Closed Bug 585961 Opened 15 years ago Closed 15 years ago

Crash [@ nsNativeDragTarget::Drop(IDataObject*, unsigned long, _POINTL, unsigned long*) ]

Categories

(Core :: Widget: Win32, defect)

Product:
Core
Component:
Widget: Win32
Platform:
All
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla2.0b4
Tracking Flags:
Tracking Status
blocking2.0 --- final+
status1.9.2 --- ?
status1.9.1 --- ?

People

(Reporter: MatsPalmgren_bugz, Assigned: MatsPalmgren_bugz)

References

Details

(Whiteboard: [sg:critical?][critsmash:patch])

Attachments

(1 file)

Patch rev. 1
1.83 KB, patch
roc
: review+
Details | Diff | Splinter Review
Crash [@ nsNativeDragTarget::Drop(IDataObject*, unsigned long, _POINTL, unsigned long*) ]. I found this crash while investigating bug 585287. It seems to be a regression from bug 530070 in that it makes the crash more likely to occur, but we should fix this with or without bug 530070. STEPS TO REPRODUCE 0. bookmark a page that is slow to load, in my case it works with http://slashdot.org/ 1. open the Bookmarks window 2. select the bookmark from step 0 and drag-n-drop onto the content window 3. do this a few times in rapid succession, ie. without waiting for the page to load ACTUAL RESULTS http://crash-stats.mozilla.com/report/index/74465092-f724-46d3-80f2-151622100810 The problem is that nsNativeDragTarget::Drop is using 'this' after ProcessDrag() was called (even though there is a warning that it might be destroyed on line 406). http://hg.mozilla.org/mozilla-central/annotate/961f253985a4/widget/src/windows/nsNativeDragTarget.cpp#l430
This is most likely very hard to reproduce without the changes in bug 530070. Marking it Security-Sensitive just in case, since the code in nsNativeDragTarget::Drop is the same on branches (although they don't have bug 530070 yet).
Assignee: nobody → matspal
Would bug 556892 be related to this?
Possibly. Can you attach the unminimized testcase somewhere safe?
Attached patch Patch rev. 1Splinter Review
Attachment #464447 - Flags: review?(jmathies)
Blocks: 530070
blocking2.0: --- → ?
Whiteboard: [sg:critical?]
Whiteboard: [sg:critical?] → [sg:critical?][critsmash:patch]
looks like we currently see up to 7 of these crashes per day. could be people just testing for this, or could be content in the wild that we need to keep an eye out for.
blocking2.0: ? → final+
Comment on attachment 464447 [details] [diff] [review] Patch rev. 1 roc, can you review this since jimm is on vacation?
Attachment #464447 - Flags: review?(jmathies) → review?(roc)
http://hg.mozilla.org/mozilla-central/rev/4815acde2305
Status: NEW → RESOLVED
Closed: 15 years ago
status1.9.1: --- → ?
status1.9.2: --- → ?
Resolution: --- → FIXED
Target Milestone: --- → mozilla2.0b4
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: