commit | 179f0c880333bcb580ff157120b54665e4dc7530 | [log] [tgz] |
---|---|---|
author | Alexander Dunaev <adunaev@igalia.com> | Wed Dec 02 15:39:59 2020 |
committer | Chromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com> | Wed Dec 02 15:39:59 2020 |
tree | a8f27a21c7ab3a4b656703aabf9c65fdcf08ad74 | |
parent | ed3bf1a89d3a6faebce181fc3debc02d12ba8e9d [diff] |
[ozone/x11] Fixed the crash during drag and drop. The X11Window sometimes did not provide data to the drag and drop client on drag entering the window, which later (on handling further events) resulted in DesktopDragDropClientOzone::UpdateTargetAndCreateDropEvent() dereferencing nullptr and thus creating an invalid reference to data in the DropTargetEvent, which then caused the crash. Why exactly the window might not provide data cannot be known for sure. The essential point in the X11 drag and drop session is XdndPosition event tht is handled by X11Window::UpdateDrag(), where the drag data is always created. The newly created data should then be passed to DesktopDragDropClientOzone::OnDragEnter(), but because this call must happen exactly once per drag and drop session, the X11Window has the notified_enter_ flag for that; the call to OnDragEnter() happens iff the flag was reset, and the flag is then set and kept till the end of the session. So the likely reason of the crash was that notified_enter_ was true before the call to DesktopDragDropClientOzone::OnDragEnter(), which resulted in the call not happening. X11Window::StartDrag() resets the flag, so the only case when things could go wrong is the drag incoming from another window. The code around had DCHECKs that assert valid state of the data, but they did not fire neither in tests nor during development, which suggests that the event is quite rare. Theoretically, the reason could be incorrect sequence of incoming events: either the previous drag and drop did not end properly, or the entering drag did not send some events. This CL fixes the situation with two changes: 1. The notified_enter_ flag is reset on entering the foreign drag, thus ensuring the correct state at the beginning of the incoming drag session. 2. The DesktopDragDropClientOzone::UpdateTargetAndCreateDropEvent() checks data_to_drop_ before passing it further, so nullptr should never be dereferenced anymore. Bug: 1151836 Change-Id: Id007d5ee463fbaeaf4311166c72a397f48a8e9ec Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2558344 Reviewed-by: Scott Violet <sky@chromium.org> Reviewed-by: Maksim Sisov (GMT+2) <msisov@igalia.com> Commit-Queue: Alexander Dunaev <adunaev@igalia.com> Cr-Commit-Position: refs/heads/master@{#832822}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .
For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.