Issue 682047 link

Starred by 1 user

Issue metadata

Status:	Available
Owner:	----
Components:	Blink>DataTransfer
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	3
Type:	Bug

Investigate invariant violation in browser->renderer IPC

Project Member Reported by pwnall@chromium.org, Jan 18 2017

Issue description

http://crrev.com/2610023002, which is a speculative fix for http://crbug.com/677916, assumes that it is possible for the renderer to receive a DragMsg_TargetDragLeave before a mouse movement exceeds the threshold needed to start a dragging operation.

Per [1], this is a violation of the invariants in the browser->renderer IPC interface around Drag-and-Drop, and should be investigated.

[1] https://codereview.chromium.org/2610023002/diff/20001/third_party/WebKit/Source/core/input/EventHandlerTest.cpp#newcode279

Comment 1 by pwnall@chromium.org, Feb 17 2017

Components: Blink>DataTransfer

Comment 2 by pwnall@chromium.org, Apr 25 2017

The crashes in http://crbug.com/668331 are most likely related.

Comment 3 by pwnall@chromium.org, Aug 10

Owner: ----
Status: Available (was: Assigned)

►

Issue 682047 link

Issue metadata

Investigate invariant violation in browser->renderer IPC

Issue description

Comment 1 by pwnall@chromium.org, Feb 17 2017

Comment 1 Deleted

Comment 2 by pwnall@chromium.org, Apr 25 2017

Comment 2 Deleted

Comment 3 by pwnall@chromium.org, Aug 10

Comment 3 Deleted

Sign in to add a comment