[chromium-bugs] Issue 7104 in chromium: Tab crash @ WebCore::Element::cloneNode()

Tue, 27 Jan 2009 17:19:41 -0800 

Updates:
        Summary: Tab crash @ WebCore::Element::cloneNode()
        Labels: -Area-Misc Area-Compat Channel-Beta

Comment #2 on issue 7104 by [email protected]: Tab crash @  
WebCore::Element::cloneNode()
http://code.google.com/p/chromium/issues/detail?id=7104

The crash (tab) reproduces in DEV and also Trunk (r8638)

The full dump can be found @
http://crash/reportdetail?email=&clientid=&reportid=aca968d3fabf609f&product=Chrome&version=&signature=&date=


Stack Analysis for the crash:
#############################
FAULTING_IP:
chrome_1000000!WebCore::Element::cloneNode+72
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\dom\element.cpp
  
@  
94]
0121524b 8b07            mov     eax,dword ptr [edi]

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0121524b  
(chrome_1000000!WebCore::Element::cloneNode+0x00000072)
    ExceptionCode: c0000005 (Access violation)
   ExceptionFlags: 00000000
NumberParameters: 2
    Parameter[0]: 00000000
    Parameter[1]: 00000000
Attempt to read from address 00000000

DEFAULT_BUCKET_ID:  NULL_POINTER_READ

PROCESS_NAME:  chrome.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced  
memory at
"0x%08lx". The memory could not be "%s".

READ_ADDRESS:  00000000

FAULTING_THREAD:  0000061c

PRIMARY_PROBLEM_CLASS:  NULL_POINTER_READ

BUGCHECK_STR:  APPLICATION_FAULT_NULL_POINTER_READ

LAST_CONTROL_TRANSFER:  from 01246a04 to 0121524b

STACK_TEXT:
00c7f1f4 01246a04 00c7f204 00000001 00000000
chrome_1000000!WebCore::Element::cloneNode+0x72
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\dom\element.cpp
  
@  
94]
00c7f21c 01215263 00000000 00b7e690 017a50f0
chrome_1000000!WebCore::ContainerNode::cloneChildNodes+0x48
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\dom\containernode.cpp
  
@
647]
00c7f248 01246a04 00c7f258 00000001 02197da0
chrome_1000000!WebCore::Element::cloneNode+0x8a
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\dom\element.cpp
  
@  
99]
00c7f270 01215263 00000000 02197da0 017a50f0
chrome_1000000!WebCore::ContainerNode::cloneChildNodes+0x48
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\dom\containernode.cpp
  
@
647]
00c7f29c 01246a04 00c7f2ac 00000001 00000000
chrome_1000000!WebCore::Element::cloneNode+0x8a
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\dom\element.cpp
  
@  
99]
00c7f2c4 01215263 00000000 021fb390 00b7e4c8
chrome_1000000!WebCore::ContainerNode::cloneChildNodes+0x48
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\dom\containernode.cpp
  
@
647]
00c7f2f0 01054e29 00c7f314 00c7f301 00ac1508
chrome_1000000!WebCore::Element::cloneNode+0x8a
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\dom\element.cpp
  
@  
99]
00c7f308 0160ede4 00c7f330 00c7f301 00000002
chrome_1000000!WebCore::NodeInternal::cloneNodeCallback+0x40
[c:\b\slave\chrome-official\build\src\chrome\release\obj\v8bindings\derivedsources\v8node.cpp
@ 290]
00c7f404 00c7f550 0183aad0 0196016c 00000002
chrome_1000000!v8::internal::Builtin_HandleApiCall+0x1d4
[c:\b\slave\chrome-official\build\src\v8\src\builtins.cc @ 380]
WARNING: Frame IP not in any known module. Following frames may be wrong.
00c7f410 00000000 00c7f430 00000000 00c7f414 0xc7f550


STACK_COMMAND:  ~1s; .ecxr ; kb

FOLLOWUP_IP:
chrome_1000000!WebCore::Element::cloneNode+72
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\dom\element.cpp
  
@  
94]
0121524b 8b07            mov     eax,dword ptr [edi]

FAULTING_SOURCE_CODE:
     90:     // clone attributes
     91:     if (namedAttrMap)
     92:         clone->attributes()->setAttributes(*namedAttrMap);
     93:
>   94:     clone->copyNonAttributeProperties(this);
     95:
     96:     if (deep)
     97:         cloneChildNodes(clone.get());
     98:
     99:     return clone.release();


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  chrome_1000000!WebCore::Element::cloneNode+72

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: chrome_1000000

IMAGE_NAME:  chrome.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  497d3dc1

FAILURE_BUCKET_ID:   
NULL_POINTER_READ_c0000005_chrome.dll!WebCore::Element::cloneNode

BUCKET_ID:
APPLICATION_FAULT_NULL_POINTER_READ_chrome_1000000!WebCore::Element::cloneNode+72


--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---

Reply via email to