Status: Untriaged Owner: ---- Labels: Type-Bug Pri-1 OS-All Area-Misc stable Crash
New issue 6463 by [email protected]: Crash in chrome.dll!WebCursor::GetCursor http://code.google.com/p/chromium/issues/detail?id=6463 I can readily reproduce this with ToT as of 1/14/9. Go to moma, click on maps, click the search button, then start dragging around. Eventually I get a crash. Here's the trace: chrome.dll!`anonymous namespace'::InvalidParameter(const wchar_t * expression=0x02f8653c, const wchar_t * function=0x02f95f08, const wchar_t * file=0x02f87688, unsigned int line=757, unsigned int reserved=0) Line 87 C++ chrome.dll!_invalid_parameter(const wchar_t * pszExpression=0x02f8653c, const wchar_t * pszFunction=0x02f95f08, const wchar_t * pszFile=0x02f87688, unsigned int nLine=757, unsigned int pReserved=0) Line 80 + 0x17 bytes C++ chrome.dll!std::vector<char,std::allocator<char> >::operator[](unsigned int _Pos=0) Line 757 + 0x40 bytes C++ > chrome.dll!WebCursor::GetCursor(HINSTANCE__ * module_handle=0x010e0000) Line 169 + 0x15 bytes C++ chrome.dll!RenderWidgetHostViewWin::UpdateCursorIfOverSelf() Line 231 + 0x11 bytes C++ chrome.dll!RenderWidgetHostViewWin::UpdateCursor(const WebCursor & cursor={...}) Line 218 + 0xf bytes C++ chrome.dll!RenderWidgetHost::OnMsgSetCursor(const WebCursor & cursor={...}) Line 525 + 0x19 bytes C++ chrome.dll!DispatchToMethod<RenderWidgetHost,void (__thiscall RenderWidgetHost::*)(WebCursor const &),WebCursor>(RenderWidgetHost * obj=0x094119d0, void (const WebCursor &)* method=0x0167c150, const WebCursor & arg={...}) Line 388 + 0xc bytes C++ chrome.dll!IPC::MessageWithTuple<WebCursor>::Dispatch<RenderWidgetHost,void (__thiscall RenderWidgetHost::*)(WebCursor const &)>(const IPC::Message * msg=0x09340000, RenderWidgetHost * obj=0x094119d0, void (const WebCursor &)* func=0x0167c150) Line 1040 + 0x11 bytes C++ chrome.dll!RenderWidgetHost::OnMessageReceived(const IPC::Message & msg={...}) Line 322 + 0x12 bytes C++ chrome.dll!RenderViewHost::OnMessageReceived(const IPC::Message & msg={...}) Line 734 C++ chrome.dll!RenderProcessHost::OnMessageReceived(const IPC::Message & msg={...}) Line 618 + 0x13 bytes C++ chrome.dll!IPC::ChannelProxy::Context::OnDispatchMessage(const IPC::Message & message={...}) Line 182 + 0x1b bytes C++ chrome.dll!DispatchToMethod<IPC::ChannelProxy::Context,void (__thiscall IPC::ChannelProxy::Context::*)(IPC::Message const &),IPC::Message>(IPC::ChannelProxy::Context * obj=0x093bab18, void (const IPC::Message &)* method=0x0118a0e0, const Tuple1<IPC::Message> & arg={...}) Line 393 + 0xf bytes C++ chrome.dll!RunnableMethod<IPC::ChannelProxy::Context,void (__thiscall IPC::ChannelProxy::Context::*)(IPC::Message const &),Tuple1<IPC::Message> >::Run() Line 312 + 0x1e bytes C++ chrome.dll!MessageLoop::RunTask(Task * task=0x0933ffd8) Line 308 + 0xf bytes C++ chrome.dll!MessageLoop::DeferOrRunPendingTask(const MessageLoop::PendingTask & pending_task={...}) Line 319 C++ chrome.dll!MessageLoop::DoWork() Line 408 + 0xc bytes C++ chrome.dll!base::MessagePumpForUI::DoRunLoop() Line 208 + 0x1d bytes C++ chrome.dll!base::MessagePumpWin::RunWithDispatcher(base::MessagePump::Deleg ate * delegate=0x0012f844, base::MessagePumpWin::Dispatcher * dispatcher=0x054ecf70) Line 52 + 0xf bytes C++ chrome.dll!MessageLoop::RunInternal() Line 193 C++ chrome.dll!MessageLoop::RunHandler() Line 181 C++ chrome.dll!MessageLoopForUI::Run(base::MessagePumpWin::Dispatcher * dispatcher=0x054ecf70) Line 559 C++ chrome.dll!BrowserMain(const MainFunctionParams & parameters={...}) Line 485 C++ chrome.dll!ChromeMain(HINSTANCE__ * instance=0x00400000, sandbox::SandboxInterfaceInfo * sandbox_info=0x0012fe88, wchar_t * command_line=0x00020966) Line 302 + 0xc bytes C++ chrome.exe!wWinMain(HINSTANCE__ * instance=0x00400000, HINSTANCE__ * prev_instance=0x00000000, wchar_t * command_line=0x00020966, int __formal=1) Line 93 + 0x12 bytes C++ chrome.exe!__tmainCRTStartup() Line 324 + 0x35 bytes C chrome.exe!wWinMainCRTStartup() Line 196 C kernel32.dll!7c817067() [Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll] chrome.exe!std::_Median<std::_Vector_iterator<tracked_objects::Snapshot,std ::allocator<tracked_objects::Snapshot> >,tracked_objects::Comparator>(std::_Vector_iterator<tracked_objects::Snaps hot,std::allocator<tracked_objects::Snapshot> > _First={birth_=0xcccccccc death_thread_=0xcccccccc death_data_={...} }, std::_Vector_iterator<tracked_objects::Snapshot,std::allocator<tracked_obje cts::Snapshot> > _Mid={birth_=0x48000a02 death_thread_=0x0b021000 death_data_={...} }, std::_Vector_iterator<tracked_objects::Snapshot,std::allocator<tracked_obje cts::Snapshot> > _Last={birth_=0x00060800 death_thread_=0x00000000 death_data_={...} }, tracked_objects::Comparator _Pred={...}) Line 3166 + 0x38 bytes C++ chrome.exe!Singleton<`anonymous namespace'::NowSingleton,DefaultSingletonTraits<`anonymous namespace'::NowSingleton>,A0xd0fbce90::NowSingleton>::get() Line 125 + 0xe bytes C++ cccccccc() The cursor's size (cursor_size_) is 0x0 and the data (custom_data_) is empty. CreateDIBSection returns NULL and SetDIBits triggers the exception handler as custom_data_ is empty. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
