[chromium-bugs] Issue 6650 in chromium: Animated gif crashes tab

codesite-noreply Wed, 21 Jan 2009 12:21:02 -0800

Updates:
        Status: Duplicate
        Mergedinto: 6062

Comment #7 on issue 6650 by [email protected]: Animated gif  
crashes tab
http://code.google.com/p/chromium/issues/detail?id=6650


Looks like dupe of the Issue 6062, which is private.

Stack Analysis for this crash:
#############################
FAULTING_IP:
chrome_12e0000!WebCore::RGBA32Buffer::setRGBA+86
[c:\b\slave\chrome-official\build\src\webkit\port\platform\image-decoders\imagedecoder.h
@ 203]
018427d8 8906            mov     dword ptr [esi],eax

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 018427d8  
(chrome_12e0000!WebCore::RGBA32Buffer::setRGBA+0x00000086)
    ExceptionCode: c0000005 (Access violation)
   ExceptionFlags: 00000000
NumberParameters: 2
    Parameter[0]: 00000001
    Parameter[1]: 009fd6b8
Attempt to write to address 009fd6b8

DEFAULT_BUCKET_ID:  INVALID_POINTER_READ

PROCESS_NAME:  chrome.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced  
memory at
"0x%08lx". The memory could not be "%s".

