My favorites | Sign in
Logo
Project Home
  
Downloads
  
Wiki
  
Issues
    
New issue | Search
for
| Advanced search | Search tips
Issue 8345: Browser crash on "Remove/Remove All' of Password's Exceptions !!
9 people starred this issue and may be notified of changes. Back to list
 
Reported by venkataramana@chromium.org, Mar 03, 2009 
Build: 2.0.168.0 (Developer Build 10838)

Do we regress here becoz of the patch for the issue: 7228 ??

Click on "Remove All" button of the Password's Exceptions dialog. No mater
the list is empty or not.

The browser window crashes.

Stack analysis for the crash
############################
FAULTING_IP: 
chrome_1000000!PasswordManagerTableModel::ForgetAndRemoveAllSignons+112
[c:\b\slave\chromium-rel-xp\build\src\chrome\browser\views\password_manager_view.cc
@ 177]
014c71d2 8b11            mov     edx,dword ptr [ecx]

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 014c71d2
(chrome_1000000!PasswordManagerTableModel::ForgetAndRemoveAllSignons+0x00000112)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000000
Attempt to read from address 00000000

FAULTING_THREAD:  00000e2c

DEFAULT_BUCKET_ID:  NULL_POINTER_WRITE

PROCESS_NAME:  chrome.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced
memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS:  00000000 

