Comment #5 on issue 24248 by [email protected]: Crash -
RenderWidgetHostViewWin::OnFinalMessage(HWND__ *)
http://code.google.com/p/chromium/issues/detail?id=24248
Initial analysis after looking at reportid a40770cbfbca6dc7:
void RenderWidgetHostViewWin::OnFinalMessage(HWND window) {
render_widget_host_->ViewDestroyed(); <-------- ACCESS_VIOLATION HERE
delete this;
}
> uf chrome_1c30000!RenderWidgetHostViewWin::OnFinalMessage
chrome_1c30000!RenderWidgetHostViewWin::OnFinalMessage:
1268 01e5635d 8b4154 mov eax,dword ptr [ecx+54h]
1269 01e56360 83600c00 and dword ptr [eax+0Ch],0 <----- HERE
1270 01e56364 8b01 mov eax,dword ptr [ecx]
1270 01e56366 6a01 push 1
1270 01e56368 ff5004 call dword ptr [eax+4]
1271 01e5636b c20400 ret 4
The compiler has inlined RenderWidgetHost::ViewDestroyed() here, so the
instruction
of the crash is in fact:
void RenderWidgetHost::ViewDestroyed() {
view_ = NULL; <-------- ACCESS_VIOLATION
}
Since the address of |render_widget_host_| looks reasonable (attempt to
write was to
04e1300c), my expectation is that it is freed memory.
In this case the problem is that |
RenderWidgetHostViewWin::render_widget_host_| is
being destroyed *before* RenderWidgetHostViewWin::OnFinalMessage() is
called.
Will keep digging to see who owns this memory in the code.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
