Status: Untriaged Owner: [email protected] CC: [email protected], [email protected], [email protected], [email protected] Labels: Type-Bug Pri-1 OS-All Area-BrowserUI Size-Medium Regression ReleaseBlock-Dev
New issue 17566 by [email protected]: Browser crash @ TemplateURLTableModel::GetText() http://code.google.com/p/chromium/issues/detail?id=17566 Not sure, how we missed this, but it is unfortunate to know that, the crash happens on Beta release candidate (3.0.193.2), DEV, Trunk. We have two bugs here and they refer to same issue, I believe. -Bring up edit search engine dialog. -Make any search engine as default search engine (Issue 1: after search engine is made as default, notice 'Make default' button is not grayed out, i.e still clickable) -Delete the default search engine. -Make another search engine as default one. Browser window crashes. Crash Analysis ############## FAULTING_IP: chrome_1c30000!TemplateURLTableModel::GetText+a2 [c:\b\slave\chromium-rel- xp\build\src\chrome\browser\search_engines\template_url_table_model.cc @ 175] 01e8bb12 8b0a mov ecx,dword ptr [edx] EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 01e8bb12 (chrome_1c30000!TemplateURLTableModel::GetText+0x000000a2) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 00000000 Attempt to read from address 00000000 FAULTING_THREAD: 000013f8 PROCESS_NAME: chrome.exe ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s". EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s". EXCEPTION_PARAMETER1: 00000000 EXCEPTION_PARAMETER2: 00000000 READ_ADDRESS: 00000000 FOLLOWUP_IP: chrome_1c30000!TemplateURLTableModel::GetText+a2 [c:\b\slave\chromium-rel- xp\build\src\chrome\browser\search_engines\template_url_table_model.cc @ 175] 01e8bb12 8b0a mov ecx,dword ptr [edx] NTGLOBALFLAG: 70 APPLICATION_VERIFIER_FLAGS: 0 BUGCHECK_STR: APPLICATION_FAULT_NULL_POINTER_READ_FILL_PATTERN_ffffffff PRIMARY_PROBLEM_CLASS: NULL_POINTER_READ_FILL_PATTERN_ffffffff DEFAULT_BUCKET_ID: NULL_POINTER_READ_FILL_PATTERN_ffffffff LAST_CONTROL_TRANSFER: from 01f0e465 to 01e8bb12 STACK_TEXT: 0013edd0 01f0e465 0013ee48 ffffffff 000005c5 chrome_1c30000!TemplateURLTableModel::GetText+0xa2 [c:\b\slave\chromium- rel-xp\build\src\chrome\browser\search_engines\template_url_table_model.cc @ 175] 0013ee68 01f0ebed ffffffff 00000001 00000000 chrome_1c30000!views::TableView::UpdateListViewCache0+0x2f5 [c:\b\slave\chromium-rel-xp\build\src\views\controls\table\table_view.cc @ 1411] 0013ef58 01e8b879 ffffffff 00000001 0013f010 chrome_1c30000!views::TableView::OnItemsChanged+0x29d [c:\b\slave\chromium- rel-xp\build\src\views\controls\table\table_view.cc @ 265] 0013ef68 01e8be94 ffffffff 00a60a30 02c886e0 chrome_1c30000!TemplateURLTableModel::NotifyChanged+0x19 [c:\b\slave\chromium-rel- xp\build\src\chrome\browser\search_engines\template_url_table_model.cc @ 360] 0013f010 01de880d 00000008 0013f1e4 02c88750 chrome_1c30000!TemplateURLTableModel::MakeDefaultTemplateURL+0x94 [c:\b\slave\chromium-rel- xp\build\src\chrome\browser\search_engines\template_url_table_model.cc @ 350] 0013f020 01de8aef 0013f1e4 01b85d00 0034076e chrome_1c30000!KeywordEditorView::MakeDefaultTemplateURL+0x1d [c:\b\slave\chromium-rel- xp\build\src\chrome\browser\views\keyword_editor_view.cc @ 258] 0013f0dc 01f1499c 01b85d00 0013f100 01ef6dd0 chrome_1c30000!KeywordEditorView::ButtonPressed+0x1cf [c:\b\slave\chromium- rel-xp\build\src\chrome\browser\views\keyword_editor_view.cc @ 245] 0013f0e8 01ef6dd0 00000000 00000000 01f22c63 chrome_1c30000!views::Button::NotifyClick+0x1c [c:\b\slave\chromium-rel- xp\build\src\views\controls\button\button.cc @ 77] 0013f0f4 01f22c63 0034076e 0013f124 01efcbc8 chrome_1c30000!views::NativeButton::ButtonPressed+0x20 [c:\b\slave\chromium-rel- xp\build\src\views\controls\button\native_button.cc @ 98] 0013f100 01efcbc8 00000111 00000000 0034076e chrome_1c30000!views::NativeButtonWin::ProcessMessage+0x23 [c:\b\slave\chromium-rel- xp\build\src\views\controls\button\native_button_win.cc @ 87] 0013f124 01efebb8 00000111 00000000 0034076e chrome_1c30000!views::ProcessNativeControlMessage+0x58 [c:\b\slave\chromium-rel-xp\build\src\views\widget\widget_win.cc @ 1035] 0013f1d8 7e418734 005907ca 00000000 00000000 chrome_1c30000!views::WidgetWin::WndProc+0xb8 [c:\b\slave\chromium-rel- xp\build\src\views\widget\widget_win.cc @ 1063] 0013f204 7e418816 01efeb00 005907ca 00000111 USER32!InternalCallWinProc+0x28 0013f26c 7e42927b 00000000 01efeb00 005907ca USER32!UserCallWinProcCheckWow+0x150 0013f2a8 7e4292e3 0077cc28 0073ea20 00000000 USER32!SendMessageWorker+0x4a5 0013f2c8 773f7354 005907ca 00000111 00000000 USER32!SendMessageW+0x7f 0013f2e8 773f7436 001888c0 00000000 000b0023 comctl32!Button_NotifyParent+0x3d 0013f304 773f973b 001888c0 00000001 0013f3fc comctl32!Button_ReleaseCapture+0xd7 0013f394 7e418734 0034076e 00000202 00000000 comctl32!Button_WndProc+0x887 0013f3c0 7e418816 773f8eb4 0034076e 00000202 USER32!InternalCallWinProc+0x28 0013f428 7e42a013 00000000 773f8eb4 0034076e USER32!UserCallWinProcCheckWow+0x150 0013f458 7e42a039 773f8eb4 0034076e 00000202 USER32!CallWindowProcAorW+0x98 0013f478 01f235c8 773f8eb4 0034076e 00000202 USER32!CallWindowProcW+0x1b 0013f530 7e418734 0034076e 00000202 00000000 chrome_1c30000!views::NativeControlWin::NativeControlWndProc+0x138 [c:\b\slave\chromium-rel-xp\build\src\views\controls\native_control_win.cc @ 197] 0013f55c 7e418816 01f23490 0034076e 00000202 USER32!InternalCallWinProc+0x28 0013f5c4 7e4189cd 00000000 01f23490 0034076e USER32!UserCallWinProcCheckWow+0x150 0013f624 7e418a10 0013f678 00000000 0013f648 USER32!DispatchMessageWorker+0x306 0013f634 01ef656f 0013f678 0013f678 00a68580 USER32!DispatchMessageW+0xf 0013f648 01f6a79c 0013f678 00a685a0 00a68580 chrome_1c30000!views::AcceleratorHandler::Dispatch+0x5f [c:\b\slave\chromium-rel-xp\build\src\views\widget\accelerator_handler.cc @ 35] 0013f660 01f6b2b4 0013f678 00000000 00a68580 chrome_1c30000!base::MessagePumpForUI::ProcessMessageHelper+0x6c [c:\b\slave\chromium-rel-xp\build\src\base\message_pump_win.cc @ 357] 0013f694 01f6a4c2 0013f8e0 0013f8e0 0013f8e0 chrome_1c30000!base::MessagePumpForUI::DoRunLoop+0x44 [c:\b\slave\chromium- rel-xp\build\src\base\message_pump_win.cc @ 205] 0013f6b4 01f3ee79 0013f8e0 00a60800 00a83000 chrome_1c30000!base::MessagePumpWin::RunWithDispatcher+0x42 [c:\b\slave\chromium-rel-xp\build\src\base\message_pump_win.cc @ 54] 0013f75c 01f3f2b0 f50532e9 00a80000 00a83000 chrome_1c30000!MessageLoop::RunInternal+0xa9 [c:\b\slave\chromium-rel- xp\build\src\base\message_loop.cc @ 193] 0013f790 01f3f319 00000001 00000000 00a60800 chrome_1c30000!MessageLoop::RunHandler+0xa0 [c:\b\slave\chromium-rel- xp\build\src\base\message_loop.cc @ 182] 0013f7ac 01c4a75a 00a60800 0013faec 01c4c82f chrome_1c30000!MessageLoopForUI::Run+0x49 [c:\b\slave\chromium-rel- xp\build\src\base\message_loop.cc @ 590] 0013f7b8 01c4c82f 00a710e0 00000000 00a80000 chrome_1c30000!`anonymous namespace'::RunUIMessageLoop+0x1a [c:\b\slave\chromium-rel- xp\build\src\chrome\browser\browser_main.cc @ 198] 0013faec 01c359fd 0013fbc4 00000000 00000008 chrome_1c30000!BrowserMain+0x188f [c:\b\slave\chromium-rel- xp\build\src\chrome\browser\browser_main.cc @ 767] 0013fc64 004039fd 00400000 0013fcdc 000212de chrome_1c30000!ChromeMain+0x70d [c:\b\slave\chromium-rel- xp\build\src\chrome\app\chrome_dll_main.cc @ 510] 0013ff28 0042a1c1 00400000 00000000 000212de chrome!wWinMain+0x2fd [c:\b\slave\chromium-rel-xp\build\src\chrome\app\chrome_exe_main.cc @ 102] 0013ffc0 7c817077 00fef558 007d71e4 7ffde000 chrome!__tmainCRTStartup+0x176 [f:\sp\vctools\crt_bld\self_x86\crt\src\crt0.c @ 324] 0013fff0 00000000 0042a22a 00000000 78746341 kernel32!BaseProcessStart+0x23 FAULTING_SOURCE_CODE: No source found for 'c:\b\slave\chromium-rel- xp\build\src\chrome\browser\search_engines\template_url_table_model.cc' SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: chrome!TemplateURLTableModel::GetText+a2 FOLLOWUP_NAME: MachineOwner MODULE_NAME: chrome_1c30000 IMAGE_NAME: chrome.dll DEBUG_FLR_IMAGE_TIMESTAMP: 4a688ce8 STACK_COMMAND: ~0s ; kb FAILURE_BUCKET_ID: NULL_POINTER_READ_FILL_PATTERN_ffffffff_c0000005_chrome.dll!TemplateURLTabl eModel::GetText BUCKET_ID: APPLICATION_FAULT_NULL_POINTER_READ_FILL_PATTERN_ffffffff_chrome!TemplateUR LTableModel::GetText+a2 WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/chrome_exe/0_0_0_0/4a688d21/chrome_dll /3_0_196_0/4a688ce8/c0000005/0025bb12.htm?Retriage=1 -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
