Updates:
        Cc: [EMAIL PROTECTED]

Comment #8 on issue 4630 by [EMAIL PROTECTED]: Crash [browser] in  
OnReadCompleted, on completing FTP request
http://code.google.com/p/chromium/issues/detail?id=4630

The top of the call stack can't be examined for some reason.
WinDbg says:

   No prior disassembly possible
   6f006300 ??              ???
   6f006301 ??              ???
   6f006302 ??              ???
   6f006303 ??              ???
   6f006304 ??              ???
   6f006305 ??              ???
   ...

The next function on the call stack is

void ResourceDispatcherHost::OnResponseCompleted(URLRequest* request) {
   RESOURCE_LOG("OnResponseCompleted: " << request->url().spec());
   ExtraRequestInfo* info = ExtraInfoForRequest(request);

   if (info->event_handler->OnResponseCompleted(info->request_id,
                                                request->status())) {  <==  
HERE
     NotifyResponseCompleted(request, info->render_process_host_id);

     // The request is complete so we can remove it.
     RemovePendingRequest(info->render_process_host_id, info->request_id);
   }
   // If the handler's OnResponseCompleted returns false, we are deferring  
the
   // call until later.  We will notify the world and clean up when we  
resume.
}

The disassembly is:

chrome_690a0000!ResourceDispatcherHost::OnResponseCompleted:
692cc73d 55              push    ebp
692cc73e 8bec            mov     ebp,esp
692cc740 51              push    ecx
692cc741 8365fc00        and     dword ptr [ebp-4],0
692cc745 53              push    ebx
692cc746 8bd8            mov     ebx,eax
692cc748 56              push    esi
692cc749 8bb3cc010000    mov     esi,dword ptr [ebx+1CCh]
692cc74f 8b4e04          mov     ecx,dword ptr [esi+4]
692cc752 8b01            mov     eax,dword ptr [ecx]
692cc754 8d9388010000    lea     edx,[ebx+188h]
692cc75a 52              push    edx
692cc75b ff7610          push    dword ptr [esi+10h]
692cc75e ff5018          call    dword ptr [eax+18h]
692cc761 84c0            test    al,al  <=== HERE
692cc763 7419            je
chrome_690a0000!ResourceDispatcherHost::OnResponseCompleted+0x41 (692cc77e)
692cc765 ff7614          push    dword ptr [esi+14h]
692cc768 ff7508          push    dword ptr [ebp+8]
692cc76b e802030000      call
chrome_690a0000!ResourceDispatcherHost::NotifyResponseCompleted (692cca72)
692cc770 ff7610          push    dword ptr [esi+10h]
692cc773 8b4614          mov     eax,dword ptr [esi+14h]
692cc776 ff7508          push    dword ptr [ebp+8]
692cc779 e8d6f3ffff      call
chrome_690a0000!ResourceDispatcherHost::RemovePendingRequest (692cbb54)
692cc77e 5e              pop     esi
692cc77f 5b              pop     ebx
692cc780 c9              leave
692cc781 c20400          ret     4

I believe we crashed inside "call    dword ptr [eax+18h]", which should be
   info->event_handler->OnResponseCompleted()
because that's the only call instruction that uses a function pointer.

-- 
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Chromium-bugs" group.
To post to this group, send email to chromium-bugs@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/chromium-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to