0x30 [h:/mozilla/tree-main/mozilla/content/events/src/nsEventListenerManager.cpp @ 143] 0012f07c 01810e69 gklayout!nsEventListenerManager::HandleEvent(class nsPresContext * aPresContext = 0x00000001, class nsEvent * aEvent = 0x0012f7d4, class nsIDOMEvent ** aDOMEvent = 0x0012f760, class nsIDOMEventTarget * aCurrentTarget = 0x0628bcd0, unsigned int aFlags = 2, nsEventStatus * aEventStatus = 0x0012f838)+0x20b [h:/mozilla/tree-main/mozilla/content/events/src/nsEventListenerManager.cpp @ 1750] 0012f178 01812154 gklayout!nsXULElement::HandleDOMEvent(class nsPresContext * aPresContext = 0x020044c0, class nsEvent * aEvent = 0x063bdb70, class nsIDOMEvent ** aDOMEvent = 0x0012f760, unsigned int aFlags = 2, nsEventStatus * aEventStatus = 0x0012f838)+0x5c1 [h:/mozilla/tree-main/mozilla/content/xul/content/src/nsXULElement.cpp @ 1885] 0012f198 017e653c gklayout!nsXULElement::HandleChromeEvent(class nsPresContext * aPresContext = 0x020044c0, class nsEvent * aEvent = 0x0012f7d4, class nsIDOMEvent ** aDOMEvent = 0x0012f760, unsigned int aFlags = 2, nsEventStatus * aEventStatus = 0x0012f838)+0x37 [h:/mozilla/tree-main/mozilla/content/xul/content/src/nsXULElement.cpp @ 2544] 0012f1fc 017e62e1 gklayout!nsGlobalWindow::HandleDOMEvent(class nsPresContext * aPresContext = 0x020044c0, class nsEvent * aEvent = 0x0012f7d4, class nsIDOMEvent ** aDOMEvent = 0x0012f760, unsigned int aFlags = 2, nsEventStatus * aEventStatus = 0x0012f838)+0x291 [h:/mozilla/tree-main/mozilla/dom/src/base/nsGlobalWindow.cpp @ 1643] 0012f254 01746d0e gklayout!nsGlobalWindow::HandleDOMEvent(class nsPresContext * aPresContext = 0x020044c0, class nsEvent * aEvent = 0x0012f7d4, class nsIDOMEvent ** aDOMEvent = 0x0012f760, unsigned int aFlags = 2, nsEventStatus * aEventStatus = 0x0012f838)+0x36 [h:/mozilla/tree-main/mozilla/dom/src/base/nsGlobalWindow.cpp @ 1511] 0012f284 0173b1be gklayout!nsDocument::HandleDOMEvent(class nsPresContext * aPresContext = 0x020044c0, class nsEvent * aEvent = 0x02d9c660, class nsIDOMEvent ** aDOMEvent = 0x0012f760, unsigned int aFlags = 2, nsEventStatus * aEventStatus = 0x0012f838)+0xec [h:/mozilla/tree-main/mozilla/content/base/src/nsDocument.cpp @ 4329] 0012f2d4 0173b198 gklayout!nsGenericElement::HandleDOMEvent(class nsPresContext * aPresContext = 0x020044c0, class nsEvent * aEvent = 0x00000000, class nsIDOMEvent ** aDOMEvent = 0x0012f760, unsigned int aFlags = 2, nsEventStatus * aEventStatus = 0x0012f838)+0x44f [h:/mozilla/tree-main/mozilla/content/base/src/nsGenericElement.cpp @ 2060] 0012f324 0173b198 gklayout!nsGenericElement::HandleDOMEvent(class nsPresContext * aPresContext = 0x020044c0, class nsEvent * aEvent = 0x063bdb70, class nsIDOMEvent ** aDOMEvent = 0x0012f760, unsigned int aFlags = 2, nsEventStatus * aEventStatus = 0x0012f838)+0x429 [h:/mozilla/tree-main/mozilla/content/base/src/nsGenericElement.cpp @ 2053] 0012f374 0173b198 gklayout!nsGenericElement::HandleDOMEvent(class nsPresContext * aPresContext = 0x020044c0, class nsEvent * aEvent = 0x063bdb70, class nsIDOMEvent ** aDOMEvent = 0x0012f760, unsigned int aFlags = 2, nsEventStatus * aEventStatus = 0x0012f838)+0x429 [h:/mozilla/tree-main/mozilla/content/base/src/nsGenericElement.cpp @ 2053] 0012f3c4 0173b198 gklayout!nsGenericElement::HandleDOMEvent(class