[chromium-bugs] Issue 17547 in chromium: Crash - ResourceDispatcherHost::OnResponseCompleted(URLRequest *)

Fri, 24 Jul 2009 02:18:32 -0700 

Updates:
        Owner: [email protected]
        Cc: [email protected]

Comment #2 on issue 17547 by [email protected]: Crash -  
ResourceDispatcherHost::OnResponseCompleted(URLRequest *)
http://code.google.com/p/chromium/issues/detail?id=17547

I did some preliminary analysis.  All the stack traces look like:

0x695b695b       [chrome.dll     - async_resource_handler.cc:126]       
AsyncResourceHandler::OnResponseCompleted(int,URLRequestStatus const
&,std::basic_string<char,std::char_traits<char>,std::allocator<char> >  
const &)
0x695b0c69       [chrome.dll     - safe_browsing_resource_handler.cc:130]       
SafeBrowsingResourceHandler::OnResponseCompleted(int,URLRequestStatus const
&,std::basic_string<char,std::char_traits<char>,std::allocator<char> >  
const &)
0x69562943       [chrome.dll     - resource_dispatcher_host.cc:1315]    
ResourceDispatcherHost::OnResponseCompleted(URLRequest *)
0x69562850       [chrome.dll     - resource_dispatcher_host.cc:1276]    
ResourceDispatcherHost::OnReadCompleted(URLRequest *,int)
0x69721b04       [chrome.dll     - url_request_job.cc:425]      
URLRequestJob::NotifyReadComplete(int)
0x69744995       [chrome.dll     - url_request_http_job.cc:497] 
URLRequestHttpJob::OnReadCompleted(int)

The stack traces in the stack reports don't always indicate that it's in  
SafeBrowsing, but when you
pull up the minidumps, you see that the crash is always in the  
AsyncResourceHandler owned by the
SafeBrowsingResourceHandler.  The AsyncResourceHandler calls  
receiver_->Send(), which crashes on
calling through the vtable.  There are a few different patterns to the  
crash.  Sometimes, it seems
like receiver_->Send() ends up call'ing into ChildProcessInfo::`vftable',  
which is really funky.
I've seen a few minidumps that looks like that.  I've seen a few where it  
call's to NULL.  And then
there are some other weird ones.  In any case, for some reason calling  
receiver_->Send() ends up
crashing when we try to jump to an instruction pointer at an invalid region  
of memory (non-
executable).

Here's a better crash report query:
http://crash/search?query=Chrome+3.0.195.1+ResourceDispatcherHost::OnResponseCompleted.

It looks like this crash may be related to http://crbug.com/8544.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---

Reply via email to