Comment #5 on issue 25692 by [email protected]: Crash after ClosePageIgnoringUnloadEvents http://code.google.com/p/chromium/issues/detail?id=25692
I stared at the assembly for a bit and played with my own build where I expanded out the FOR_EACH_OBSERVER macro. The loop in the macro: while ((obs = it.GetNext()) != NULL) obs->func; is disassembled as: 0x0927eda5 test %edx,%edx 0x0927eda7 je 0x927ed35 0x0927eda9 mov 0x14(%ebp),%ecx 0x0927edac mov (%edx),%eax 0x0927edae mov %edx,(%esp) ... 0x0927edc3 call *0x8(%eax) where %edx is |obs|. It has the bogus value 0x21. No idea how that got there. All the NotificationService::AddObserver calls for notifications of type TAB_CLOSED pass in |this|, which shouldn't have such a low memory address. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
