[Webkit-unassigned] [Bug 217482] [GTK] Crash in WebKit::DropTarget::drop
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 8 10:22:08 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=217482
--- Comment #1 from Michael Catanzaro <mcatanzaro at gnome.org> ---
OK here's a guess: maybe (1) user starts drag, (2) user leaves window, m_leaveTimer starts running, (3) user starts a new drag, m_leaveTimer still running, (4) m_leaveTimer fires, unsets m_selectionData etc., (5) user releases button, triggering drop, (6) crash.
It seems a little unlikely, because m_leaveTimer is stopped in DropTarget::accept, so the user would have to finish the drop before the source application sends its drag data offer. But that's actually possible, right?
I see we have, in DropTarget::accept:
if (m_leaveTimer.isActive()) {
m_leaveTimer.stop();
leaveTimerFired();
}
But that's not soon enough, right? It belongs in DropTarget::enter?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201008/c6d0efbd/attachment.htm>
More information about the webkit-unassigned
mailing list