Comment #20 on issue 26979 by [email protected]: CRASH in CFEqual during animations. http://code.google.com/p/chromium/issues/detail?id=26979
While following pink's steps from bug 27145 comment 0, I was able to crash in CFEqual while handling an animation, with a stack just like http://crash/reportdetail? reportid=ca3ee98a4c923c83 that Scott listed above. This test was on 10.5.8, debug mode, in the debugger. I went to crbug.com, command-clicked "Code Home" at the bottom of the page (instead of a bug number) 30 or so times, switched to the first loading tab, waited for it to paint the page, and then stood on command-W. This does not crash in CFEqual reliably. I experienced many other sorts of crashes while doing this. Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0xa1b1c106 0x93ff9de6 in CFEqual () (gdb) bt #0 0x93ff9de6 in CFEqual () #1 0x93ffd675 in __CFSetFindBuckets1b () #2 0x93ffdcaa in CFSetContainsValue () #3 0x93ff646d in CFRunLoopRemoveTimer () #4 0x93ff66c1 in CFRunLoopTimerInvalidate () #5 0x91932a24 in -[NSAnimationManager animationTimerFired:] () #6 0x92deb483 in __NSFireTimer () #7 0x93ff78f5 in CFRunLoopRunSpecific () #8 0x93ff7aa8 in CFRunLoopRunInMode () #9 0x9244f2ac in RunCurrentEventLoopInMode () #10 0x9244f0c5 in ReceiveNextEventCommon () #11 0x9244ef39 in BlockUntilNextEventMatchingListInMode () #12 0x916b96d5 in _DPSNextEvent () #13 0x916b8f88 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] () #14 0x916b1f9f in -[NSApplication run] () #15 0x06fb6132 in base::MessagePumpNSApplication::DoRun (this=0x33efd0, delegate=0xbfffe7a8) at /chrome/trunk/src/base/message_pump_mac.mm:677 #16 0x06fb6721 in base::MessagePumpCFRunLoopBase::Run (this=0x33efd0, delegate=0xbfffe7a8) at /chrome/trunk/src/base/message_pump_mac.mm:213 #17 0x06faea76 in MessageLoop::RunInternal (this=0xbfffe7a8) at /chrome/trunk/src/base/message_loop.cc:205 #18 0x06faea91 in MessageLoop::RunHandler (this=0xbfffe7a8) at /chrome/trunk/src/base/message_loop.cc:177 #19 0x06faeaf5 in MessageLoop::Run (this=0xbfffe7a8) at /chrome/trunk/src/base/message_loop.cc:155 #20 0x069f8ccb in (anonymous namespace)::RunUIMessageLoop (browser_process=0x340630) at /chrome/trunk/src/chrome/browser/browser_main.cc:152 #21 0x069fad3b in BrowserMain (paramete...@0xbffff2e8) at /chrome/trunk/src/chrome/browser/browser_main.cc:880 #22 0x06890aac in ChromeMain (argc=1, argv=0xbffff76c) at /chrome/trunk/src/chrome/app/chrome_dll_main.cc:635 #23 0x00001ffe in main (argc=1, argv=0xbffff76c) at /chrome/trunk/src/chrome/app/chrome_exe_main.mm:17 #24 0x00001fba in start () -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings -- Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs
