83276 – WebKit2 crashes when calling event.dataTransfer.setDragImage with a 0x0 HTML element

NEW 83276

WebKit2 crashes when calling event.dataTransfer.setDragImage with a 0x0 HTML element

https://bugs.webkit.org/show_bug.cgi?id=83276

Summary WebKit2 crashes when calling event.dataTransfer.setDragImage with a 0x0 HTML ...

Matthew Caruana Galizia

Reported 2012-04-05 07:15:28 PDT

Created attachment 135818 [details] Crash log Steps to reproduce: 1) In the dragstart callback for a draggable element, call event.dataTransfer.setDragImage(document.createElement('div'), 0, 0). What should happen: In browsers that support passing an HTML element to setDragImage, the element should be painted below the cursor while dragging. WebKit does not seem to support this behaviour, so I would expect the default drag image to be used instead. What happens instead: The page reloads immediately and a crash log is saved to ~/Library/Logs/DiagnosticReports on Mac OS. The Drag and Drop section of the HTML5 spec says[1]: If the element argument is an img element, then set the drag data store bitmap to the element's image (at its intrinsic size); otherwise, set the drag data store bitmap to an image generated from the given element (the exact mechanism for doing so is not currently specified). [1] http://www.w3.org/TR/2011/WD-html5-20110405/dnd.html#dom-datatransfer-setdragimage

Attachments
Crash log (33.92 KB, text/plain) 2012-04-05 07:15 PDT, Matthew Caruana Galizia	no flags	Details
test case (161 bytes, text/html) 2012-04-05 11:06 PDT, Alexey Proskuryakov	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2012-04-05 11:06:16 PDT

Asserts in debug builds: PassRefPtr<SharedMemory> SharedMemory::create(size_t size) { ASSERT(size); Not immediately sure which level is right for a null check.

Alexey Proskuryakov

Comment 2 2012-04-05 11:06:39 PDT

Created attachment 135859 [details] test case

Alexey Proskuryakov

Comment 3 2012-04-05 11:09:40 PDT

<rdar://problem/11192720>

Daniel Trebbien

Comment 4 2013-07-23 16:46:03 PDT

I can reproduce the problem using Alexey's test case in Safari 6.0.5, but not in the latest nightly, r153061 built on 23 July 2013.

Alexey Proskuryakov

Comment 5 2013-07-23 16:55:58 PDT

Looks like dragging may not work at all on the test case any more, masking the crash. I'm not sure if the crash has been addressed.

Daniel Trebbien

Comment 6 2013-07-23 17:00:56 PDT

Possibly related: https://bugs.webkit.org/show_bug.cgi?id=119027

apstukalin

Comment 7 2019-10-16 01:38:17 PDT

I believe it still takes place in one form or another. See these SO links https://stackoverflow.com/questions/22565909/setdragimage-on-safari-crashes-unexpectedly?noredirect=1&lq=1 https://stackoverflow.com/questions/48973815/javascript-html5-drag-events-not-firing-on-safari-mac-dragging-does-not-work/58407105

Wenson Hsieh

Comment 8 2019-10-16 09:55:24 PDT

Does not reproduce for me on macOS Catalina. Maybe a dupe of https://bugs.webkit.org/show_bug.cgi?id=191817?

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P1

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Mac (Intel)

OS All

Product WebKit

Component WebKit2

Assignee

Nobody

Reported

2012-04-05 07:15 PDT

Modified

2019-10-16 09:55 PDT History

CC List

6 users Show

URL

Keywords InRadar

Depends on

Blocks