Comment #2 on issue 6259 by jamesr.gatech: Chromium crashes with custom cursors - WebCursor::GetCursor() hitting InvalidParameter http://code.google.com/p/chromium/issues/detail?id=6259
I've been able to reproduce this on my main machine. Here's what seems to be happening: In the renderer, a mousemove triggers WebCore::Widget::setCursor() with a cursor parameter of type 'typeCustom' and with an image parameter of a valid-looking 32x32 image. This call invokes WebCore::WebCursor's copy c'tor from type WebCore::PlatformCursor which calls WebCursor::SetCustomData() with a WebCore::Image* parameter of dynamic type WebCore::BitmapImage. The passed in image has an m_width and m_height of 32, an m_currentFrame parameter of 1, and an m_frames vector of size 1 whose first element is a NULL pointer. This causes the call to WebCore::BitmapImage::nativeImageForCurrentFrame() to return NULL, which then causes SetCustomData() to early exit and for the WebCursor to have type == typeCustom and width/height == 32. I'm not sure if this means the image parameter is invalid or if there's some other issue, but from this point on we seem hosed. After this point a ViewHostMsg_SetCursor IPC message is sent to the browser with the cursor parameter having a type of typeCustom and width/height of 0. This is received in the browser side by OnMsgSetCursor which eventually calls WebCursor::GetCursor() which tries to invoke the windows API call SetDIBits() with the 5th parameter (lpvBits) set to "&custom_data_[0]". Since custom_data_ was initialized to 0 length, the [] operator craps out with vector out of bounds. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
