[Webkit-unassigned] [Bug 217482] [GTK] Crash in WebKit::DropTarget::drop

Fri Nov 6 01:22:17 PST 2020

https://bugs.webkit.org/show_bug.cgi?id=217482

Carlos Garcia Campos <cgarcia at igalia.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |cgarcia at igalia.com

--- Comment #3 from Carlos Garcia Campos <cgarcia at igalia.com> ---
(In reply to Michael Catanzaro from comment #1)
> OK here's a guess: maybe (1) user starts drag, (2) user leaves window,
> m_leaveTimer starts running, (3) user starts a new drag, m_leaveTimer still
> running, (4) m_leaveTimer fires, unsets m_selectionData etc., (5) user
> releases button, triggering drop, (6) crash.
> 
> It seems a little unlikely, because m_leaveTimer is stopped in
> DropTarget::accept, so the user would have to finish the drop before the
> source application sends its drag data offer. But that's actually possible,
> right?
> 
> I see we have, in DropTarget::accept:
> 
>     if (m_leaveTimer.isActive()) {
>         m_leaveTimer.stop();
>         leaveTimerFired();
>     }
> 
> But that's not soon enough, right? It belongs in DropTarget::enter?

accept happens before enter. accept starts reading the contents and after all data has been received then enter is called.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201106/21f5d9f3/attachment-0001.htm>