Closed Bug 991171 Opened 10 years ago Closed 10 years ago

Fatal assert dragging image to desktop

Categories

(Core :: DOM: Copy & Paste and Drag & Drop, defect)

Product:
Core
Component:
DOM: Copy & Paste and Drag & Drop
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla31
Tracking Flags:
Tracking Status
firefox31 --- verified

People

(Reporter: bzbarsky, Assigned: ehsan.akhgari)

Details

Attachments

(1 file)

Don't try to init the transferable that somebody else has inited for us before; r=bzbarsky
1.14 KB, patch
bzbarsky
: review+
Details | Diff | Splinter Review 
BUILD: Current trunk debug build

STEPS TO REPRODUCE:
1)  Make sure Firefox is not maximized.
2)  Load http://imgur.com/gallery/gLG0h57
3)  Drag that image to desktop

EXPECTED RESULTS: Works

ACTUAL RESULTS:

Assertion failure: !mInitialized, at ../../../mozilla/widget/xpwidgets/nsTransferable.cpp:237

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000
nsTransferable::Init (this=0x13374f310, aContext=0x0) at nsTransferable.cpp:237
237       MOZ_ASSERT(!mInitialized);
(gdb) bt     
#0  nsTransferable::Init (this=0x13374f310, aContext=0x0) at nsTransferable.cpp:237
#1  0x000000010593b60b in -[ChildView namesOfPromisedFilesDroppedAtDestination:] (self=0x1181598e0, _cmd=0x7fff92d97a8f, dropDestination=0x1184bc140) at nsChildView.mm:5969
#2  0x00007fff92b5abf8 in -[NSFilePromiseDragSource getFilenamesAndDropLocation] ()
#3  0x00007fff92b5ad09 in -[NSFilePromiseDragSource pasteboard:provideDataForType:itemIdentifier:] ()
#4  0x00007fff929b6247 in __NSPasteboardProvideData ()
#5  0x00007fff929b374a in __NSPasteboardProvidePboardData ()
#6  0x00007fff8c07e09a in __CFPasteboardClientCallBack ()
#7  0x00007fff8c07558d in __CFMessagePortPerform ()
#8  0x00007fff8bf89d09 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ ()
#9  0x00007fff8bf89a49 in __CFRunLoopDoSource1 ()
#10 0x00007fff8bfbcc02 in __CFRunLoopRun ()
#11 0x00007fff8bfbc0e2 in CFRunLoopRunSpecific ()
#12 0x00007fff8c031c2d in CFMessagePortSendRequest ()
#13 0x00007fff93c88187 in SendDragIPCMessage ()
#14 0x00007fff93c870fc in SendDropMessage ()
#15 0x00007fff93c8a7c8 in DragInApplication ()
#16 0x00007fff93c89d81 in CoreDragStartDragging ()
#17 0x00007fff928ab120 in -[NSCoreDragManager _dragUntilMouseUp:accepted:] ()
#18 0x00007fff928ac44a in -[NSCoreDragManager dragImage:fromWindow:at:offset:event:pasteboard:source:slideBack:] ()
#19 0x00007fff92b5bfd0 in -[NSWindow(NSDrag) dragImage:at:offset:event:pasteboard:source:slideBack:] ()
#20 0x000000010594af66 in nsDragService::InvokeDragSession (this=0x1219a1ec0, aDOMNode=0x11a999080, aTransferableArray=0x117ca87b0, aDragRgn=0x0, aActionType=7) at nsDragService.mm:292
#21 0x00000001059e5a01 in nsBaseDragService::InvokeDragSessionWithImage (this=0x1219a1ec0, aDOMNode=0x11a999080, aTransferableArray=0x117ca87b0, aRegion=0x0, aActionType=7, aImage=0x0, aImageX=0, aImageY=0, aDragEvent=0x1380f77e0, aDataTransfer=0x120fa4480) at nsBaseDragService.cpp:249
#22 0x0000000105db0205 in mozilla::EventStateManager::DoDefaultDragStart (this=0x114710a40, aPresContext=0x11a040000, aDragEvent=0x7fff5fbfcb00, aDataTransfer=0x120fa4480, aDragTarget=0x11a999000, aSelection=0x0) at EventStateManager.cpp:1843
#23 0x0000000105daac2b in mozilla::EventStateManager::GenerateDragGesture (this=0x114710a40, aPresContext=0x11a040000, aEvent=0x7fff5fbfdc48) at EventStateManager.cpp:1634
#24 0x0000000105da8c38 in mozilla::EventStateManager::PreHandleEvent (this=0x114710a40, aPresContext=0x11a040000, aEvent=0x7fff5fbfdc48, aTargetFrame=0x12866a330, aStatus=0x7fff5fbfda58) at EventStateManager.cpp:559
#25 0x0000000106bcdd21 in PresShell::HandleEventInternal (this=0x114ffbc00, aEvent=0x7fff5fbfdc48, aStatus=0x7fff5fbfda58) at nsPresShell.cpp:7205
#26 0x0000000106bcd080 in PresShell::HandlePositionedEvent (this=0x114ffbc00, aTargetFrame=0x12866a330, aEvent=0x7fff5fbfdc48, aEventStatus=0x7fff5fbfda58) at nsPresShell.cpp:6972
#27 0x0000000106bcbfa0 in PresShell::HandleEvent (this=0x1184c8c00, aFrame=0x11840c458, aEvent=0x7fff5fbfdc48, aDontRetargetEvents=false, aEventStatus=0x7fff5fbfda58) at nsPresShell.cpp:6772
#28 0x00000001061d62c4 in nsViewManager::DispatchEvent (this=0x1184c47c0, aEvent=0x7fff5fbfdc48, aView=0x1183f1430, aStatus=0x7fff5fbfda58) at nsViewManager.cpp:782
Oh, and Init(nullptr) as here does nothing other than set mInitialized!

Why does it make sense to Init() an object we got from someone else?  Shouldn't we assume it's initialized?  Ehsan, this code was added in http://hg.mozilla.org/mozilla-central/rev/93e55dcf0e2e looks like...
Flags: needinfo?(ehsan)
Yeah that's just wrong.
Assignee: nobody → ehsan
Flags: needinfo?(ehsan)
Attachment #8400838 - Flags: review?(bzbarsky)
Comment on attachment 8400838 [details] [diff] [review]
Don't try to init the transferable that somebody else has inited for us before; r=bzbarsky

r=me
Attachment #8400838 - Flags: review?(bzbarsky) → review+
https://hg.mozilla.org/mozilla-central/rev/d2e06fb325b8
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
Reproduced in 2014-04-02-mozilla-central-debug, OS X 10.8.5.
Verified fixed 31.0a1 2014-04-28-mozilla-central-debug
Status: RESOLVED → VERIFIED
status-firefox31: fixedverified
Keywords: verifyme
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: