[chromium-bugs] Issue 19362 in chromium: Crash - WebCore::FrameLoader::checkContentPolicy

codesite-noreply Tue, 18 Aug 2009 12:50:28 -0700

Updates:
        Summary: Crash - WebCore::FrameLoader::checkContentPolicy
        Status: Untriaged
        Cc: [email protected]
        Labels: -Pri-2 -FeedbackRequested Pri-1


Comment #8 on issue 19362 by [email protected]: Crash -  
WebCore::FrameLoader::checkContentPolicy
http://code.google.com/p/chromium/issues/detail?id=19362

Thanks for the dump.
Reproduced once, but can't reproduce consistently.

Here is the crash analysis from the above dump
###############################################

AULTING_IP:
chrome_65960000!WebCore::FrameLoader::checkContentPolicy+c
[c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\loader\frameloader.cpp
@ 2442]
65b7216d 83b89801000000  cmp     dword ptr [eax+198h],0

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 65b7216d
(chrome_65960000!WebCore::FrameLoader::checkContentPolicy+0x0000000c)
    ExceptionCode: c0000005 (Access violation)
   ExceptionFlags: 00000000
NumberParameters: 2
    Parameter[0]: 00000000
    Parameter[1]: 00000198
Attempt to read from address 00000198

PROCESS_NAME:  chrome.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced  
memory at
"0x%08lx". The memory could not be "%s".

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"  
referenced
memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  00000198

READ_ADDRESS:  00000198

FOLLOWUP_IP:
chrome_65960000!WebCore::FrameLoader::checkContentPolicy+c
[c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\loader\frameloader.cpp
@ 2442]
65b7216d 83b89801000000  cmp     dword ptr [eax+198h],0

FAULTING_THREAD:  000011c8

BUGCHECK_STR:   
APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_READ

PRIMARY_PROBLEM_CLASS:  NULL_CLASS_PTR_DEREFERENCE

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER:  from 65cbfcac to 65b7216d

STACK_TEXT:
0276f9b8 65cbfcac 034dbaf8 034dba90 0222b4e0
chrome_65960000!WebCore::FrameLoader::checkContentPolicy+0xc
[c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\loader\frameloader.cpp
@ 2442]
0276f9e0 65cbe5da 0276fa20 65e7fed3 033b5620
chrome_65960000!WebCore::MainResourceLoader::didReceiveResponse+0x11a
[c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\loader\mainresourceloader.cpp
@ 331]
0276f9e8 65e7fed3 033b5620 0276fa20 0222b4e0
chrome_65960000!WebCore::ResourceLoader::didReceiveResponse+0x9
[c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\loader\resourceloader.cpp
@ 407]
0276fb08 65993d09 0276fb68 00000000 0276fb68
chrome_65960000!WebCore::ResourceHandleInternal::OnReceivedResponse+0x72
[c:\b\slave\chrome-official-2\build\src\webkit\glue\resource_handle_impl.cc  
@ 549]
0276fb38 65995220 00000032 0276fb68 033b2a08
chrome_65960000!ResourceDispatcher::OnReceivedResponse+0x83
[c:\b\slave\chrome-official-2\build\src\chrome\common\resource_dispatcher.cc  
@  
368]
0276fbf8 659940fa 033b2a08 0257fb88 0217bad4
chrome_65960000!IPC::MessageWithTuple<Tuple2<int,ResourceResponseHead>
> ::Dispatch<ResourceDispatcher,void (__thiscall
ResourceDispatcher::*)(int,ResourceResponseHead const &)>+0x76
[c:\b\slave\chrome-official-2\build\src\chrome\common\ipc_message_utils.h @  
1129]
0276fc20 65993b2f 033b2a08 02579e1c 0276fd48
chrome_65960000!ResourceDispatcher::DispatchMessageW+0x7d
[c:\b\slave\chrome-official-2\build\src\chrome\common\resource_dispatcher.cc  
@  
494]
0276fc48 659903d6 0257fb88 033b2a08 033b29f8
chrome_65960000!ResourceDispatcher::OnMessageReceived+0xd8
[c:\b\slave\chrome-official-2\build\src\chrome\common\resource_dispatcher.cc  
@  
291]
0276fc5c 65ad8510 033b2a08 0276fd48 65cf30b7
chrome_65960000!ChildThread::OnMessageReceived+0x15
[c:\b\slave\chrome-official-2\build\src\chrome\common\child_thread.cc @ 69]
0276fc68 65cf30b7 65cf30ee 0276fca8 02577ef8
chrome_65960000!RunnableMethod<CancelableRequest<CallbackRunner<Tuple1<std::vector<DownloadCreateInfo,std::allocator<DownloadCreateInfo>
> *> > >,void (__thiscall
CancelableRequest<CallbackRunner<Tuple1<std::vector<DownloadCreateInfo,std::allocator<DownloadCreateInfo>
> *> >  
> >::*)(Tuple1<std::vector<DownloadCreateInfo,std::allocator<DownloadCreateInfo>
> *> const
&),Tuple1<Tuple1<std::vector<DownloadCreateInfo,std::allocator<DownloadCreateInfo>
  
>
*> > >::Run+0x17 [c:\b\slave\chrome-official-2\build\src\base\task.h @ 307]
0276fc6c 65cf30ee 0276fca8 02577ef8 65cf327c
chrome_65960000!MessageLoop::RunTask+0x1c
[c:\b\slave\chrome-official-2\build\src\base\message_loop.cc @ 309]
0276fc78 65cf327c 02577ea0 02577eb0 0276fd48
chrome_65960000!MessageLoop::DeferOrRunPendingTask+0x2a
[c:\b\slave\chrome-official-2\build\src\base\message_loop.cc @ 316]
0276fca8 65d0d69f 0276fd48 0276fd48 00000000  
chrome_65960000!MessageLoop::DoWork+0x6e
[c:\b\slave\chrome-official-2\build\src\base\message_loop.cc @ 416]
0276fcd4 65cf2f83 0276fd48 02579e24 65cf2f52
chrome_65960000!base::MessagePumpDefault::Run+0xb9
[c:\b\slave\chrome-official-2\build\src\base\message_pump_default.cc @ 50]
0276fce0 65cf2f52 6986a077 02579e38 02579e24
chrome_65960000!MessageLoop::RunInternal+0x2b
[c:\b\slave\chrome-official-2\build\src\base\message_loop.cc @ 198]
0276fd18 65cf2ef5 02579ec8 00000001 75bba600
chrome_65960000!MessageLoop::RunHandler+0x4f
[c:\b\slave\chrome-official-2\build\src\base\message_loop.cc @ 181]
0276fd38 65cf7ecc 00000000 00000000 661240d4  
chrome_65960000!MessageLoop::Run+0x15
[c:\b\slave\chrome-official-2\build\src\base\message_loop.cc @ 155]
0276fe08 65cf761e 75bbd0e9 02579e24 0276fe58
chrome_65960000!base::Thread::ThreadMain+0x81
[c:\b\slave\chrome-official-2\build\src\base\thread.cc @ 159]
0276fe0c 75bbd0e9 02579e24 0276fe58 774119bb chrome_65960000!`anonymous
namespace'::ThreadFunc+0x9
[c:\b\slave\chrome-official-2\build\src\base\platform_thread_win.cc @ 27]
0276fe18 774119bb 02579e24 76193039 00000000  
kernel32!BaseThreadInitThunk+0xe
0276fe58 7741198e 65cf7615 02579e24 00000000 ntdll!__RtlUserThreadStart+0x23
0276fe70 00000000 65cf7615 02579e24 00000000 ntdll!_RtlUserThreadStart+0x1b


STACK_COMMAND:  ~1s; .ecxr ; kb

FAULTING_SOURCE_CODE:
   2438: {
   2439:     ASSERT(activeDocumentLoader());
   2440:
   2441:     // Always show content with valid substitute data.
> 2442:     if (activeDocumentLoader()->substituteData().isValid()) {
   2443:         function(argument, PolicyUse);
   2444:         return;
   2445:     }
   2446:
   2447: #if ENABLE(FTPDIR)


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  chrome!WebCore::FrameLoader::checkContentPolicy+c

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: chrome_65960000

IMAGE_NAME:  chrome.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  4a6a3da9

FAILURE_BUCKET_ID:
NULL_CLASS_PTR_DEREFERENCE_c0000005_chrome.dll!WebCore::FrameLoader::checkContentPolicy

BUCKET_ID:
APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_READ_chrome!WebCore::FrameLoader::checkContentPolicy+c

WATSON_STAGEONE_URL:
http://watson.microsoft.com/StageOne/chrome_exe/0_0_0_0/4a6a3dc9/chrome_dll/2_0_172_39/4a6a3da9/c0000005/0021216d.htm?Retriage=1


--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---

[chromium-bugs] Issue 19362 in chromium: Crash - WebCore::FrameLoader::checkContentPolicy

Reply via email to