Comment #8 on issue 28526 by craig.schlenter: Segfaults on certain pages. http://code.google.com/p/chromium/issues/detail?id=28526
valgrind shows the OCSPRequest session having been deleted already by the time the OnReadCompleted callback is running. ==2202== Thread 6: ==2202== Invalid read of size 4 ==2202== at 0x4FC7920: (anonymous namespace)::OCSPRequestSession::OnReadCompleted(URLRequest*, int) (in /home/craig/chromium/src/out/Release/lib.target/libnet.so) ==2202== by 0x501FF74: URLRequestJob::NotifyReadComplete(int) (in /home/craig/chromium/src/out/Release/lib.target/libnet.so) ==2202== by 0x5017F4C: URLRequestHttpJob::OnReadCompleted(int) (in /home/craig/chromium/src/out/Release/lib.target/libnet.so) ==2202== by 0x4FA5CA7: net::HttpCache::Transaction::DoCallback(int) (in /home/craig/chromium/src/out/Release/lib.target/libnet.so) ==2202== by 0x4FA5D82: net::HttpCache::Transaction::HandleResult(int) (in /home/craig/chromium/src/out/Release/lib.target/libnet.so) ==2202== by 0x4FAB078: net::HttpCache::Transaction::DoCacheWriteCompleted(int) (in /home/craig/chromium/src/out/Release/lib.target/libnet.so) ==2202== by 0x4FAB178: net::HttpCache::Transaction::DoNetworkReadCompleted(int) (in /home/craig/chromium/src/out/Release/lib.target/libnet.so) ==2202== by 0x4FAE273: net::HttpNetworkTransaction::DoCallback(int) (in /home/craig/chromium/src/out/Release/lib.target/libnet.so) ==2202== by 0x4FBF7A3: net::HttpStreamParser::OnIOComplete(int) (in /home/craig/chromium/src/out/Release/lib.target/libnet.so) ==2202== by 0x4FFC285: net::TCPClientSocketLibevent::DoReadCallback(int) (in /home/craig/chromium/src/out/Release/lib.target/libnet.so) ==2202== by 0x4FFC319: net::TCPClientSocketLibevent::DidCompleteRead() (in /home/craig/chromium/src/out/Release/lib.target/libnet.so) ==2202== by 0x417FC97: event_base_loop (in /home/craig/chromium/src/out/Release/lib.target/libevent.so) ==2202== Address 0xd4f6cf0 is 96 bytes inside a block of size 216 free'd ==2202== at 0x4005297: operator delete(void*) (vg_replace_malloc.c:346) ==2202== by 0x4FC7B54: (anonymous namespace)::OCSPRequestSession::~OCSPRequestSession() (in /home/craig/chromium/src/out/Release/lib.target/libnet.so) ==2202== by 0x4FC8302: (anonymous namespace)::OCSPFree(void*) (in /home/craig/chromium/src/out/Release/lib.target/libnet.so) ==2202== by 0x2DFD86F: pkix_pl_AIAMgr_GetHTTPCerts (pkix_pl_aiamgr.c:381) ==2202== by 0x2DFDDE3: PKIX_PL_AIAMgr_GetAIACerts (pkix_pl_aiamgr.c:668) ==2202== by 0x2DB4E83: pkix_BuildForwardDepthFirstSearch (pkix_build.c:2513) ==2202== by 0x2DBAC61: pkix_Build_InitiateBuildChain (pkix_build.c:4260) ==2202== by 0x2DBCE95: PKIX_BuildChain (pkix_build.c:4440) ==2202== by 0x2D2E283: CERT_PKIXVerifyCert (certvfypkix.c:2155) ==2202== by 0x5100540: net::(anonymous namespace)::PKIXVerifyCert(CERTCertificateStr*, bool, SECOidTag const*, int, CERTValOutParam*) (in /home/craig/chromium/src/out/Release/lib.target/libnet_base.so) ==2202== by 0x5101155: net::X509Certificate::VerifyEV() const (in /home/craig/chromium/src/out/Release/lib.target/libnet_base.so) ==2202== by 0x510187A: net::X509Certificate::Verify(std::string const&, int, net::CertVerifyResult*) const (in /home/craig/chromium/src/out/Release/lib.target/libnet_base.so) -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings -- Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs
