[Webkit-unassigned] [Bug 74053] New: [Chromium] Chrome: Crash Report - Stack Signature: `anonymous namespace'::do_free_with_callbac...

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Dec 7 20:47:14 PST 2011 

https://bugs.webkit.org/show_bug.cgi?id=74053

           Summary: [Chromium] Chrome: Crash Report - Stack Signature:
                    `anonymous namespace'::do_free_with_callbac...
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Windows 7
            Status: NEW
          Keywords: InChromiumBugs
          Severity: Normal
          Priority: P2
         Component: Images
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: hbono at chromium.org


(copied from http://crbug.com/99936>)

Reported by project member dharani at google.com, Oct 11, 2011
http://crash/reportdetail?reportid=011703797f83a705

Product, Version     Chrome ,  16.0.904.0
Stack Signature     `anonymous namespace'::do_free_with_callback(void *,void (*)(void *))-396A05B
New Stack Signature     `anonymous namespace'::do_free_with_callback(void *,void (*)(void *)) 
5eca60fc_d8890956_0ff67efc_82ad85b9_9701dbd3
Report Time (UTC)     2011/10/11 18:45:09, Tue
Uptime     724538 ms
OS Name, Version     Windows NT ,  6.1.7600
CPU Architecture, Info     x86 ,  GenuineIntel family 6 model 23 stepping 10
channel     canary
num-extensions     0
num-switches     6
plat     Win32
ptype     renderer
switch-1     --lang=pt-BR
switch-2     --enable-print-preview



Thread 0 *CRASHED* ( EXCEPTION_ACCESS_VIOLATION_READ @ 0x00e30c00 )

0x641c68fa     [chrome.dll     - tcmalloc.cc:1205    `anonymous namespace'::do_free_with_callback(void *,void (*)(void *))
0x65050181     [chrome.dll     - jmemmgr.c:1008    free_pool
0x6504f84d     [chrome.dll     - jcomapi.c:41    chromium_jpeg_abort
0x6504cb88     [chrome.dll     - jdapimin.c:393    chromium_jpeg_finish_decompress
0x64f7720b     [chrome.dll     - jpegimagedecoder.cpp:356    WebCore::JPEGImageReader::decode(WebCore::SharedBuffer const &,bool)
0x64f77586     [chrome.dll     - jpegimagedecoder.cpp:544    WebCore::JPEGImageDecoder::decode(bool)
0x64f77323     [chrome.dll     - jpegimagedecoder.cpp:455    WebCore::JPEGImageDecoder::frameBufferAtIndex(unsigned int)
0x64f42f0d     [chrome.dll     - imagesource.cpp:138    WebCore::ImageSource::createFrameAtIndex(unsigned int)
0x64f4c414     [chrome.dll     - bitmapimage.cpp:127    WebCore::BitmapImage::cacheFrame(unsigned int)
0x64f4c65e     [chrome.dll     - bitmapimage.cpp:248    WebCore::BitmapImage::frameAtIndex(unsigned int)
0x64f4c1b3     [chrome.dll     - bitmapimage.h:156    WebCore::BitmapImage::nativeImageForCurrentFrame()
0x64f6964f     [chrome.dll     - imageskia.cpp:415    WebCore::BitmapImage::draw(WebCore::GraphicsContext *,WebCore::FloatRect const &,WebCore::FloatRect const &,WebCore::ColorSpace,WebCore::CompositeOperator)
0x64f377c0     [chrome.dll     - graphicscontext.cpp:487    WebCore::GraphicsContext::drawImage(WebCore::Image *,WebCore::ColorSpace,WebCore::FloatRect const &,WebCore::FloatRect const &,WebCore::CompositeOperator,bool)
0x64f3762b     [chrome.dll     - graphicscontext.cpp:457    WebCore::GraphicsContext::drawImage(WebCore::Image *,WebCore::ColorSpace,WebCore::IntRect const &,WebCore::IntRect const &,WebCore::CompositeOperator,bool)
0x64f375ed     [chrome.dll     - graphicscontext.cpp:447    WebCore::GraphicsContext::drawImage(WebCore::Image *,WebCore::ColorSpace,WebCore::IntRect const &,WebCore::CompositeOperator,bool)
0x64dd0d2c     [chrome.dll     - renderimage.cpp:403    WebCore::RenderImage::paintIntoRect(WebCore::GraphicsContext *,WebCore::IntRect const &)
0x64dd0798     [chrome.dll     - renderimage.cpp:331    WebCore::RenderImage::paintReplaced(WebCore::PaintInfo &,WebCore::IntPoint const &)
0x64de3b22     [chrome.dll     - renderreplaced.cpp:152    WebCore::RenderReplaced::paint(WebCore::PaintInfo &,WebCore::IntPoint const &)
0x64dd0b46     [chrome.dll     - renderimage.cpp:337    WebCore::RenderImage::paint(WebCore::PaintInfo &,WebCore::IntPoint const &)
0x64dd3194     [chrome.dll     - inlinebox.cpp:231    WebCore::InlineBox::paint(WebCore::PaintInfo &,WebCore::IntPoint const &,int,int)
0x64dd58d6     [chrome.dll     - inlineflowbox.cpp:1061    WebCore::InlineFlowBox::paint(WebCore::PaintInfo &,WebCore::IntPoint const &,int,int)
0x64dd73b3     [chrome.dll     - rootinlinebox.cpp:197    WebCore::RootInlineBox::paint(WebCore::PaintInfo &,WebCore::IntPoint const &,int,int)
0x64db7691     [chrome.dll     - renderlineboxlist.cpp:262    WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject *,WebCore::PaintInfo &,WebCore::IntPoint const &)
0x64dac2fb     [chrome.dll     - renderblock.cpp:2460    WebCore::RenderBlock::paintContents(WebCore::PaintInfo &,WebCore::IntPoint const &)
0x64dac736     [chrome.dll     - renderblock.cpp:2575    WebCore::RenderBlock::paintObject(WebCore::PaintInfo &,WebCore::IntPoint const &)
0x64dabe7a     [chrome.dll     - renderblock.cpp:2347    WebCore::RenderBlock::paint(WebCore::PaintInfo &,WebCore::IntPoint const &)
0x64d7465d     [chrome.dll     - renderlayer.cpp:2795    WebCore::RenderLayer::paintLayer(WebCore::RenderLayer *,WebCore::GraphicsContext *,WebCore::IntRect const &,unsigned int,WebCore::RenderObject *,WebCore::RenderRegion *,WTF::HashMap<WebCore::OverlapTestRequestClient *,WebCore::IntRect,WTF::PtrHash<WebCore::OverlapTestRequestClient *>,WTF::HashTraits<WebCore::OverlapTestRequestClient *>,WTF::HashTraits<WebCore::IntRect> > *,unsigned int)
0x64d748ac     [chrome.dll     - renderlayer.cpp:2854    WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer *,0> *,WebCore::RenderLayer *,WebCore::GraphicsContext *,WebCore::IntRect const &,unsigned int,WebCore::RenderObject *,WebCore::RenderRegion *,WTF::HashMap<WebCore::OverlapTestRequestClient *,WebCore::IntRect,WTF::PtrHash<WebCore::OverlapTestRequestClient *>,WTF::HashTraits<WebCore::OverlapTestRequestClient *>,WTF::HashTraits<WebCore::IntRect> > *,unsigned int)
0x64d7475c     [chrome.dll     - renderlayer.cpp:2816    WebCore::RenderLayer::paintLayer(WebCore::RenderLayer *,WebCore::GraphicsContext *,WebCore::IntRect const &,unsigned int,WebCore::RenderObject *,WebCore::RenderRegion *,WTF::HashMap<WebCore::OverlapTestRequestClient *,WebCore::IntRect,WTF::PtrHash<WebCore::OverlapTestRequestClient *>,WTF::HashTraits<WebCore::OverlapTestRequestClient *>,WTF::HashTraits<WebCore::IntRect> > *,unsigned int)
0x64d748ac     [chrome.dll     - renderlayer.cpp:2854    WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer *,0> *,WebCore::RenderLayer *,WebCore::GraphicsContext *,WebCore::IntRect const &,unsigned int,WebCore::RenderObject *,WebCore::RenderRegion *,WTF::HashMap<WebCore::OverlapTestRequestClient *,WebCore::IntRect,WTF::PtrHash<WebCore::OverlapTestRequestClient *>,WTF::HashTraits<WebCore::OverlapTestRequestClient *>,WTF::HashTraits<WebCore::IntRect> > *,unsigned int)
...... (10 stack frames dropped.)
0x6474e4c0     [chrome.dll     - render_widget.cc:675    RenderWidget::InvalidationCallback()
0x647502c6     [chrome.dll     - task.h:349    RunnableMethod<RenderWidget,void ( RenderWidget::*)(void),Tuple0>::Run()
0x642ec5e6     [chrome.dll     - task.cc:71    base::subtle::TaskClosureAdapter::Run()
0x642e5545     [chrome.dll     - message_loop.cc:481    MessageLoop::RunTask(MessageLoop::PendingTask const &)
0x642e55b1     [chrome.dll     - message_loop.cc:497    MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const &)
0x642e5937     [chrome.dll     - message_loop.cc:687    MessageLoop::DoWork()
0x642fe0fc     [chrome.dll     - message_pump_default.cc:50    base::MessagePumpDefault::Run(base::MessagePump::Delegate *)
0x642e546e     [chrome.dll     - message_loop.cc:444    MessageLoop::RunInternal()
0x642e53f3     [chrome.dll     - message_loop.cc:417    MessageLoop::RunHandler()
0x642e5385     [chrome.dll     - message_loop.cc:341    MessageLoop::Run()
0x64731521     [chrome.dll     - renderer_main.cc:228    RendererMain(MainFunctionParams const &)
0x64306d0c     [chrome.dll     - content_main.cc:252    `anonymous namespace'::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,MainFunctionParams const &,content::ContentMainDelegate *)
0x643070a2     [chrome.dll     - content_main.cc:442    content::ContentMain(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *,content::ContentMainDelegate *)
0x641c2955     [chrome.dll     - chrome_main.cc:28    ChromeMain
0x00d21dea     [chrome.exe     - client_util.cc:346    MainDllLoader::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *)
0x00d210c8     [chrome.exe     - chrome_exe_main_win.cc:36    wWinMain
0x00d7a1c7     [chrome.exe     - crt0.c:263    __tmainCRTStartup
0x76ee1113     [kernel32.dll     + 0x00051113]    BaseThreadInitThunk
0x7763b428     [ntdll.dll     + 0x0005b428]    __RtlUserThreadStart
0x7763b3fb     [ntdll.dll     + 0x0005b3fb]    _RtlUserThreadStart

Even though I cannot reproduce this crash on my PC, it seems Chrome crashes in freeing memory not allocated by tcmalloc. Since WebKit r96970 <http://trac.webkit.org/changeset/96970> attached an empty color profile when USE_ICCJPEG is not defined, it causes this crash?

Regards,

Hironori Bono

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list