[chromium-bugs] Issue 3039 in chromium: Crash when adding a new word to the dictionary

codesite-noreply Wed, 01 Oct 2008 20:39:28 -0700

Issue 3039: Crash when adding a new word to the dictionary
http://code.google.com/p/chromium/issues/detail?id=3039


Comment #8 by [EMAIL PROTECTED]:
FAULTING_IP:
chrome_1000000!flag_bsearch+12 [c:\b\slave\chrome-
official\build\src\chrome\third_party\hunspell\src\hunspell\csutil.cxx @  
207]
01491af7 movzx   edx,word ptr [edx+eax*2]

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 01491af7 (chrome_1000000!flag_bsearch+0x00000012)
    ExceptionCode: c0000005 (Access violation)
   ExceptionFlags: 00000000
NumberParameters: 2
    Parameter[0]: 00000000
    Parameter[1]: 648f5932
Attempt to read from address 648f5932

FAULTING_THREAD:  00000ed0

DEFAULT_BUCKET_ID:  INVALID_POINTER_READ

PROCESS_NAME:  chrome.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced  
memory at
"0x%08lx". The memory could not be "%s".

READ_ADDRESS:  648f5932

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

PRIMARY_PROBLEM_CLASS:  INVALID_POINTER_READ

BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_READ

LAST_CONTROL_TRANSFER:  from 0149b18b to 01491af7

STACK_TEXT:
00f2e840 0149b18b 648f574a 00000000 00000000  
chrome_1000000!flag_bsearch+0x12
[c:\b\slave\chrome-
official\build\src\chrome\third_party\hunspell\src\hunspell\csutil.cxx @  
207]
00f2e860 014989aa 01ea7a20 00f2e8d8 00000008
chrome_1000000!SuggestMgr::checkword+0xab [c:\b\slave\chrome-
official\build\src\chrome\third_party\hunspell\src\hunspell\suggestmgr.cxx  
@ 1090]
00f2e888 01499f58 01ec8670 00f2e8d8 00000008  
chrome_1000000!SuggestMgr::testsug+0x76
[c:\b\slave\chrome-
official\build\src\chrome\third_party\hunspell\src\hunspell\suggestmgr.cxx  
@ 86]
00f2eb38 01498c2a 01ec8670 00000007 00000000
chrome_1000000!SuggestMgr::forgotchar_utf+0xfb [c:\b\slave\chrome-
official\build\src\chrome\third_party\hunspell\src\hunspell\suggestmgr.cxx  
@ 620]
00f2edd8 01491188 00f2f4b0 00f2f088 00afc1c8  
chrome_1000000!SuggestMgr::suggest+0x244
[c:\b\slave\chrome-
official\build\src\chrome\third_party\hunspell\src\hunspell\suggestmgr.cxx  
@ 163]
00f2f494 01220c06 00f2f590 00f2f610 00f2faf0  
chrome_1000000!Hunspell::suggest+0x5b7
[c:\b\slave\chrome-
official\build\src\chrome\third_party\hunspell\src\hunspell\hunspell.cxx @  
710]
00f2f5cc 01221e54 00f2f7bc 00000007 00f2f608
chrome_1000000!SpellChecker::SpellCheckWord+0x2ad [c:\b\slave\chrome-
official\build\src\chrome\browser\spellchecker.cc @ 445]
00f2f810 01221a2a 01e75040 00000000 01ebcc38
chrome_1000000!ResourceMessageFilter::OnReceiveContextMenuMsg+0x76
[c:\b\slave\chrome-official\build\src\chrome\browser\resource_message_filter.cc 
 
@
252]
00f2f88c 0118884b 00f2faf0 00f2faf0 01e75030
chrome_1000000!ResourceMessageFilter::OnMessageReceived+0x1da  
[c:\b\slave\chrome-
official\build\src\chrome\browser\resource_message_filter.cc @ 157]
00f2f89c 0118aa71 00f2faf0 00f2faf0 01ebcd0c
chrome_1000000!IPC::ChannelProxy::Context::TryFilters+0x24  
[c:\b\slave\chrome-
official\build\src\chrome\common\ipc_channel_proxy.cc @ 41]
00f2f8ac 0118f4e3 00f2faf0 01ebcc38 01ebdca9
chrome_1000000!IPC::SyncChannel::SyncContext::OnMessageReceived+0x10
[c:\b\slave\chrome-official\build\src\chrome\common\ipc_sync_channel.cc @  
325]
00f2fb1c 0118f8a3 01ebcc38 00af9934 00000000
chrome_1000000!IPC::Channel::ProcessIncomingMessages+0x268  
[c:\b\slave\chrome-
official\build\src\chrome\common\ipc_channel.cc @ 295]
00f2fbc4 010173fe 000003dc 00000000 00af9928
chrome_1000000!IPC::Channel::OnObjectSignaled+0xa5 [c:\b\slave\chrome-
official\build\src\chrome\common\ipc_channel.cc @ 425]
00f2fc6c 010170ca 00000000 00af9968 00af9928
chrome_1000000!base::MessagePumpWin::SignalWatcher+0xac [c:\b\slave\chrome-
official\build\src\base\message_pump_win.cc @ 500]
00f2fd3c 01016e92 00af9928 00000000 00000000
chrome_1000000!base::MessagePumpWin::WaitForWork+0x22d [c:\b\slave\chrome-
official\build\src\base\message_pump_win.cc @ 387]
00f2fd70 01016b6c 00f2feb0 00b002c8 00f2feb0
chrome_1000000!base::MessagePumpWin::DoRunLoop+0xb5 [c:\b\slave\chrome-
official\build\src\base\message_pump_win.cc @ 305]
00f2fd94 010166da 00000000 01008f11 00f2feb0
chrome_1000000!base::MessagePumpWin::RunWithDispatcher+0x39  
[c:\b\slave\chrome-
official\build\src\base\message_pump_win.cc @ 129]
00f2fd9c 01008f11 00f2feb0 00f2feb0 00b002c8
chrome_1000000!base::MessagePumpWin::Run+0xb [c:\b\slave\chrome-
official\build\src\base\message_pump_win.h @ 136]
00f2fe40 01008e85 1950e3bf 00f2feb0 00b002c8
chrome_1000000!MessageLoop::RunInternal+0x86 [c:\b\slave\chrome-
official\build\src\base\message_loop.cc @ 182]
00f2fe78 01008e28 00f2feb0 00000001 00f2fe00
chrome_1000000!MessageLoop::RunHandler+0x4f [c:\b\slave\chrome-
official\build\src\base\message_loop.cc @ 165]
00f2fe98 0147efef 7c9106eb 00000020 00b00308  
chrome_1000000!MessageLoop::Run+0x15
[c:\b\slave\chrome-official\build\src\base\message_loop.cc @ 139]
00f2ff70 0100d0c0 0158ca91 00b002c8 1950e26b
chrome_1000000!base::Thread::ThreadMain+0x7d [c:\b\slave\chrome-
official\build\src\base\thread.cc @ 159]
00f2ff74 0158ca91 00b002c8 1950e26b 7c9106eb chrome_1000000!`anonymous
namespace'::ThreadFunc+0x9 [c:\b\slave\chrome-
official\build\src\base\platform_thread_win.cc @ 29]
00f2ffac 0158cb36 00000020 7c80b683 00b00308  
chrome_1000000!_callthreadstartex+0x1b
[f:\sp\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
00f2ffb4 7c80b683 00b00308 7c9106eb 00000020  
chrome_1000000!_threadstartex+0x7f
[f:\sp\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
00f2ffec 00000000 0158cab7 00b00308 00000000 kernel32!BaseThreadStart+0x37


FOLLOWUP_IP:
chrome_1000000!flag_bsearch+12 [c:\b\slave\chrome-
official\build\src\chrome\third_party\hunspell\src\hunspell\csutil.cxx @  
207]
01491af7 movzx   edx,word ptr [edx+eax*2]

FAULTING_SOURCE_CODE:
    203:    int left = 0;
    204:    int right = length - 1;
    205:    while (left <= right) {
    206:       mid = (left + right) / 2;
>  207:       if (flags[mid] == flag) return 1;
    208:       if (flag < flags[mid]) right = mid - 1;
    209:       else left = mid + 1;
    210:    }
    211:    return 0;
    212: }


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  chrome_1000000!flag_bsearch+12

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: chrome_1000000

IMAGE_NAME:  chrome.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  48d95a7c

STACK_COMMAND:  ~5s ; kb

FAILURE_BUCKET_ID:  INVALID_POINTER_READ_c0000005_chrome.dll!flag_bsearch

BUCKET_ID:   
APPLICATION_FAULT_INVALID_POINTER_READ_chrome_1000000!flag_bsearch+12

Followup: MachineOwner
---------




-- 
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Chromium-bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/chromium-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---

[chromium-bugs] Issue 3039 in chromium: Crash when adding a new word to the dictionary

Reply via email to