Comment #1 on issue 4749 by [EMAIL PROTECTED]: Crash in
ResourceDispatcherHost::RemovePendingRequest on browser shutdown.
http://code.google.com/p/chromium/issues/detail?id=4749
It seems that we crashed while computing iter->second:
void ResourceDispatcherHost::RemovePendingRequest(
const PendingRequestList::iterator& iter) {
// Notify the login handler that this request object is going away.
ExtraRequestInfo* info = ExtraInfoForRequest(iter->second); <=== HERE
if (info && info->login_handler)
info->login_handler->OnRequestCancelled();
delete iter->second;
pending_requests_.erase(iter);
// If we have no more pending requests, then stop the load state monitor
if (pending_requests_.empty())
update_load_states_timer_.Stop();
}
chrome_2670000!ResourceDispatcherHost::RemovePendingRequest:
02751390 55 push ebp
02751391 8bec mov ebp,esp
02751393 83ec08 sub esp,8
02751396 53 push ebx
02751397 56 push esi
02751398 8b7508 mov esi,dword ptr [ebp+8]
0275139b c745fc00000000 mov dword ptr [ebp-4],0
027513a2 833e00 cmp dword ptr [esi],0
027513a5 8bd9 mov ebx,ecx
027513a7 7505 jne
chrome_2670000!ResourceDispatcherHost::RemovePendingRequest+0x1e (027513ae)
027513a9 e887f84600 call chrome!normTrie_data32+0x2c4f (0046f887)
027513ae 8b06 mov eax,dword ptr [esi]
027513b0 8b4e04 mov ecx,dword ptr [esi+4]
027513b3 3b4804 cmp ecx,dword ptr [eax+4]
027513b6 7505 jne
chrome_2670000!ResourceDispatcherHost::RemovePendingRequest+0x2d (027513bd)
027513b8 e878f84600 call chrome!normTrie_data32+0x2c40 (0046f878)
027513bd 8b5604 mov edx,dword ptr [esi+4] <=== HERE
027513c0 8b4214 mov eax,dword ptr [edx+14h]
027513c3 8b80cc010000 mov eax,dword ptr [eax+1CCh]
027513c9 85c0 test eax,eax
027513cb 7412 je
chrome_2670000!ResourceDispatcherHost::RemovePendingRequest+0x4f (027513df)
027513cd 83780c00 cmp dword ptr [eax+0Ch],0
027513d1 740c je
chrome_2670000!ResourceDispatcherHost::RemovePendingRequest+0x4f (027513df)
027513d3 8b400c mov eax,dword ptr [eax+0Ch]
027513d6 8b10 mov edx,dword ptr [eax]
027513d8 8bc8 mov ecx,eax
027513da 8b4208 mov eax,dword ptr [edx+8]
027513dd ffd0 call eax
Perhaps the caller passed in an invalid 'iter':
void ResourceDispatcherHost::CancelRequestsForRenderView(
...
// Remove matches.
for (size_t i = 0; i < matching_requests.size(); ++i) {
PendingRequestList::iterator iter =
pending_requests_.find(matching_requests[i]);
DCHECK(iter != pending_requests_.end());
RemovePendingRequest(iter); <=== HERE
}
}
Perhaps 'iter' was pending_requests_.end(). One thing we can
try is to change that DCHECK to CHECK.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Chromium-bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/chromium-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
