[chromium-bugs] Issue 6925 in chromium: Regression: Page crash on loading JavaScript Debugger.

Fri, 23 Jan 2009 22:45:58 -0800 

Updates:
        Status: Untriaged
        Cc: [email protected] [email protected]
        Labels: -Pri-2 -Area-Misc Pri-1 Area-BrowserUI

Comment #5 on issue 6925 by [email protected]: Regression: Page  
crash on loading JavaScript Debugger.
http://code.google.com/p/chromium/issues/detail?id=6925

Please note, only tab crashes but not the entire browser window.
Looks like new crash ???

The full dump can be found @
http://crash/reportdetail?email=&clientid=&reportid=66d25738555a2d88&product=Chrome&version=&signature=&date=

Here is the stack analysis
##########################

FAULTING_IP:
chrome_1000000!v8::Object::GetInternalField+3c
[c:\b\slave\chrome-official\build\src\v8\src\api.cc @ 2171]
015d6e5c 8b0e            mov     ecx,dword ptr [esi]

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 015d6e5c  
(chrome_1000000!v8::Object::GetInternalField+0x0000003c)
    ExceptionCode: c0000005 (Access violation)
   ExceptionFlags: 00000000
NumberParameters: 2
    Parameter[0]: 00000000
    Parameter[1]: 00000000
Attempt to read from address 00000000

DEFAULT_BUCKET_ID:  NULL_POINTER_READ

PROCESS_NAME:  chrome.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced  
memory at
"0x%08lx". The memory could not be "%s".

