Updates:
Status: Fixed
Comment #13 on issue 6886 by [email protected]: Chrome: Crash Report -
Stack Signature: iat_patch::IATPatchFunction::Unpatch()-1B0E5B3
http://code.google.com/p/chromium/issues/detail?id=6886
Fixed by Amit in revision: 9142
Hands off the intercept if 'unpatch' fails
If IATPatchFunction::Unpatch fails during RestoreImportedFunction
it means that we cannot safely unpatch the import address table
patch. In this case its better to be hands off the intercept as
trying to unpatch again in the destructor of IATPatchFunction is
not going to be any safer.
In real world, when we patch a plugin's SetCursor, we intercept
npswf.dll's IAT entry of SetCursor. It seems that our unpatch
fails when the plugin ref count goes to 0. It could be because
some one else has patched on top of us. Then, during CRT
uninitialization at process shutdown, the destructor of
IATPatchFunction is called. It detects that we haven't unpatched
yet and tries to unpatch. But at this time the plugin DLL is
unloaded and the IAT thunk is invalid. There's no point in
trying to unpatch unloaded DLL's IAT :)
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