WRITE_ADDRESS:  009fd6b8

FAULTING_THREAD:  00000148

PRIMARY_PROBLEM_CLASS:  INVALID_POINTER_READ

BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_READ

LAST_CONTROL_TRANSFER:  from 01843e66 to 018427d8

STACK_TEXT:
00ccf2d8 01843e66 000000eb 000000eb 000000eb
chrome_12e0000!WebCore::RGBA32Buffer::setRGBA+0x86
[c:\b\slave\chrome-official\build\src\webkit\port\platform\image-decoders\imagedecoder.h
@ 203]
00ccf318 018459ad 00b50658 00b4a038 00b4a055
chrome_12e0000!WebCore::GIFImageDecoder::haveDecodedRow+0x130
[c:\b\slave\chrome-official\build\src\webkit\port\platform\image-decoders\gif\gifimagedecoder.cpp
@ 380]
00ccf34c 01845c2e 009ed7a8 00000001 00b589e9
chrome_12e0000!GIFImageReader::output_row+0xc8
[c:\b\slave\chrome-official\build\src\webkit\port\platform\image-decoders\gif\gifimagereader.cpp
@ 167]
00ccf3a0 01845d8f 009ed7a8 00b58ab4 00b50620
chrome_12e0000!GIFImageReader::do_lzw+0x217
[c:\b\slave\chrome-official\build\src\webkit\port\platform\image-decoders\gif\gifimagereader.cpp
@ 351]
00ccf3d4 01843886 009ed7a8 00b58ae7 0000813a  
chrome_12e0000!GIFImageReader::read+0xd0
[c:\b\slave\chrome-official\build\src\webkit\port\platform\image-decoders\gif\gifimagereader.cpp
@ 441]
00ccf3ec 01843aa2 00000000 00000003 00b61108
chrome_12e0000!WebCore::GIFImageDecoderPrivate::decode+0x26
[c:\b\slave\chrome-official\build\src\webkit\port\platform\image-decoders\gif\gifimagedecoder.cpp
@ 53]
00ccf400 01843a2b 00b50620 00000000 00000003
chrome_12e0000!WebCore::GIFImageDecoder::decode+0x1f
[c:\b\slave\chrome-official\build\src\webkit\port\platform\image-decoders\gif\gifimagedecoder.cpp
@ 227]
00ccf418 016a9a51 00000002 00b4b898 016c58ae
chrome_12e0000!WebCore::GIFImageDecoder::frameBufferAtIndex+0x33
[c:\b\slave\chrome-official\build\src\webkit\port\platform\image-decoders\gif\gifimagedecoder.cpp
@ 184]
00ccf424 016c58ae 00000002 00b4b888 00000002
chrome_12e0000!WebCore::ImageSource::createFrameAtIndex+0x14
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\platform\graphics\skia\imagesourceskia.cpp
@ 183]
00ccf440 016c5b19 00000002 00000000 00b4b888
chrome_12e0000!WebCore::BitmapImage::cacheFrame+0x60
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\platform\graphics\bitmapimage.cpp
@ 124]
00ccf454 016c5c87 00000002 00ccf578 00b4b888
chrome_12e0000!WebCore::BitmapImage::frameIsCompleteAtIndex+0x32
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\platform\graphics\bitmapimage.cpp
@ 220]
00ccf48c 01761893 00000001 00ccf578 00ccf588
chrome_12e0000!WebCore::BitmapImage::startAnimation+0x96
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\platform\graphics\bitmapimage.cpp
@ 290]
00ccf508 016dce69 00ccfc10 00ccf524 00ccf534
chrome_12e0000!WebCore::BitmapImage::draw+0x1f
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\platform\graphics\skia\imageskia.cpp
@ 413]
00ccf558 016dca19 00ccfc10 43fd8000 00000002
chrome_12e0000!WebCore::GraphicsContext::drawImage+0x125
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\platform\graphics\graphicscontext.cpp
@ 430]
00ccf59c 016dc9e4 00ccfc10 00b4b888 00ccf614
chrome_12e0000!WebCore::GraphicsContext::drawImage+0x31
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\platform\graphics\graphicscontext.cpp
@ 302]
00ccf5cc 01727747 00ccfc10 00b4b888 00ccf614
chrome_12e0000!WebCore::GraphicsContext::drawImage+0x2d
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\platform\graphics\graphicscontext.cpp
@ 292]
00ccf64c 01796bcb 00ccf6bc 00000000 00000000
chrome_12e0000!WebCore::RenderImage::paintReplaced+0x18e
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderimage.cpp
@ 409]
00ccf69c 01779df3 00ccf6bc 00000000 00000000
chrome_12e0000!WebCore::RenderReplaced::paint+0x123
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderreplaced.cpp
@ 142]
00ccf6e0 017c3f22 00ccf700 00000000 00000000
chrome_12e0000!WebCore::InlineBox::paint+0xbc
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\inlinebox.cpp
@ 156]
00ccf744 0178f449 00ccf7cc 00000000 00000000
chrome_12e0000!WebCore::InlineFlowBox::paint+0x24e
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\inlineflowbox.cpp
@ 661]
00ccf75c 01791e3f 00ccf7cc 00000000 00000000
chrome_12e0000!WebCore::RootInlineBox::paint+0x14
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\rootinlinebox.cpp
@ 180]
00ccf7f0 01732e20 00b4ef78 00000000 00000000
chrome_12e0000!WebCore::RenderFlow::paintLines+0x288
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderflow.cpp
@ 434]
00ccf804 017331b6 00ccf8b0 00000000 00000000
chrome_12e0000!WebCore::RenderBlock::paintContents+0x3d
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1604]
00ccf844 01732afa 00ccf8b0 00000000 00000000
chrome_12e0000!WebCore::RenderBlock::paintObject+0xcc
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1699]
00ccf890 01732f1c 00ccf8b0 00000000 00000000
chrome_12e0000!WebCore::RenderBlock::paint+0x13d
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1520]
00ccf8dc 01732e2b 00b4ee40 00ccf9d8 00000000
chrome_12e0000!WebCore::RenderBlock::paintChildren+0xed
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1634]
00ccf8f4 017331b6 00ccf9d8 00000000 00000000
chrome_12e0000!WebCore::RenderBlock::paintContents+0x48
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1606]
00ccf934 01732afa 00ccf9d8 00000000 00000000
chrome_12e0000!WebCore::RenderBlock::paintObject+0xcc
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1699]
00ccf984 016e2ac4 00ccf9d8 00000000 00000000
chrome_12e0000!WebCore::RenderBlock::paint+0x13d
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1520]
00ccfa58 016e2be6 00b4ed98 00ccfc10 00ccfbb0
chrome_12e0000!WebCore::RenderLayer::paintLayer+0x546
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderlayer.cpp
@ 1792]
00ccfb40 016d02ff 00b4ed98 00ccfc10 00ccfbb0
chrome_12e0000!WebCore::RenderLayer::paintLayer+0x668
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderlayer.cpp
@ 1815]
00ccfb80 016a8d58 00ccfc10 00ccfbb0 00aea4f0
chrome_12e0000!WebCore::FrameView::paintContents+0xd2
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\page\frameview.cpp
  