READ_ADDRESS:  00000000

FAULTING_THREAD:  0000071c

PRIMARY_PROBLEM_CLASS:  NULL_POINTER_READ

BUGCHECK_STR:  APPLICATION_FAULT_NULL_POINTER_READ

LAST_CONTROL_TRANSFER:  from 01038133 to 015d6e5c

STACK_TEXT:
00dbf408 01038133 00dbf420 00000001 0000008a
chrome_1000000!v8::Object::GetInternalField+0x3c
[c:\b\slave\chrome-official\build\src\v8\src\api.cc @ 2171]
00dbf424 010371e7 00000000 00dbf444 00000069
chrome_1000000!WebCore::V8Proxy::ToNativeObjectImpl+0x49
[c:\b\slave\chrome-official\build\src\webkit\port\bindings\v8\v8_proxy.cpp  
@ 2606]
00dbf43c 01037240 00000000 0000008a 00000000
chrome_1000000!WebCore::V8Proxy::retrieveWindow+0x2b
[c:\b\slave\chrome-official\build\src\webkit\port\bindings\v8\v8_proxy.cpp  
@ 1836]
00dbf450 0103824c 025ce1f0 00000000 0000008a
chrome_1000000!WebCore::V8Proxy::retrieve+0x15
[c:\b\slave\chrome-official\build\src\webkit\port\bindings\v8\v8_proxy.cpp  
@ 1866]
00dbf46c 01037e95 00dbf494 0000008a 025ce1f0
chrome_1000000!WebCore::V8Proxy::InstantiateV8Object+0x23
[c:\b\slave\chrome-official\build\src\webkit\port\bindings\v8\v8_proxy.cpp  
@ 2657]
00dbf498 0104d2ea 00dbf4f4 0000008a 00bb6fb8
chrome_1000000!WebCore::V8Proxy::ToV8Object+0x121
[c:\b\slave\chrome-official\build\src\webkit\port\bindings\v8\v8_proxy.cpp  
@ 2512]
00dbf4a8 015e6155 00dbf4f4 00bb6fb4 00dbf4d4
chrome_1000000!WebCore::DOMWindowInternal::screenAttrGetter+0x63
[c:\b\slave\chrome-official\build\src\chrome\release\obj\v8bindings\derivedsources\v8domwindow.cpp
@ 57]
00dbf4ec 015f19c4 00bb6fb4 0200f605 020b831d
chrome_1000000!v8::internal::Object::GetPropertyWithCallback+0x115
[c:\b\slave\chrome-official\build\src\v8\src\objects.cc @ 205]
00dbf514 015f214c 027f1ced 00dbf534 020b831d
chrome_1000000!v8::internal::Object::GetProperty+0x1c4
[c:\b\slave\chrome-official\build\src\v8\src\objects.cc @ 472]
00dbf544 0163f1ad 027f1ced 020b831d 00dbf55c
chrome_1000000!v8::internal::Object::GetPropertyWithReceiver+0x3c
[c:\b\slave\chrome-official\build\src\v8\src\objects.cc @ 166]
00dbf55c 016438f7 00000002 00dbf5c0 00dbf5b4
chrome_1000000!v8::internal::DebugLookupResultValue+0x2d
[c:\b\slave\chrome-official\build\src\v8\src\runtime.cc @ 4551]
00dbf59c 0196016c 00000000 00dbf5c0 00000000
chrome_1000000!v8::internal::Runtime_DebugGetPropertyDetails+0x177
[c:\b\slave\chrome-official\build\src\v8\src\runtime.cc @ 4613]
WARNING: Frame IP not in any known module. Following frames may be wrong.
00dbf5b4 019ee963 020b831d 027f1ced 020b0135 0x196016c
00dbf5d0 019ec9d0 020b831d 01c10f25 020c8395 0x19ee963
00dbf600 01960907 020b0135 020b0135 01c10f25 0x19ec9d0
00dbf714 015f8f02 0196334c 0282e155 01c0c60d 0x1960907
00dbf754 015f8fc5 0168ebdc 00bb6fa0 00bb6f6c  
chrome_1000000!v8::internal::Invoke+0x82
[c:\b\slave\chrome-official\build\src\v8\src\execution.cc @ 91]
00dbf774 015d7a7e 00dbf7b8 00bb6fa0 00bb6f6c
chrome_1000000!v8::internal::Execution::Call+0x25
[c:\b\slave\chrome-official\build\src\v8\src\execution.cc @ 116]
00dbf7a4 0160efef 00dbf804 00bb6f6c 00000000  
chrome_1000000!v8::Function::Call+0x9e
[c:\b\slave\chrome-official\build\src\v8\src\api.cc @ 1960]
00dbf7fc 0160f1d5 00bb6f6c 00bb6f34 00000000
chrome_1000000!v8::internal::DebugMessageThread::SetEventJSONFromEvent+0x7f
[c:\b\slave\chrome-official\build\src\v8\src\debug.cc @ 1759]
00dbf8a0 0160f4c2 00000001 00bb6f8c 00bb6f6c
chrome_1000000!v8::internal::DebugMessageThread::DebugEvent+0xd5
[c:\b\slave\chrome-official\build\src\v8\src\debug.cc @ 1842]
00dbf8e4 0160f8fd 00000001 00bb6f6c 00000001
chrome_1000000!v8::internal::Debugger::ProcessDebugEvent+0x72
[c:\b\slave\chrome-official\build\src\v8\src\debug.cc @ 1615]
00dbf910 015f98c4 018408f8 00dbfacc 00000000
chrome_1000000!v8::internal::Debugger::OnDebugBreak+0xcd
[c:\b\slave\chrome-official\build\src\v8\src\debug.cc @ 1486]
00dbfaa0 015f9918 01637710 00000000 0196016c
chrome_1000000!v8::internal::Execution::DebugBreakHelper+0xd4
[c:\b\slave\chrome-official\build\src\v8\src\execution.cc @ 551]
00dbfb34 015f8f02 019e8d70 028314ed 0200d37d
chrome_1000000!v8::internal::Execution::HandleStackGuardInterrupt+0x28
[c:\b\slave\chrome-official\build\src\v8\src\execution.cc @ 560]
00dbfb74 015f8fc5 0168ebdc 00bb6f18 00bb6f24  
chrome_1000000!v8::internal::Invoke+0x82
[c:\b\slave\chrome-official\build\src\v8\src\execution.cc @ 91]
00dbfb94 015d7189 00dbfbcc 00bb6f18 00bb6f24
chrome_1000000!v8::internal::Execution::Call+0x25
[c:\b\slave\chrome-official\build\src\v8\src\execution.cc @ 116]
00dbfbcc 01036923 00dbfbfc 01780578 00000000  
chrome_1000000!v8::Script::Run+0xa9
[c:\b\slave\chrome-official\build\src\v8\src\api.cc @ 1068]
00dbfbec 0103686c 00dbfc54 00bb6f18 00dbfc00
chrome_1000000!WebCore::V8Proxy::RunScript+0xa4
[c:\b\slave\chrome-official\build\src\webkit\port\bindings\v8\v8_proxy.cpp  
@ 1401]
00dbfc0c 0103d0eb 00b71628 00dbfc54 00dbfcd8
chrome_1000000!WebCore::V8Proxy::Evaluate+0x5e
[c:\b\slave\chrome-official\build\src\webkit\port\bindings\v8\v8_proxy.cpp  
@ 1357]
00dbfc4c 011f1fa5 00b74efc 00dbfc74 00bb6ed8
chrome_1000000!WebCore::ScriptController::evaluate+0x6a
[c:\b\slave\chrome-official\build\src\webkit\port\bindings\v8\scriptcontroller.cpp
  
