[chromium-bugs] Issue 7492 in chromium: SVG image crash the tab

codesite-noreply Tue, 17 Feb 2009 11:06:40 -0800

Updates:
        Labels: -FeedbackRequested Crash

Comment #6 on issue 7492 by [email protected]: SVG image crash the  
tab
http://code.google.com/p/chromium/issues/detail?id=7492


Thanks for the response with the Crash ID.

The full crash dump can be found @
http://crash/reportdetail?email=&clientid=&reportid=1209c49aa630c4a1&product=Chrome&version=&signature=&date=

Stack Analysis for the crash
############################
FAULTING_IP:
chrome_6d950000!walk_edges+e9
[c:\b\slave\chrome-official\build\src\skia\sgl\skscan_path.cpp @ 149]
6de1a25b 0fbf4610        movsx   eax,word ptr [esi+10h]

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 6de1a25b (chrome_6d950000!walk_edges+0x000000e9)
    ExceptionCode: c0000005 (Access violation)
   ExceptionFlags: 00000000
NumberParameters: 2
    Parameter[0]: 00000000
    Parameter[1]: 54032617
Attempt to read from address 54032617

DEFAULT_BUCKET_ID:  STATUS_ACCESS_VIOLATION

PROCESS_NAME:  chrome.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced  
memory at
"0x%08lx". The memory could not be "%s".

READ_ADDRESS:  54032617

FAULTING_THREAD:  00001404

PRIMARY_PROBLEM_CLASS:  STATUS_ACCESS_VIOLATION

BUGCHECK_STR:  APPLICATION_FAULT_STATUS_ACCESS_VIOLATION

LAST_CONTROL_TRANSFER:  from 6de1a54c to 6de1a25b

STACK_TEXT:
02a3ec08 6de1a54c 00000000 02a3eca8 00000880 chrome_6d950000!walk_edges+0xe9
[c:\b\slave\chrome-official\build\src\skia\sgl\skscan_path.cpp @ 149]
02a3ec7c 6de1fc7a 00000000 02a3eca8 00000880  
chrome_6d950000!sk_fill_path+0xda
[c:\b\slave\chrome-official\build\src\skia\sgl\skscan_path.cpp @ 503]
02a3f164 6de15d7c 02a3f2f0 03130aa8 031f4998
chrome_6d950000!SkScan::AntiFillPath+0x192
[c:\b\slave\chrome-official\build\src\skia\sgl\skscan_antipath.cpp @ 399]
02a3f330 6de0c7b8 031d8fcc 02a3f2f0 3f8b5f29  
chrome_6d950000!SkDraw::drawPath+0x20e
[c:\b\slave\chrome-official\build\src\skia\sgl\skdraw.cpp @ 816]
02a3f348 6de0c867 03130b6c 02a3f3d0 6de0d967  
chrome_6d950000!SkDraw::drawPath+0x15
[c:\b\slave\chrome-official\build\src\skia\include\skdraw.h @ 66]
02a3f354 6de0d967 02a3f38c 03130b6c 02a3f3d0  
chrome_6d950000!SkDevice::drawPath+0x11
[c:\b\slave\chrome-official\build\src\skia\sgl\skdevice.cpp @ 65]
02a3f3b8 6dc7903e 03130b6c 02a3f3d0 03130b6c  
chrome_6d950000!SkCanvas::drawPath+0x48
[c:\b\slave\chrome-official\build\src\skia\sgl\skcanvas.cpp @ 1010]
02a3f40c 6dc823cb 03130b6c 00000000 00000000
chrome_6d950000!WebCore::GraphicsContext::strokePath+0x5e
[c:\b\slave\chrome-official\build\src\webkit\port\platform\graphics\graphicscontextskia.cpp
@ 589]
02a3f42c 6dc82314 02a3f468 03214d40 00000002
chrome_6d950000!WebCore::SVGPaintServer::renderPath+0x6a
[c:\b\slave\chrome-official\build\src\webkit\port\platform\graphics\svg\svgpaintserverskia.cpp
@ 71]
02a3f444 6da99cdf 02a3f468 03214d40 00000002
chrome_6d950000!WebCore::SVGPaintServer::draw+0x2a
[c:\b\slave\chrome-official\build\src\webkit\port\platform\graphics\svg\svgpaintserverskia.cpp
@ 51]
02a3f45c 6da99da1 03214d60 02a3f90c 03214c08
chrome_6d950000!WebCore::fillAndStrokePath+0x66
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderpath.cpp
@ 198]
02a3f4dc 6da9eb3a 02a3f50c 00000000 00000000
chrome_6d950000!WebCore::RenderPath::paint+0xbf
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderpath.cpp
@ 217]
02a3f534 6da9eb3a 02a3f564 00000000 00000000
chrome_6d950000!WebCore::RenderSVGContainer::paint+0xb9
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\rendersvgcontainer.cpp
@ 351]
02a3f58c 6da9eb3a 02a3f5bc 00000000 00000000
chrome_6d950000!WebCore::RenderSVGContainer::paint+0xb9
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\rendersvgcontainer.cpp
@ 351]
02a3f5e0 6da2cb93 02a3f600 00000000 00000000
chrome_6d950000!WebCore::RenderSVGContainer::paint+0xb9
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\rendersvgcontainer.cpp
@ 351]
02a3f624 6da66895 02a3f66c 00000000 00000000
chrome_6d950000!WebCore::RenderBox::paint+0x55
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderbox.cpp
@ 301]
02a3f6bc 6d9b48da 02a3f748 00000000 00000000
chrome_6d950000!WebCore::RenderSVGRoot::paint+0x15b
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\rendersvgroot.cpp
@ 188]
02a3f780 6d9b49de 0056ee5c 02a3f90c 02a3f8b8
chrome_6d950000!WebCore::RenderLayer::paintLayer+0x429
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderlayer.cpp
@ 1593]
02a3f850 6d9a4fdf 0056ee5c 02a3f90c 02a3f8b8
chrome_6d950000!WebCore::RenderLayer::paintLayer+0x52d
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderlayer.cpp
@ 1616]
02a3f880 6dc77b15 02a3f90c 02a3f8b8 02a3f90c
chrome_6d950000!WebCore::Frame::paint+0xab
[c:\b\slave\chrome-official\build\src\webkit\pending\frame.cpp @ 1357]
02a3f8e8 6d9777d0 02a3f90c 02a3f920 02a3fa2c
chrome_6d950000!WebCore::ScrollView::paint+0x117
[c:\b\slave\chrome-official\build\src\webkit\port\platform\scrollviewwin.cpp  
@  
964]
02a3f934 6d980d88 0051f400 02a3f958 6dacb99e  
chrome_6d950000!WebFrameImpl::Paint+0xbd
[c:\b\slave\chrome-official\build\src\webkit\glue\webframe_impl.cc @ 1481]
02a3f940 6dacb99e 02a3f958 02a3fa2c 00000000  
chrome_6d950000!WebViewImpl::Paint+0x15
[c:\b\slave\chrome-official\build\src\webkit\glue\webview_impl.cc @ 705]
02a3fa0c 6dacbad4 003fe8c8 02a3fb28 031e661c
chrome_6d950000!RenderWidget::PaintRect+0xa2
[c:\b\slave\chrome-official\build\src\chrome\renderer\render_widget.cc @  
364]
02a3fb0c 6dac9d04 031e6608 02a3fdd0 6dacb9d6
chrome_6d950000!RenderWidget::DoDeferredPaint+0xfe
[c:\b\slave\chrome-official\build\src\chrome\renderer\render_widget.cc @  
406]
02a3fb28 6d95adfc 02a3fc08 02a3fdd0 6d95af14
chrome_6d950000!RunnableMethod<RenderView,void (__thiscall
RenderView::*)(void),Tuple0>::Run+0x2b
[c:\b\slave\chrome-official\build\src\base\task.h @ 312]
02a3fbcc 6d95ae38 031e6608 003fc7a0 6d95b02d
chrome_6d950000!MessageLoop::RunTask+0x7c
[c:\b\slave\chrome-official\build\src\base\message_loop.cc @ 304]
02a3fbd8 6d95b02d 0051df08 0051def8 02a3fdd0
chrome_6d950000!MessageLoop::DeferOrRunPendingTask+0x28
[c:\b\slave\chrome-official\build\src\base\message_loop.cc @ 314]
02a3fc08 6d967cac 02a3fdd0 02a3fdd0 00000000  
chrome_6d950000!MessageLoop::DoWork+0x6e
[c:\b\slave\chrome-official\build\src\base\message_loop.cc @ 403]
02a3fcbc 6d95ab3c 02a3fdd0 02a3fdd0 02a3fdd0
chrome_6d950000!base::MessagePumpDefault::Run+0x119
[c:\b\slave\chrome-official\build\src\base\message_pump_default.cc @ 50]
02a3fd60 6d95aaab 3db6127e 003f8c74 02a3fdd0
chrome_6d950000!MessageLoop::RunInternal+0x8b
[c:\b\slave\chrome-official\build\src\base\message_loop.cc @ 193]
02a3fd98 6d95aa4e 02a3f908 00000001 75d31600
chrome_6d950000!MessageLoop::RunHandler+0x4f
[c:\b\slave\chrome-official\build\src\base\message_loop.cc @ 176]
02a3fdb8 6dde9ad9 00000000 00000000 0000006b  
chrome_6d950000!MessageLoop::Run+0x15
[c:\b\slave\chrome-official\build\src\base\message_loop.cc @ 150]
02a3fe9c 6d95d079 6df01cd6 003f8c74 3db6113e
chrome_6d950000!base::Thread::ThreadMain+0x7e
[c:\b\slave\chrome-official\build\src\base\thread.cc @ 159]
02a3fea0 6df01cd6 003f8c74 3db6113e 00000000 chrome_6d950000!`anonymous
namespace'::ThreadFunc+0x9
[c:\b\slave\chrome-official\build\src\base\platform_thread_win.cc @ 29]
02a3fed8 6df01d7b 00000000 75dae3f3 003f8d30  
chrome_6d950000!_callthreadstartex+0x1b
[f:\sp\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
02a3fee0 75dae3f3 003f8d30 02a3ff2c 7719cfed  
chrome_6d950000!_threadstartex+0x7f
[f:\sp\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
02a3feec 7719cfed 003f8d30 6c3083e7 00000000  
kernel32!BaseThreadInitThunk+0xe
02a3ff2c 7719d1ff 6df01cfc 003f8d30 00000000 ntdll!__RtlUserThreadStart+0x23
02a3ff44 00000000 6df01cfc 003f8d30 00000000 ntdll!_RtlUserThreadStart+0x1b


STACK_COMMAND:  ~1s; .ecxr ; kb

FOLLOWUP_IP:
chrome_6d950000!walk_edges+e9
[c:\b\slave\chrome-official\build\src\skia\sgl\skscan_path.cpp @ 149]
6de1a25b 0fbf4610        movsx   eax,word ptr [esi+10h]

FAULTING_SOURCE_CODE:
    145:         if (proc) {
    146:             proc(blitter, curr_y, PREPOST_START);    // pre-proc
    147:         }
    148:
>  149:         while (currE->fFirstY <= curr_y)
    150:         {
    151:             SkASSERT(currE->fLastY >= curr_y);
    152:
    153:             int x = (currE->fX + SK_Fixed1/2) >> 16;
    154:             w += currE->fWinding;


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  chrome_6d950000!walk_edges+e9

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: chrome_6d950000

IMAGE_NAME:  chrome.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  49873c7e

FAILURE_BUCKET_ID:  STATUS_ACCESS_VIOLATION_c0000005_chrome.dll!walk_edges

BUCKET_ID:   
APPLICATION_FAULT_STATUS_ACCESS_VIOLATION_chrome_6d950000!walk_edges+e9


--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---

[chromium-bugs] Issue 7492 in chromium: SVG image crash the tab

Reply via email to