Dragging images causes Tor Browser to crash on Mac

If I deliberately or accidentally hold my mouse on an image and move the image, TBB Firefox (and before TBB Firefox, TBB Aurora) always crashes.

This happens on Snow Leopard, OS X 10.6.8 (not a problem on Windows).

The hardware is a MacBook Pro 2.66 GHz Intel Core i7.

I am currently using TBB 2.2.35-5, but this has been the case for all previous TBB.

Trac:
Username: mwolfe

changed milestone to %TorBrowserBundle 2.2.x-stable

added MikePerry201204 actualpoints::4 component::torbrowserbutton milestone::TorBrowserBundle 2.2.x-stable owner::mikeperry points::4 priority::high reporter::mwolfe resolution::fixed status::closed type::defect labels

Can't reproduce on Lion, can someone reproduce this at all and get some crash logs?

Trac:
Owner: N/A to mikeperry
Component: - Select a component to Tor Browser

Trac:
Username: mwolfe

crash_log.doc

Trac:
Username: mwolfe

I can repro on my Mac, but no where else. Also, #4932 (closed) is a dup.

Trac:
Version: Tor: 0.2.2.35 to N/A
Summary: Moving images on a webpage causes TBB Firefox to crash to Dragging images causes Tor Browser to crash on Mac
Component: Tor Browser to TorBrowserButton
Keywords: Firefox for TBB deleted, N/A added

mwolfe: is it possible to save that doc as a txt file and re-upload?

Trac:
Milestone: N/A to TorBrowserBundle 2.2.x-stable
Priority: normal to major

The bug is not just limited to images. Dragging tabs into 'whitespace' surrounding browser window will result in the same crash behaviour. Expected behaviour is for aforementioned dragging manoeuvre to result in the tab opening in a new window.

Trac:
crash-report.txt

Crash Report - Image Dragging in TOR browser (OSX)

Are there any updates/progress/things we can help with? This is a pretty big issue :/

The discussion on https://bugzilla.mozilla.org/show_bug.cgi?id=673301 appears to be potentially relevant here

FYI, the relevant code is invokeDragSessionWithImage() in external-app-blocker.js.

I do have a Mac. If it crashes on me enough times, I might be motivated to get to this soon... But the stack trace is in the middle of nowhere, so most likely I'll just be banging on the JS code blindly.

It's quite likely there is an underlying Firefox XPCOM bug on Mac triggering our woes here.. Which means I'm going to need to install Xcode+gdb and set up my Mac for Firefox development to fix this one... Not something I'm looking forward to.

Sebastian claims that commenting out invokeDragSessionWithImage and also unregistering the component did not help.. I think the next step is to try a Torbutton from before this support was added. 1.4.4.1 should do.

https://archive.torproject.org/tor-package-archive/torbutton/

Trac:
Cc: N/A to Sebastian

Sebastian: 1.4.4.1 works without crashing on my Mac. Let me know if it still crashes for you. If it still crashes, #5455 (closed) probably is a different crash bug...

No, going back to 1.4.4.1 totally fixes the crash for me.

Replying to Sebastian:

No, going back to 1.4.4.1 totally fixes the crash for me.

Ok then can you try out dragging tabs, images, and links around between browser windows, onto the desktop, and into other apps while running wireshark and let me know which ones cause proxy bypass? I'm especially interested in 10.7.

I'm no expert in wireshark, but I didn't find any leak for just dragging any of the three inside Firefox. Once I dragged them to either the desktop or some other apps, stuff started leaking for images. Hyperlinks, texts, and tabs seemed to be fine.

Bleh.. What happens if you set about:config pref nglayout.enable_drag_images to false? Any leaks then?