@  
237]
00dbfc6c 014f73b9 00dbfc88 01808528 00dbfd68
chrome_1000000!WebCore::FrameLoader::executeScript+0x4c
[c:\b\slave\chrome-official\build\src\third_party\webkit\webcore\loader\frameloader.cpp
@ 799]
00dbfd30 0100f73b 00dbfd4c 00dbfd68 00b716e8
chrome_1000000!WebFrameImpl::ExecuteJavaScript+0x7b
[c:\b\slave\chrome-official\build\src\webkit\glue\webframe_impl.cc @ 1560]
00dbfdcc 0101d759 02227fc0 02227fb0 0101d731
chrome_1000000!RenderView::EvaluateScript+0x3b
[c:\b\slave\chrome-official\build\src\chrome\renderer\render_view.cc @ 2417]
00dbfdfc 0116973d 02227fc0 00dbfef0 0136ee73
chrome_1000000!DebugMessageHandler::EvaluateScript+0x28
[c:\b\slave\chrome-official\build\src\chrome\renderer\debug_message_handler.cc  
@  
25]
00dbfe08 0136ee73 0136eeaa 00dbfe48 00b71258
chrome_1000000!RunnableMethod<CancelableRequest<CallbackRunner<Tuple4<int,bool,int,base::Time>
> >,void (__thiscall  
CancelableRequest<CallbackRunner<Tuple4<int,bool,int,base::Time>
> >::*)(Tuple4<int,bool,int,base::Time> const
&),Tuple1<Tuple4<int,bool,int,base::Time> > >::Run+0x17
[c:\b\slave\chrome-official\build\src\base\task.h @ 312]
00dbfe0c 0136eeaa 00dbfe48 00b71258 0136f038  
chrome_1000000!MessageLoop::RunTask+0x1c
[c:\b\slave\chrome-official\build\src\base\message_loop.cc @ 309]
00dbfe18 0136f038 00b5e730 00b5e720 00dbfef0
chrome_1000000!MessageLoop::DeferOrRunPendingTask+0x2a
[c:\b\slave\chrome-official\build\src\base\message_loop.cc @ 316]
00dbfe48 01386605 00dbfef0 00b58ea4 00000000  
chrome_1000000!MessageLoop::DoWork+0x6e
[c:\b\slave\chrome-official\build\src\base\message_loop.cc @ 408]
00dbfe74 0136ed3d 00dbfef0 00dbfef0 00b58ea4
chrome_1000000!base::MessagePumpDefault::Run+0xbc
[c:\b\slave\chrome-official\build\src\base\message_pump_default.cc @ 50]
00dbfe88 0136ed0a faddeda1 00b58eb8 00b58ea4
chrome_1000000!MessageLoop::RunInternal+0x2d
[c:\b\slave\chrome-official\build\src\base\message_loop.cc @ 198]
00dbfec0 0136ecad 0100690a 00000001 00b58e00
chrome_1000000!MessageLoop::RunHandler+0x4f
[c:\b\slave\chrome-official\build\src\base\message_loop.cc @ 181]
00dbfee0 01372745 0013f18c 77dd880a 0177e8b8  
chrome_1000000!MessageLoop::Run+0x15
[c:\b\slave\chrome-official\build\src\base\message_loop.cc @ 155]
00dbffb0 01371c14 7c80b683 00b58ea4 0013f18c
chrome_1000000!base::Thread::ThreadMain+0x81
[c:\b\slave\chrome-official\build\src\base\thread.cc @ 156]
00dbffb4 7c80b683 00b58ea4 0013f18c 77dd880a chrome_1000000!`anonymous
namespace'::ThreadFunc+0x9
[c:\b\slave\chrome-official\build\src\base\platform_thread_win.cc @ 27]
00dbffec 00000000 01371c0b 00b58ea4 00000000 kernel32!BaseThreadStart+0x37


STACK_COMMAND:  ~1s; .ecxr ; kb

FOLLOWUP_IP:
chrome_1000000!v8::Object::GetInternalField+3c
[c:\b\slave\chrome-official\build\src\v8\src\api.cc @ 2171]
015d6e5c 8b0e            mov     ecx,dword ptr [esi]

FAULTING_SOURCE_CODE:
   2167:   if (IsDeadCheck("v8::Object::GetInternalField()")) return  
Local<Value>();
   2168:   i::Handle<i::JSObject> obj = Utils::OpenHandle(this);
   2169:   if (!ApiCheck(index < obj->GetInternalFieldCount(),
   2170:                 "v8::Object::GetInternalField()",
> 2171:                 "Reading internal field out of bounds")) {
   2172:     return Local<Value>();
   2173:   }
   2174:   i::Handle<i::Object> value(obj->GetInternalField(index));
   2175:   return Utils::ToLocal(value);
   2176: }


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  chrome_1000000!v8::Object::GetInternalField+3c

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: chrome_1000000

IMAGE_NAME:  chrome.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  4976aaaf

FAILURE_BUCKET_ID:   
NULL_POINTER_READ_c0000005_chrome.dll!v8::Object::GetInternalField

BUCKET_ID:
APPLICATION_FAULT_NULL_POINTER_READ_chrome_1000000!v8::Object::GetInternalField+3c


--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---

Reply via email to