@
1258]
00ccfbf0 01635e15 00ccfc10 00ccfc20 00ccfda8
chrome_12e0000!WebCore::ScrollView::paint+0x13d
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\platform\scrollview.cpp
@ 697]
00ccfc80 01625efc 00aea4f0 00ccfcac 00ccfda8  
chrome_12e0000!WebFrameImpl::Paint+0xbd
[c:\b\slave\chrome-official\build\src\webkit\glue\webframe_impl.cc @ 1441]
00ccfc90 012f65ee 00ccfcac 00ccfda8 00ae73d0  
chrome_12e0000!WebViewImpl::Paint+0x19
[c:\b\slave\chrome-official\build\src\webkit\glue\webview_impl.cc @ 867]
00ccfd7c 012f66ca 00ae7350 00ccfe08 00b4d39c
chrome_12e0000!RenderWidget::PaintRect+0xac
[c:\b\slave\chrome-official\build\src\chrome\renderer\render_widget.cc @  
368]
00ccfdec 012f57c8 00b4d388 00ccfef0 012f661f
chrome_12e0000!RenderWidget::DoDeferredPaint+0xab
[c:\b\slave\chrome-official\build\src\chrome\renderer\render_widget.cc @  
410]
00ccfe08 014c6959 014c6990 00ccfe48 009ee160
chrome_12e0000!RunnableMethod<RenderView,void (__thiscall
RenderView::*)(void),Tuple0>::Run+0x2b
[c:\b\slave\chrome-official\build\src\base\task.h @ 312]
00ccfe0c 014c6990 00ccfe48 009ee160 014c6b1e  
chrome_12e0000!MessageLoop::RunTask+0x1c
[c:\b\slave\chrome-official\build\src\base\message_loop.cc @ 309]
00ccfe18 014c6b1e 00ad2f38 00ad2f28 00ccfef0
chrome_12e0000!MessageLoop::DeferOrRunPendingTask+0x2a
[c:\b\slave\chrome-official\build\src\base\message_loop.cc @ 316]
00ccfe48 014dd6b7 00ccfef0 009e8824 00000000  
chrome_12e0000!MessageLoop::DoWork+0x6e
[c:\b\slave\chrome-official\build\src\base\message_loop.cc @ 408]
00ccfe74 014c682a 00ccfef0 00ccfef0 009e8824
chrome_12e0000!base::MessagePumpDefault::Run+0xbc
[c:\b\slave\chrome-official\build\src\base\message_pump_default.cc @ 50]
00ccfe88 014c67f7 1361602b 009e8838 009e8824
chrome_12e0000!MessageLoop::RunInternal+0x2d
[c:\b\slave\chrome-official\build\src\base\message_loop.cc @ 198]
00ccfec0 014c679a 012e6903 00000001 009e8800
chrome_12e0000!MessageLoop::RunHandler+0x4f
[c:\b\slave\chrome-official\build\src\base\message_loop.cc @ 181]
00ccfee0 014ccb0a 00000000 00000000 01a836d4  
chrome_12e0000!MessageLoop::Run+0x15
[c:\b\slave\chrome-official\build\src\base\message_loop.cc @ 155]
00ccffb0 014ca39b 7c80b713 009e8824 00000000
chrome_12e0000!base::Thread::ThreadMain+0x81
[c:\b\slave\chrome-official\build\src\base\thread.cc @ 156]
00ccffb4 7c80b713 009e8824 00000000 00000000 chrome_12e0000!`anonymous
namespace'::ThreadFunc+0x9
[c:\b\slave\chrome-official\build\src\base\platform_thread_win.cc @ 27]
00ccffec 00000000 014ca392 009e8824 00000000 kernel32!BaseThreadStart+0x37


STACK_COMMAND:  ~1s; .ecxr ; kb

FOLLOWUP_IP:
chrome_12e0000!WebCore::RGBA32Buffer::setRGBA+86
[c:\b\slave\chrome-official\build\src\webkit\port\platform\image-decoders\imagedecoder.h
@ 203]
018427d8 8906            mov     dword ptr [esi],eax

FAULTING_SOURCE_CODE:
No source found for
'c:\b\slave\chrome-official\build\src\webkit\port\platform\image-decoders\imagedecoder.h'


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  chrome_12e0000!WebCore::RGBA32Buffer::setRGBA+86

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: chrome_12e0000

IMAGE_NAME:  chrome.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  496eebd5

FAILURE_BUCKET_ID:
INVALID_POINTER_READ_c0000005_chrome.dll!WebCore::RGBA32Buffer::setRGBA

BUCKET_ID:
APPLICATION_FAULT_INVALID_POINTER_READ_chrome_12e0000!WebCore::RGBA32Buffer::setRGBA+86


--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---

[chromium-bugs] Issue 6650 in chromium: Animated gif crashes tab

Reply via email to