nsPresContext * aPresContext = 0x020044c0, class nsEvent * aEvent = 0x063bdb70, class nsIDOMEvent ** aDOMEvent = 0x0012f760, unsigned int aFlags = 2, nsEventStatus * aEventStatus = 0x0012f838)+0x429 [h:/mozilla/tree-main/mozilla/content/base/src/nsGenericElement.cpp @ 2053] 0012f414 0173b198 gklayout!nsGenericElement::HandleDOMEvent(class nsPresContext * aPresContext = 0x020044c0, class nsEvent * aEvent = 0x063bdb70, class nsIDOMEvent ** aDOMEvent = 0x0012f760, unsigned int aFlags = 2, nsEventStatus * aEventStatus = 0x0012f838)+0x429 [h:/mozilla/tree-main/mozilla/content/base/src/nsGenericElement.cpp @ 2053] 0012f464 0173b198 gklayout!nsGenericElement::HandleDOMEvent(class nsPresContext * aPresContext = 0x020044c0, class nsEvent * aEvent = 0x063bdb70, class nsIDOMEvent ** aDOMEvent = 0x0012f760, unsigned int aFlags = 2, nsEventStatus * aEventStatus = 0x0012f838)+0x429 [h:/mozilla/tree-main/mozilla/content/base/src/nsGenericElement.cpp @ 2053] 0012f4b4 0173b198 gklayout!nsGenericElement::HandleDOMEvent(class nsPresContext * aPresContext = 0x020044c0, class nsEvent * aEvent = 0x063bdb70, class nsIDOMEvent ** aDOMEvent = 0x0012f760, unsigned int aFlags = 2, nsEventStatus * aEventStatus = 0x0012f838)+0x429 [h:/mozilla/tree-main/mozilla/content/base/src/nsGenericElement.cpp @ 2053] 0012f504 0173b198 gklayout!nsGenericElement::HandleDOMEvent(class nsPresContext * aPresContext = 0x020044c0, class nsEvent * aEvent = 0x063bdb70, class nsIDOMEvent ** aDOMEvent = 0x0012f760, unsigned int aFlags = 2, nsEventStatus * aEventStatus = 0x0012f838)+0x429 [h:/mozilla/tree-main/mozilla/content/base/src/nsGenericElement.cpp @ 2053] 0012f554 0173b198 gklayout!nsGenericElement::HandleDOMEvent(class nsPresContext * aPresContext = 0x020044c0, class nsEvent * aEvent = 0x063bdb70, class nsIDOMEvent ** aDOMEvent = 0x0012f760, unsigned int aFlags = 2, nsEventStatus * aEventStatus = 0x0012f838)+0x429 [h:/mozilla/tree-main/mozilla/content/base/src/nsGenericElement.cpp @ 2053] 0012f5a4 0173b198 gklayout!nsGenericElement::HandleDOMEvent(class nsPresContext * aPresContext = 0x020044c0, class nsEvent * aEvent = 0x063bdb70, class nsIDOMEvent ** aDOMEvent = 0x0012f760, unsigned int aFlags = 2, nsEventStatus * aEventStatus = 0x0012f838)+0x429 [h:/mozilla/tree-main/mozilla/content/base/src/nsGenericElement.cpp @ 2053]
(In reply to comment #12) > Might it be this still crashes from time to time? I sometimes (i cannot really > reproduce) crash with a Win2k trunk build when trying to drag a image from a > webpage. I clobbered my obj-dir and still see the crash. Just to be sure, the > stacktrace i get (but it seems to be the same as the stacktrace attached to > this bug): Hi, I use patched build every day since the patch and didn't see it crash. I have Win2k system too. The reason for the crash was wrong calling convention, but I fixed that some time ago. It would be nice if you could provide steps to reproduce the crash, I'll wait until it crashes on me too.
Strange, i only see this crash if i have Quicklaunch enabled in SeaMonkey. I guess this feature is a bit buggy *sigh*.
Depends on: 426285
Crash Signature: [@ nsDragService::InvokeDragSession]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: