[chromium-bugs] Issue 7867 in chromium: Page-crash, looks like it can not handle specific code

codesite-noreply Mon, 23 Feb 2009 13:00:42 -0800

Updates:
        Status: Duplicate
        Labels: -FeedbackRequested
        Mergedinto: 7904


Comment #7 on issue 7867 by [email protected]: Page-crash, looks  
like it can not handle specific code
http://code.google.com/p/chromium/issues/detail?id=7867

Thanks for the dump. Based on the below below stack analysis, It looks like  
dupe of
the Issue 7904

Stack analysis for the crash
############################
FAULTING_IP:
chrome_11d0000!WebCore::InlineFlowBox::addToLine+11
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\inlineflowbox.cpp
@ 91]
01526eda 897014          mov     dword ptr [eax+14h],esi

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 01526eda  
(chrome_11d0000!WebCore::InlineFlowBox::addToLine+0x00000011)
    ExceptionCode: c0000005 (Access violation)
   ExceptionFlags: 00000000
NumberParameters: 2
    Parameter[0]: 00000001
    Parameter[1]: 00000289
Attempt to write to address 00000289

DEFAULT_BUCKET_ID:  STATUS_ACCESS_VIOLATION

PROCESS_NAME:  chrome.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced  
memory at
"0x%08lx". The memory could not be "%s".

WRITE_ADDRESS:  00000289

FAULTING_THREAD:  00000a44

PRIMARY_PROBLEM_CLASS:  STATUS_ACCESS_VIOLATION

BUGCHECK_STR:  APPLICATION_FAULT_STATUS_ACCESS_VIOLATION

LAST_CONTROL_TRANSFER:  from 01529de9 to 01526eda

STACK_TEXT:
00c0e210 01529de9 00000000 00000000 03189a54
chrome_11d0000!WebCore::InlineFlowBox::addToLine+0x11
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\inlineflowbox.cpp
@ 91]
00c0e22c 0152acfe 03189a54 00000002 0238de08
chrome_11d0000!WebCore::RenderBlock::constructLine+0x99
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\bidi.cpp
  
@
567]
00c0e3c8 014ae8cd 03189a54 00000001 00c0e3fc
chrome_11d0000!WebCore::RenderBlock::layoutInlineChildren+0x951
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\bidi.cpp
  
@
1016]
00c0e45c 014ae6f6 00000001 031899cc 014afacb
chrome_11d0000!WebCore::RenderBlock::layoutBlock+0x1b0
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 778]
00c0e468 014afacb 03199a28 031899cc 031899cc
chrome_11d0000!WebCore::RenderBlock::layout+0x17
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 699]
00c0e4cc 014ae8dd 031899cc 00000001 00c0e4f4
chrome_11d0000!WebCore::RenderBlock::layoutBlockChildren+0x3a8
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1413]
00c0e55c 014ae6f6 00000001 03189944 014afacb
chrome_11d0000!WebCore::RenderBlock::layoutBlock+0x1c0
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 782]
00c0e568 014afacb 03199878 03189944 03189944
chrome_11d0000!WebCore::RenderBlock::layout+0x17
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 699]
00c0e5cc 014ae8dd 03189944 00000001 00c0e5f4
chrome_11d0000!WebCore::RenderBlock::layoutBlockChildren+0x3a8
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1413]
00c0e65c 014ae6f6 00000001 031897f0 014afacb
chrome_11d0000!WebCore::RenderBlock::layoutBlock+0x1c0
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 782]
00c0e668 014afacb 03199630 031897f0 031897f0
chrome_11d0000!WebCore::RenderBlock::layout+0x17
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 699]
00c0e6cc 014ae8dd 031897f0 00000001 00c0e6f4
chrome_11d0000!WebCore::RenderBlock::layoutBlockChildren+0x3a8
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1413]
00c0e75c 014ae6f6 00000001 03189768 014afacb
chrome_11d0000!WebCore::RenderBlock::layoutBlock+0x1c0
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 782]
00c0e768 014afacb 03199300 03189768 03189768
chrome_11d0000!WebCore::RenderBlock::layout+0x17
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 699]
00c0e7cc 014ae8dd 03189768 00000001 00c0e7f4
chrome_11d0000!WebCore::RenderBlock::layoutBlockChildren+0x3a8
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1413]
00c0e85c 014ae6f6 00000001 031896e0 014afacb
chrome_11d0000!WebCore::RenderBlock::layoutBlock+0x1c0
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 782]
00c0e868 014afacb 0317cf90 031896e0 031896e0
chrome_11d0000!WebCore::RenderBlock::layout+0x17
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 699]
00c0e8cc 014ae8dd 031896e0 00000001 00c0e8f4
chrome_11d0000!WebCore::RenderBlock::layoutBlockChildren+0x3a8
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1413]
00c0e95c 014ae6f6 00000001 010a6be8 014afacb
chrome_11d0000!WebCore::RenderBlock::layoutBlock+0x1c0
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 782]
00c0e968 014afacb 010ab278 010a6be8 010a6be8
chrome_11d0000!WebCore::RenderBlock::layout+0x17
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 699]
00c0e9cc 014ae8dd 010a6be8 00000000 00c0e9f4
chrome_11d0000!WebCore::RenderBlock::layoutBlockChildren+0x3a8
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1413]
00c0ea5c 014ae6f6 00000000 010a0498 014afacb
chrome_11d0000!WebCore::RenderBlock::layoutBlock+0x1c0
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 782]
00c0ea68 014afacb 010a1ec0 010a0498 010a0498
chrome_11d0000!WebCore::RenderBlock::layout+0x17
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 699]
00c0eacc 014ae8dd 010a0498 00000000 00c0eaf4
chrome_11d0000!WebCore::RenderBlock::layoutBlockChildren+0x3a8
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1413]
00c0eb5c 014ae6f6 00000000 010a0410 014afacb
chrome_11d0000!WebCore::RenderBlock::layoutBlock+0x1c0
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 782]
00c0eb68 014afacb 010a1c90 010a0410 010a0410
chrome_11d0000!WebCore::RenderBlock::layout+0x17
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 699]
00c0ebcc 014ae8dd 010a0410 00000000 00c0ebf4
chrome_11d0000!WebCore::RenderBlock::layoutBlockChildren+0x3a8
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1413]
00c0ec5c 014ae6f6 00000000 010939d8 014afacb
chrome_11d0000!WebCore::RenderBlock::layoutBlock+0x1c0
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 782]
00c0ec68 014afacb 0109d8a0 010939d8 010939d8
chrome_11d0000!WebCore::RenderBlock::layout+0x17
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 699]
00c0eccc 014ae8dd 010939d8 00000000 00c0ecf4
chrome_11d0000!WebCore::RenderBlock::layoutBlockChildren+0x3a8
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1413]
00c0ed5c 014ae6f6 00000000 01093950 014afacb
chrome_11d0000!WebCore::RenderBlock::layoutBlock+0x1c0
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 782]
00c0ed68 014afacb 0109d6b8 01093950 01093950
chrome_11d0000!WebCore::RenderBlock::layout+0x17
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 699]
00c0edcc 014ae8dd 01093950 00000000 00c0edf4
chrome_11d0000!WebCore::RenderBlock::layoutBlockChildren+0x3a8
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1413]
00c0ee5c 014ae6f6 00000000 00a3aa20 014afacb
chrome_11d0000!WebCore::RenderBlock::layoutBlock+0x1c0
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 782]
00c0ee68 014afacb 01017660 00a3aa20 00a3aa20
chrome_11d0000!WebCore::RenderBlock::layout+0x17
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 699]
00c0eecc 014ae8dd 00a3aa20 00000000 00c0eef4
chrome_11d0000!WebCore::RenderBlock::layoutBlockChildren+0x3a8
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1413]
00c0ef5c 014ae6f6 00000000 00a3a8f8 014afacb
chrome_11d0000!WebCore::RenderBlock::layoutBlock+0x1c0
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 782]
00c0ef68 014afacb 010167c0 00a3a8f8 00a3a8f8
chrome_11d0000!WebCore::RenderBlock::layout+0x17
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 699]
00c0efcc 014ae8dd 00a3a8f8 00000000 00c0eff4
chrome_11d0000!WebCore::RenderBlock::layoutBlockChildren+0x3a8
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1413]
00c0f05c 014ae6f6 00000000 00a3a870 014afacb
chrome_11d0000!WebCore::RenderBlock::layoutBlock+0x1c0
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 782]
00c0f068 014afacb 010191c0 00a3a870 00a3a870
chrome_11d0000!WebCore::RenderBlock::layout+0x17
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 699]
00c0f0cc 014ae8dd 00a3a870 00000000 00c0f0f4
chrome_11d0000!WebCore::RenderBlock::layoutBlockChildren+0x3a8
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1413]
00c0f15c 014ae6f6 00000000 00a3a708 014afacb
chrome_11d0000!WebCore::RenderBlock::layoutBlock+0x1c0
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 782]
00c0f168 014afacb 00a5cd38 00a3a708 00a3a708
chrome_11d0000!WebCore::RenderBlock::layout+0x17
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 699]
00c0f1cc 014ae8dd 00a3a708 00000000 00c0f1f4
chrome_11d0000!WebCore::RenderBlock::layoutBlockChildren+0x3a8
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1413]
00c0f25c 014ae6f6 00000000 00a3a580 014afacb
chrome_11d0000!WebCore::RenderBlock::layoutBlock+0x1c0
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 782]
00c0f268 014afacb 00a25ba0 00a3a580 00a3a580
chrome_11d0000!WebCore::RenderBlock::layout+0x17
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 699]
00c0f2cc 014ae8dd 00a3a580 00000000 00c0f2f4
chrome_11d0000!WebCore::RenderBlock::layoutBlockChildren+0x3a8
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 1413]
00c0f35c 014ae6f6 00000000 00000328 0148c4c1
chrome_11d0000!WebCore::RenderBlock::layoutBlock+0x1c0
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 782]
00c0f368 0148c4c1 00000328 00a3a580 00a25938
chrome_11d0000!WebCore::RenderBlock::layout+0x17
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderblock.cpp
@ 699]
00c0f3a8 01447063 00a25938 00a25ba0 012659e1
chrome_11d0000!WebCore::RenderView::layout+0xe2
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\renderview.cpp
@ 124]
00c0f3e4 013e41d5 00000001 00a514f4 00a25ba0
chrome_11d0000!WebCore::FrameView::layout+0x412
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\page\frameview.cpp
  
@
554]
00c0f3f8 013e424f 02373f28 00a25ba0 00c0f418
chrome_11d0000!WebCore::Document::updateLayout+0x5b
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\dom\document.cpp
  
@  
1331]
00c0f408 013f48e8 00a51500 012659fa 00a514f8
chrome_11d0000!WebCore::Document::updateLayoutIgnorePendingStylesheets+0x74
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\dom\document.cpp
  
@  
1363]
00c0f410 012659fa 00a514f8 017c4bd0 00c0f460
chrome_11d0000!WebCore::Element::clientWidth+0xb
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\dom\element.cpp
  
@  
344]
00c0f418 017c4bd0 00c0f460 00a514fc 00c0f450
chrome_11d0000!WebCore::ElementInternal::clientWidthAttrGetter+0x19
[c:\b\slave\chrome-official\build\src\chrome\release\obj\v8bindings\derivedsources\v8element.cpp
@ 125]
00c0f458 017d0614 00a514fc 0203bce5 021b1285
chrome_11d0000!v8::internal::Object::GetPropertyWithCallback+0x110
[c:\b\slave\chrome-official\build\src\v8\src\objects.cc @ 205]
00c0f480 0182395d 01c1ecd1 00c0f4b4 021b1285
chrome_11d0000!v8::internal::Object::GetProperty+0x1c4
[c:\b\slave\chrome-official\build\src\v8\src\objects.cc @ 472]
00c0f4c4 01824169 00000000 00c0f504 00000000
chrome_11d0000!v8::internal::LoadIC::Load+0x2ad
[c:\b\slave\chrome-official\build\src\v8\src\ic.cc @ 542]
00c0f5a8 017d8b52 01b82870 0209c1f1 02010739
chrome_11d0000!v8::internal::LoadIC_Miss+0x69
[c:\b\slave\chrome-official\build\src\v8\src\ic.cc @ 1095]
00c0f5e8 017d8c15 0186ab88 00a514dc 00a514e8  
chrome_11d0000!v8::internal::Invoke+0x82
[c:\b\slave\chrome-official\build\src\v8\src\execution.cc @ 91]
00c0f608 017b41b3 00c0f634 00a514dc 00a514e8
chrome_11d0000!v8::internal::Execution::Call+0x25 [c:\b\s

STACK_COMMAND:  ~1s; .ecxr ; kb

FOLLOWUP_IP:
chrome_11d0000!WebCore::InlineFlowBox::addToLine+11
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\rendering\inlineflowbox.cpp
@ 91]
01526eda 897014          mov     dword ptr [eax+14h],esi

FAULTING_SOURCE_CODE:
     87:     if (!m_firstChild) {
     88:         m_firstChild = child;
     89:         m_lastChild = child;
     90:     } else {
>    91:         m_lastChild->setNextOnLine(child);
     92:         child->setPrevOnLine(m_lastChild);
     93:         m_lastChild = child;
     94:     }
     95:     child->setFirstLineStyleBit(m_firstLine);
     96:     if (child->isText())


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  chrome_11d0000!WebCore::InlineFlowBox::addToLine+11

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: chrome_11d0000

IMAGE_NAME:  chrome.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  499bc66b

FAILURE_BUCKET_ID:
STATUS_ACCESS_VIOLATION_c0000005_chrome.dll!WebCore::InlineFlowBox::addToLine

BUCKET_ID:
APPLICATION_FAULT_STATUS_ACCESS_VIOLATION_chrome_11d0000!WebCore::InlineFlowBox::addToLine+11


--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---

[chromium-bugs] Issue 7867 in chromium: Page-crash, looks like it can not handle specific code

Reply via email to