[Webkit-unassigned] [Bug 77569] New: Use-after-free in EventHandler::updateDragAndDrop

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Feb 1 12:21:02 PST 2012 

https://bugs.webkit.org/show_bug.cgi?id=77569

           Summary: Use-after-free in EventHandler::updateDragAndDrop
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Event Handling
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rniwa at webkit.org
                CC: darin at apple.com, ap at webkit.org, sam at webkit.org


Created an attachment (id=124988)
 --> (https://bugs.webkit.org/attachment.cgi?id=124988&action=review)
Reduction (requires DRT)

Reported as http://crbug.com/112259.

#0    0x7fff891dd0b6 in __kill
#1    0x7fff8927d9f6 in abort
#2    0x7fff827865d2 in __gnu_cxx::__verbose_terminate_handler
#3    0x7fff82784ae1 in __cxxabiv1::__terminate
#4    0x7fff82784b16 in std::terminate
#5    0x7fff82784fd6 in __cxa_pure_virtual
#6    0x101abc417 in WebCore::EventTarget::dispatchEvent at EventTarget.cpp:166
#7    0x101aa3d87 in WebCore::EventHandler::dispatchDragEvent at EventHandler.cpp:1776
#8    0x101aa9423 in WebCore::EventHandler::updateDragAndDrop at EventHandler.cpp:1862
#9    0x101a61914 in WebCore::DragController::tryDHTMLDrag at DragController.cpp:597
#10    0x101a61b1f in WebCore::DragController::tryDocumentDrag at DragController.cpp:311
#11    0x101a6205e in WebCore::DragController::dragEnteredOrUpdated at DragController.cpp:260
#12    0x101a620c3 in WebCore::DragController::dragUpdated at DragController.cpp:197
#13    0x100edd5b3 in -[WebView draggingUpdated:] at WebView.mm:3997
#14    0x10003e4f7 in -[UIDelegate webView:dragImage:at:offset:event:pasteboard:source:slideBack:forView:] at UIDelegate.mm:122
#15    0x100e14eab in WebDragClient::startDrag at WebDragClient.mm:113
#16    0x101a5e08a in WebCore::DragController::doSystemDrag at DragController.cpp:893
#17    0x101a5f3f7 in WebCore::DragController::startDrag at DragController.cpp:804
#18    0x101aa7bc3 in WebCore::EventHandler::handleDrag at EventHandler.cpp:2939
#19    0x101aaa29b in WebCore::EventHandler::handleMouseDraggedEvent at EventHandler.cpp:556
#20    0x101aaacb8 in WebCore::EventHandler::handleMouseMoveEvent at EventHandler.cpp:1686
#21    0x101ab0fa9 in WebCore::EventHandler::mouseDragged at EventHandlerMac.mm:486
#22    0x100e65e84 in -[WebHTMLView mouseDragged:] at WebHTMLView.mm:3604
#23    0x10001b614 in -[EventSendingController mouseMoveToX:Y:] at EventSendingController.mm:466
#24    0x7fff88a6593c in __invoking___
#25    0x7fff88a6580d in -[NSInvocation invoke]
#26    0x10001882d in +[EventSendingController replaySavedEvents] at EventSendingController.mm:558
#27    0x10001a7cd in -[EventSendingController mouseUp:withModifiers:] at EventSendingController.mm:382
#28    0x7fff88a6593c in __invoking___
#29    0x7fff88a6580d in -[NSInvocation invoke]

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list