Status: Unconfirmed Owner: [email protected] Labels: Type-Bug Pri-2 OS-All Area-Misc
New issue 6259 by [email protected]: Chromium crashes with custom cursors - WebCursor::GetCursor() hitting InvalidParameter http://code.google.com/p/chromium/issues/detail?id=6259 Chrome Version : continuous build @ r7859 from http://build.chromium.org/buildbot/continuous/2009-01-11/7859/ URLs (if applicable) : http://maps.google.com What steps will reproduce the problem? 1. Navigate Google maps 2. Scroll in/out, drag, move the mouse cursor in/out of the map area to change the custom cursor until problem appears 3. See Chromium Crash 4. Sigh :( Unfortunately I can't reproduce this on my primary workstation with visual studio installed, only within a VMWare instance. Both are running Win XP SP3. Thus the following info is from windbg. Stacktrace: chrome_1000000!`anonymous namespace'::InvalidParameter(wchar_t * expression = 0x00000000 "", wchar_t * function = 0x00000000 "", wchar_t * file = 0x00000000 "", unsigned int line = 0, unsigned int reserved = 0)+0x3 [c:\b\slave\chromium-rel-xp\build\src\chrome\app\chrome_dll_main.cc @ 87] chrome_1000000!_invalid_parameter_noinfo(void)+0xc [f:\sp\vctools\crt_bld\self_x86\crt\src\invarg.c @ 99] chrome_1000000!WebCursor::GetCursor(struct HINSTANCE__ * module_handle = 0x01000000)+0x12c [c:\b\slave\chromium-rel- xp\build\src\webkit\glue\webcursor_win.cc @ 167] chrome_1000000!RenderWidgetHostViewWin::UpdateCursorIfOverSelf(void)+0x83 [c:\b\slave\chromium-rel- xp\build\src\chrome\browser\render_widget_host_view_win.cc @ 236] chrome_1000000!RenderWidgetHostViewWin::UpdateCursor(class WebCursor * cursor = 0x0012f3c8)+0x1b [c:\b\slave\chromium-rel- xp\build\src\chrome\browser\render_widget_host_view_win.cc @ 218] chrome_1000000!IPC::MessageWithTuple<WebCursor>::Dispatch<RenderWidgetHost, void (class IPC::Message * msg = 0x0295f218, class RenderWidgetHost * obj = 0x028a2aa0, <function> * func = 0x011ed170)+0x2c [c:\b\slave\chromium-rel- xp\build\src\chrome\common\ipc_message_utils.h @ 1041] chrome_1000000!RenderWidgetHost::OnMessageReceived(class IPC::Message * msg = 0x0295f218)+0x139 [c:\b\slave\chromium-rel- xp\build\src\chrome\browser\render_widget_host.cc @ 322] chrome_1000000!RenderViewHost::OnMessageReceived(class IPC::Message * msg = 0x0295f218)+0x4f9 [c:\b\slave\chromium-rel- xp\build\src\chrome\browser\render_view_host.cc @ 712] chrome_1000000!RenderProcessHost::OnMessageReceived(class IPC::Message * msg = 0x0295f218)+0x170 [c:\b\slave\chromium-rel- xp\build\src\chrome\browser\render_process_host.cc @ 618] chrome_1000000!RunnableMethod<history::HistoryBackend,void (void)+0x17 [c:\b\slave\chromium-rel-xp\build\src\base\task.h @ 312] chrome_1000000!MessageLoop::RunTask(class Task * task = 0x0295f208)+0x80 [c:\b\slave\chromium-rel-xp\build\src\base\message_loop.cc @ 309] chrome_1000000!MessageLoop::DoWork(void)+0x1ea [c:\b\slave\chromium-rel- xp\build\src\base\message_loop.cc @ 416] chrome_1000000!base::MessagePumpForUI::DoRunLoop(void)+0x5a [c:\b\slave\chromium-rel-xp\build\src\base\message_pump_win.cc @ 209] chrome_1000000!base::MessagePumpWin::RunWithDispatcher(class base::MessagePump::Delegate * delegate = 0x0012f8d0, class base::MessagePumpWin::Dispatcher * dispatcher = 0x00d4a0d0)+0x42 [c:\b\slave\chromium-rel-xp\build\src\base\message_pump_win.cc @ 54] chrome_1000000!MessageLoop::RunInternal(void)+0xa9 [c:\b\slave\chromium- rel-xp\build\src\base\message_loop.cc @ 192] chrome_1000000!MessageLoop::RunHandler(void)+0xa0 [c:\b\slave\chromium-rel- xp\build\src\base\message_loop.cc @ 181] chrome_1000000!MessageLoopForUI::Run(class base::MessagePumpWin::Dispatcher * dispatcher = 0x00d4a0d0)+0x49 [c:\b\slave\chromium-rel- xp\build\src\base\message_loop.cc @ 559] chrome_1000000!BrowserMain(struct MainFunctionParams * parameters = 0x0012fbf0)+0x1218 [c:\b\slave\chromium-rel- xp\build\src\chrome\browser\browser_main.cc @ 492] chrome_1000000!ChromeMain(struct HINSTANCE__ * instance = 0x00400000, union sandbox::SandboxInterfaceInfo * sandbox_info = 0x0012fcfc, wchar_t * command_line = 0x000207d6 "")+0x5c2 [c:\b\slave\chromium-rel- xp\build\src\chrome\app\chrome_dll_main.cc @ 302] chrome!wWinMain(struct HINSTANCE__ * instance = 0x00400000, struct HINSTANCE__ * prev_instance = 0x00000000, wchar_t * command_line = 0x000207d6 "", int __formal = 10)+0x22e [c:\b\slave\chromium-rel- xp\build\src\chrome\app\chrome_exe_main.cc @ 93] Here are the stack locals from the WebCursor::GetCursor frame: module_handle 0x01000000 struct HINSTANCE__ * struct HINSTANCE__ * 0012f39c cursor_bitmap_info struct tagBITMAPINFO struct tagBITMAPINFO 0012f350 dc 0xea010629 struct HDC__ * struct HDC__ * 0012f390 ii struct _ICONINFO struct _ICONINFO 0012f37c mask 0x01000000 struct HBITMAP__ * struct HBITMAP__ * 0012f39c old_bitmap 0x01000000 struct HBITMAP__ * struct HBITMAP__ * 0012f39c this 0x010012b0 class WebCursor * class WebCursor * @ecx type_ -856913067 int 010012b0 hotspot_ class gfx::Point class gfx::Point 010012b4 custom_size_ class gfx::Size class gfx::Size 010012bc custom_data_ class std::vector<char,std::allocator<char> > class std::vector<char,std::allocator<char> > 010012c4 external_cursor_ 0x0001fc45 struct HICON__ * struct HICON__ * 010012d4 custom_cursor_ 0x458b0000 struct HICON__ * struct HICON__ * 010012d8 Since this crash does not appear for every cursor change it seems there could be some timing/synchronization issues. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
