| Issue 6296: | Chrome: Crash Report - Stack Signature: PasswordFormManager::Save() | |
| 1 person starred this issue and may be notified of changes. | Back to list |
Sign in to add a comment
|
The full crash report details can be found at: http://go/crash/reportview?product=Chrome&version=2.0.156.1&signature=PasswordFormManager%3A%3ASave()-F12E2E Meta information: Files Download minidump Client ID: lAuvBiudgGRkmcrFIOs1v3dKwpM= (Show all crashes by this client for this version) Report Time (UTC): 2009/01/09 17:43:44, Fri (Show all crashes by this date for this version) Uptime: 171 sec Product Name: Chrome Product Version: 2.0.156.1 OS Name: Windows NT OS Version: 5.1.2600 Service Pack 2 CPU Architecture: x86 CPU Info: GenuineIntel family 6 model 22 stepping 1 plat: Win32 ptype: browser Stack Trace: 0x011589d0 [chrome.dll - password_form_manager.cc:162] PasswordFormManager::Save() 0x010fe15a [chrome.dll - password_manager.cc:211] PasswordManager::Accept() 0x0124e38e [chrome.dll - infobars.cc:429] ConfirmInfoBar::ButtonPressed(views::NativeButton *) 0x015370ad [chrome.dll - native_button.cc:198] views::NativeButton::Clicked() 0x01536ec9 [chrome.dll - native_button.cc:111] views::NativeButton::OnCommand(unsigned int,int,HWND__ *) 0x015439cb [chrome.dll - native_control.cc:55] views::NativeControlContainer::ProcessWindowMessage(HWND__ *,unsigned int,unsigned int,long,long &,unsigned long) 0x01130e14 [chrome.dll - atlwin.h:3073] ATL::CWindowImplBaseT<ATL::CWindow,ATL::CWinTraits<2181038080,0> >::WindowProc(HWND__ *,unsigned int,unsigned int,long) 0x77d18733 [user32.dll + 0x00008733] InternalCallWinProc 0x77d18815 [user32.dll + 0x00008815] UserCallWinProcCheckWow 0x77d1c63e [user32.dll + 0x0000c63e] CallWindowProcAorW 0x77d1c664 [user32.dll + 0x0000c664] CallWindowProcW 0x0153200b [chrome.dll - focus_manager.cc:198] views::FocusWindowCallback 0x77d18733 [user32.dll + 0x00008733] InternalCallWinProc 0x77d18815 [user32.dll + 0x00008815] UserCallWinProcCheckWow 0x77d1b4bf [user32.dll + 0x0000b4bf] DispatchClientMessage 0x77d1b50b [user32.dll + 0x0000b50b] __fnDWORD 0x7c92eae2 [ntdll.dll + 0x0000eae2] KiUserCallbackDispatcher 0x01531f94 [chrome.dll - focus_manager.cc:130] views::RerouteMouseWheel 0x77d1b902 [user32.dll + 0x0000b902] SendMessageW 0x771a7343 [comctl32.dll + 0x00027343] Button_NotifyParent 0x771a7425 [comctl32.dll + 0x00027425] Button_ReleaseCapture 0x771a972a [comctl32.dll + 0x0002972a] Button_WndProc 0x77d18733 [user32.dll + 0x00008733] InternalCallWinProc 0x77d18815 [user32.dll + 0x00008815] UserCallWinProcCheckWow 0x77d1c63e [user32.dll + 0x0000c63e] CallWindowProcAorW 0x77d1c664 [user32.dll + 0x0000c664] CallWindowProcW 0x0153200b [chrome.dll - focus_manager.cc:198] views::FocusWindowCallback 0x77d18733 [user32.dll + 0x00008733] InternalCallWinProc 0x77d18815 [user32.dll + 0x00008815] UserCallWinProcCheckWow 0x77d1c63e [user32.dll + 0x0000c63e] CallWindowProcAorW 0x77d1c664 [user32.dll + 0x0000c664] CallWindowProcW 0x01543f1c [chrome.dll - native_control.cc:364] views::NativeControl::NativeControlWndProc(HWND__ *,unsigned int,unsigned int,long) 0x77d18733 [user32.dll + 0x00008733] InternalCallWinProc 0x77d18815 [user32.dll + 0x00008815] UserCallWinProcCheckWow 0x77d189cc [user32.dll + 0x000089cc] DispatchMessageWorker 0x77d18a0f [user32.dll + 0x00008a0f] DispatchMessageW 0x0152e492 [chrome.dll - accelerator_handler.cc:29] views::AcceleratorHandler::Dispatch(tagMSG const &) 0x011fe1e3 [chrome.dll - message_pump_win.cc:356] base::MessagePumpForUI::ProcessMessageHelper(tagMSG const &) 0x011fe051 [chrome.dll - message_pump_win.cc:204] base::MessagePumpForUI::DoRunLoop() 0x011fde8c [chrome.dll - message_pump_win.cc:52] base::MessagePumpWin::RunWithDispatcher(base::MessagePump::Delegate *,base::MessagePumpWin::Dispatcher *) 0x011e6d82 [chrome.dll - message_loop.cc:192] MessageLoop::RunInternal() 0x011e6d5a [chrome.dll - message_loop.cc:180] MessageLoop::RunHandler() 0x011e72e3 [chrome.dll - message_loop.cc:558] MessageLoopForUI::Run(base::MessagePumpWin::Dispatcher *) 0x010a2716 [chrome.dll - browser_main.cc:482] BrowserMain(CommandLine &,sandbox::BrokerServices *) 0x010034d2 [chrome.dll - chrome_dll_main.cc:348] ChromeMain 0x00402a70 [chrome.exe - google_update_client.cc:92] google_update::GoogleUpdateClient::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *,wchar_t *,char const *,int *) 0x0040244c [chrome.exe - chrome_exe_main.cc:54] wWinMain
,
Jan 15, 2009
I think this is a bug in the infobar code, not PasswordManager specific;
PasswordManager just does the best job exploiting the issue. I'm still trying to
confirm my theoretical crash-course. I set up a page that submits a password form
onload, which gets an infobar showing. Then, by repeatedly backspace (hot-wired to
'Back' operation), and trying to click one of the native buttons on the infobar, I
managed to repro the crash. My theory goes as follows:
1 -> Form Submit => AddInfoBar.
2 -> Hit "Back".
.1 --> RemoveInfoBar.
.1 --> erases the InfoBarDelegate (the PasswordManager) from the TabContents.
.2 --> Starts the close animation.
NOTE: InfoBar still points to it's delegate (b/c close has not completed).
2 -> onload=form.submit
.1 --> AddInfoBar (succeeds, since the TabContents has no EqualsDelegate due to
2.1.1)
.2 --> Starts the open animation.
NOTE: 2 InfoBars now point to the same delegate (the PasswordManager in this case).
3 -> Animation 1.1.2 completes, calls delegate_->InfoBarClosed(), resets delegate
state
4 -> User clicks button on currently visible infobar (from step 2.1.2). Kaboom!
The other clients of the infobar code all seem to create dedicated delegate instances
for each InfoBar, which would preclude this problem, but I haven't seen that
officially documented anywhere (e.g the fact that you cannot/should not use one
delegate object instance for more than one InfoBar).
So, I'm not certain what the best fix is. Using a dedicated delegate instance, or
simply NULL-checking from within the delegate will eliminate the crash, but maybe
something should be amended in the infobar code.
Cc: b...@chromium.org
,
Jan 15, 2009
pardon my numbering mixup up there :( replace "1 -> Form Submit => AddInfoBar" with "0 -> Form Submit => AddInfoBar" and renumber the next few accordingly so that my references make sense.
,
Jan 27, 2009
Note: The word "opening" is shown as "opnening" ([r8236] Fix a crash when a yellow info bar is closed while another is opnening) in DEV Channel release notes 2.0.159.0.
,
Feb 3, 2009
Issue 6393 has been merged into this issue.
,
Mar 18, 2011
The full crash report details can be found at: http://go/crash/reportview?product=Chrome&version=2.0.156.1&signature=PasswordFormManager%3A%3ASave()-F12E2E Meta information: Files Download minidump Client ID: lAuvBiudgGRkmcrFIOs1v3dKwpM= (Show all crashes by this client for this version) Report Time (UTC): 2009/01/09 17:43:44, Fri (Show all crashes by this date for this version) Uptime: 171 sec Product Name: Chrome Product Version: 2.0.156.1 OS Name: Windows NT OS Version: 5.1.2600 Service Pack 2 CPU Architecture: x86 CPU Info: GenuineIntel family 6 model 22 stepping 1 plat: Win32 ptype: browser Stack Trace: 0x011589d0 [chrome.dll - password_form_manager.cc:162] PasswordFormManager::Save() 0x010fe15a [chrome.dll - password_manager.cc:211] PasswordManager::Accept() 0x0124e38e [chrome.dll - infobars.cc:429] ConfirmInfoBar::ButtonPressed(views::NativeButton *) 0x015370ad [chrome.dll - native_button.cc:198] views::NativeButton::Clicked() 0x01536ec9 [chrome.dll - native_button.cc:111] views::NativeButton::OnCommand(unsigned int,int,HWND__ *) 0x015439cb [chrome.dll - native_control.cc:55] views::NativeControlContainer::ProcessWindowMessage(HWND__ *,unsigned int,unsigned int,long,long &,unsigned long) 0x01130e14 [chrome.dll - atlwin.h:3073] ATL::CWindowImplBaseT<ATL::CWindow,ATL::CWinTraits<2181038080,0> >::WindowProc(HWND__ *,unsigned int,unsigned int,long) 0x77d18733 [user32.dll + 0x00008733] InternalCallWinProc 0x77d18815 [user32.dll + 0x00008815] UserCallWinProcCheckWow 0x77d1c63e [user32.dll + 0x0000c63e] CallWindowProcAorW 0x77d1c664 [user32.dll + 0x0000c664] CallWindowProcW 0x0153200b [chrome.dll - focus_manager.cc:198] views::FocusWindowCallback 0x77d18733 [user32.dll + 0x00008733] InternalCallWinProc 0x77d18815 [user32.dll + 0x00008815] UserCallWinProcCheckWow 0x77d1b4bf [user32.dll + 0x0000b4bf] DispatchClientMessage 0x77d1b50b [user32.dll + 0x0000b50b] __fnDWORD 0x7c92eae2 [ntdll.dll + 0x0000eae2] KiUserCallbackDispatcher 0x01531f94 [chrome.dll - focus_manager.cc:130] views::RerouteMouseWheel 0x77d1b902 [user32.dll + 0x0000b902] SendMessageW 0x771a7343 [comctl32.dll + 0x00027343] Button_NotifyParent 0x771a7425 [comctl32.dll + 0x00027425] Button_ReleaseCapture 0x771a972a [comctl32.dll + 0x0002972a] Button_WndProc 0x77d18733 [user32.dll + 0x00008733] InternalCallWinProc 0x77d18815 [user32.dll + 0x00008815] UserCallWinProcCheckWow 0x77d1c63e [user32.dll + 0x0000c63e] CallWindowProcAorW 0x77d1c664 [user32.dll + 0x0000c664] CallWindowProcW 0x0153200b [chrome.dll - focus_manager.cc:198] views::FocusWindowCallback 0x77d18733 [user32.dll + 0x00008733] InternalCallWinProc 0x77d18815 [user32.dll + 0x00008815] UserCallWinProcCheckWow 0x77d1c63e [user32.dll + 0x0000c63e] CallWindowProcAorW 0x77d1c664 [user32.dll + 0x0000c664] CallWindowProcW 0x01543f1c [chrome.dll - native_control.cc:364] views::NativeControl::NativeControlWndProc(HWND__ *,unsigned int,unsigned int,long) 0x77d18733 [user32.dll + 0x00008733] InternalCallWinProc 0x77d18815 [user32.dll + 0x00008815] UserCallWinProcCheckWow 0x77d189cc [user32.dll + 0x000089cc] DispatchMessageWorker 0x77d18a0f [user32.dll + 0x00008a0f] DispatchMessageW 0x0152e492 [chrome.dll - accelerator_handler.cc:29] views::AcceleratorHandler::Dispatch(tagMSG const &) 0x011fe1e3 [chrome.dll - message_pump_win.cc:356] base::MessagePumpForUI::ProcessMessageHelper(tagMSG const &) 0x011fe051 [chrome.dll - message_pump_win.cc:204] base::MessagePumpForUI::DoRunLoop() 0x011fde8c [chrome.dll - message_pump_win.cc:52] base::MessagePumpWin::RunWithDispatcher(base::MessagePump::Delegate *,base::MessagePumpWin::Dispatcher *) 0x011e6d82 [chrome.dll - message_loop.cc:192] MessageLoop::RunInternal() 0x011e6d5a [chrome.dll - message_loop.cc:180] MessageLoop::RunHandler() 0x011e72e3 [chrome.dll - message_loop.cc:558] MessageLoopForUI::Run(base::MessagePumpWin::Dispatcher *) 0x010a2716 [chrome.dll - browser_main.cc:482] BrowserMain(CommandLine &,sandbox::BrokerServices *) 0x010034d2 [chrome.dll - chrome_dll_main.cc:348] ChromeMain 0x00402a70 [chrome.exe - google_update_client.cc:92] google_update::GoogleUpdateClient::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *,wchar_t *,char const *,int *) 0x0040244c [chrome.exe - chrome_exe_main.cc:54] wWinMain
Labels: -Crash bulkmove Stability-Crash
|
||||||||||
| ► Sign in to add a comment | |||||||||||
Owner: t...@chromium.org