NTGLOBALFLAG:  70

APPLICATION_VERIFIER_FLAGS:  0

PRIMARY_PROBLEM_CLASS:  NULL_POINTER_WRITE

BUGCHECK_STR:  APPLICATION_FAULT_NULL_POINTER_WRITE

LAST_CONTROL_TRANSFER:  from 014eb692 to 014c71d2

STACK_TEXT:  
0013ed04 014eb692 0249a2dc 00000000 02437c08
chrome_1000000!PasswordManagerTableModel::ForgetAndRemoveAllSignons+0x112
[c:\b\slave\chromium-rel-xp\build\src\chrome\browser\views\password_manager_view.cc
@ 177]
0013edb8 0128abde 0249a2dc 02498038 00000000
chrome_1000000!PasswordManagerExceptionsView::ButtonPressed+0x72
[c:\b\slave\chromium-rel-xp\build\src\chrome\browser\views\password_manager_exceptions_view.cc
@ 213]
0013ee58 0128ac1e 0013ee88 01293c9c 00000000
chrome_1000000!views::NativeButton::Clicked+0x7e
[c:\b\slave\chromium-rel-xp\build\src\chrome\views\native_button.cc @ 197]
0013ee60 01293c9c 00000000 00000000 000708f2
chrome_1000000!views::NativeButton::OnCommand+0xe
[c:\b\slave\chromium-rel-xp\build\src\chrome\views\native_button.cc @ 112]
0013ee88 012992bd 00200824 00000111 00000000
chrome_1000000!views::NativeControlContainer::ProcessWindowMessage+0x16c
[c:\b\slave\chromium-rel-xp\build\src\chrome\views\native_control.cc @ 57]
0013eed8 7e418734 02498038 00000111 00000000
chrome_1000000!ATL::CWindowImplBaseT<WTL::CRichEditCtrlT<ATL::CWindow>,ATL::CWinTraits<1342177280,0>
>::WindowProc+0x5d [c:\program files\microsoft visual studio
8\vc\atlmfc\include\atlwin.h @ 3078]
0013ef04 7e418816 020a0d90 00200824 00000111 USER32!InternalCallWinProc+0x28
0013ef6c 7e42a013 00000000 020a0d90 00200824
USER32!UserCallWinProcCheckWow+0x150
0013ef9c 7e42a039 020a0d90 00200824 00000111 USER32!CallWindowProcAorW+0x98
0013efbc 0127ab2c 020a0d90 00200824 00000111 USER32!CallWindowProcW+0x1b
0013f070 7e418734 020a0d90 00000111 00000000
chrome_1000000!views::FocusWindowCallback+0x19c
[c:\b\slave\chromium-rel-xp\build\src\chrome\views\focus_manager.cc @ 205]
0013f09c 7e418816 0127a990 00200824 00000111 USER32!InternalCallWinProc+0x28
0013f104 7e42927b 00000000 0127a990 00200824
USER32!UserCallWinProcCheckWow+0x150
0013f140 7e4292e3 00775670 0074cf50 00000000 USER32!SendMessageWorker+0x4a5
0013f160 773f7354 00200824 00000111 00000000 USER32!SendMessageW+0x7f
0013f180 773f7436 001cd568 00000000 000a0021 comctl32!Button_NotifyParent+0x3d
0013f19c 773f973b 001cd568 00000001 0013f294
comctl32!Button_ReleaseCapture+0xd7
0013f22c 7e418734 000708f2 00000202 00000000 comctl32!Button_WndProc+0x887
0013f258 7e418816 773f8eb4 000708f2 00000202 USER32!InternalCallWinProc+0x28
0013f2c0 7e42a013 00000000 773f8eb4 000708f2
USER32!UserCallWinProcCheckWow+0x150
0013f2f0 7e42a039 773f8eb4 000708f2 00000202 USER32!CallWindowProcAorW+0x98
0013f310 0127ab2c 773f8eb4 000708f2 00000202 USER32!CallWindowProcW+0x1b
0013f3c4 7e418734 773f8eb4 00000202 00000000
chrome_1000000!views::FocusWindowCallback+0x19c
[c:\b\slave\chromium-rel-xp\build\src\chrome\views\focus_manager.cc @ 205]
0013f3f0 7e418816 0127a990 000708f2 00000202 USER32!InternalCallWinProc+0x28
0013f458 7e42a013 00000000 0127a990 000708f2
USER32!UserCallWinProcCheckWow+0x150
0013f488 7e42a039 0127a990 000708f2 00000202 USER32!CallWindowProcAorW+0x98
0013f4a8 01293a5c 0127a990 000708f2 00000202 USER32!CallWindowProcW+0x1b
0013f568 7e418734 0127a990 00000202 00000000
chrome_1000000!views::NativeControl::NativeControlWndProc+0x15c
[c:\b\slave\chromium-rel-xp\build\src\chrome\views\native_control.cc @ 383]
0013f594 7e418816 01293900 000708f2 00000202 USER32!InternalCallWinProc+0x28
0013f5fc 7e4189cd 00000000 01293900 000708f2
USER32!UserCallWinProcCheckWow+0x150
0013f65c 7e418a10 0013f6ac 00000000 0013f67c USER32!DispatchMessageWorker+0x306
0013f66c 0127636f 0013f6ac 003e8800 0013f694 USER32!DispatchMessageW+0xf
0013f67c 0102285c 0013f6ac 003e8820 003e8800
chrome_1000000!views::AcceleratorHandler::Dispatch+0x4f
[c:\b\slave\chromium-rel-xp\build\src\chrome\views\accelerator_handler.cc @ 32]
0013f694 01023354 0013f6ac 00000000 003e8800
chrome_1000000!base::MessagePumpForUI::ProcessMessageHelper+0x6c
[c:\b\slave\chromium-rel-xp\build\src\base\message_pump_win.cc @ 356]
0013f6c8 01022512 0013f8cc 0013f8cc 0013f8cc
chrome_1000000!base::MessagePumpForUI::DoRunLoop+0x44
[c:\b\slave\chromium-rel-xp\build\src\base\message_pump_win.cc @ 204]
0013f6e8 01012459 0013f8cc 00f6bce0 003ee298
chrome_1000000!base::MessagePumpWin::RunWithDispatcher+0x42
[c:\b\slave\chromium-rel-xp\build\src\base\message_pump_win.cc @ 54]
0013f78c 01012600 fb4c0188 00e7ff28 003ee298
chrome_1000000!MessageLoop::RunInternal+0xa9
[c:\b\slave\chromium-rel-xp\build\src\base\message_loop.cc @ 192]
0013f7c0 01012949 00000001 00000000 00f6bce0
chrome_1000000!MessageLoop::RunHandler+0xa0
[c:\b\slave\chromium-rel-xp\build\src\base\message_loop.cc @ 181]
0013f7dc 01042c2a 00f6bce0 0013fad4 01044372
chrome_1000000!MessageLoopForUI::Run+0x49
[c:\b\slave\chromium-rel-xp\build\src\base\message_loop.cc @ 559]
0013f7e8 01044372 003e9190 ffffffff 003e2b80 chrome_1000000!`anonymous
namespace'::RunUIMessageLoop+0x1a
[c:\b\slave\chromium-rel-xp\build\src\chrome\browser\browser_main.cc @ 185]
0013fad4 01005bd6 0013fbc8 01000000 00000008
chrome_1000000!BrowserMain+0x1302
[c:\b\slave\chromium-rel-xp\build\src\chrome\browser\browser_main.cc @ 560]
0013fc80 0040327c 00400000 0013fcf8 000213be
chrome_1000000!ChromeMain+0x5a6
[c:\b\slave\chromium-rel-xp\build\src\chrome\app\chrome_dll_main.cc @ 375]
0013ff28 004325d8 00400000 00000000 000213be chrome!wWinMain+0x2ac
[c:\b\slave\chromium-rel-xp\build\src\chrome\app\chrome_exe_main.cc @ 102]
0013ffc0 7c817067 7c911440 015bf55c 7ffd5000 chrome!__tmainCRTStartup+0x176
[f:\sp\vctools\crt_bld\self_x86\crt\src\crt0.c @ 324]
0013fff0 00000000 00432641 00000000 78746341 kernel32!BaseProcessStart+0x23


FOLLOWUP_IP: 
chrome_1000000!PasswordManagerTableModel::ForgetAndRemoveAllSignons+112
[c:\b\slave\chromium-rel-xp\build\src\chrome\browser\views\password_manager_view.cc
@ 177]
014c71d2 8b11            mov     edx,dword ptr [ecx]

FAULTING_SOURCE_CODE:  
No source found for
'c:\b\slave\chromium-rel-xp\build\src\chrome\browser\views\password_manager_view.cc'


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME: 
chrome_1000000!PasswordManagerTableModel::ForgetAndRemoveAllSignons+112

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: chrome_1000000

IMAGE_NAME:  chrome.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  49adc0ad

STACK_COMMAND:  ~0s ; kb

FAILURE_BUCKET_ID: 
NULL_POINTER_WRITE_c0000005_chrome.dll!PasswordManagerTableModel::ForgetAndRemoveAllSignons

BUCKET_ID: 
APPLICATION_FAULT_NULL_POINTER_WRITE_chrome_1000000!PasswordManagerTableModel::ForgetAndRemoveAllSignons+112
Comment 1 by venkataramana@chromium.org, Mar 03, 2009 
Changing the title as it also reproduces on "Remove" button.
Summary: Browser crash on "Remove/Remove All' of Password's Exceptions !!
Comment 2 by venkataramana@chromium.org, Mar 06, 2009 
(No comment was entered for this change.)
Cc: m...@chromium.org lafo...@chromium.org
Labels: Mstone-2.0
Comment 3 by ben.at.chromium.org, Mar 06, 2009 
Looks like this is related to the exceptions dialog. The design here is just wrong.

PasswordManagerExceptionsView has-a PasswordManagerExceptionsTableModel which isa- 
PasswordManagerTableModel... however PasswordManagerTableModel expects to have a 
instance_ member which is a PasswordManagerView... not a 
PasswordManagerExceptionsView!

Also, there's a static global |instance_| in password_manager_exceptions_view - this 
should be static to the class, not the file. The naming is wrong per c-style guide.
Status: Assigned
Owner: hc...@chromium.org
Labels: -OS-All OS-Win
Comment 4 by hc...@chromium.org, Mar 07, 2009 
|instance_| in password_manager_view.cc is also a static global variable for the 
file, and it's expecting a PasswordManagerView. It shouldn't be referring to 
|instance_| in PasswordManagerTableModel in r10435, because 
PasswordManagerExceptionsTableModel isa- PasswordManagerTableModel. I'm changing the 
two to fix it.
Comment 5 by hc...@chromium.org, Mar 07, 2009 
Fix is uploaded: http://codereview.chromium.org/39313
Comment 6 by bugdroid1@chromium.org, Mar 09, 2009 
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=11279 

------------------------------------------------------------------------
r11279 | hclam@chromium.org | 2009-03-09 13:13:01 -0700 (Mon, 09 Mar 2009) | 8 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/views/password_manager_exceptions_view.cc?r1=11279&r2=11278
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/views/password_manager_exceptions_view.h?r1=11279&r2=11278
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/views/password_manager_view.cc?r1=11279&r2=11278
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/views/password_manager_view.h?r1=11279&r2=11278

BUG=8345
Added a PasswordManagerTableModelObserver to listen for row count change events.
PasswordManagerView and PasswordManagerExceptionsView are listening to the
event.
Move the |instance_| variable from static global to the respective class to
avoid future misuse of the variable.

Review URL: http://codereview.chromium.org/39313
------------------------------------------------------------------------
Comment 7 by tony.chromium, Mar 09, 2009 
 Issue 8547  has been merged into this issue.
Cc: all-bugs...@chromium.org
Comment 8 by mal.chromium, Mar 09, 2009 
(No comment was entered for this change.)
Status: Fixed
Comment 9 by venkataramana@chromium.org, Mar 10, 2009 
 Issue 8591  has been merged into this issue.
Comment 10 by bugdroid1@chromium.org, Mar 12, 2009 
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=11553 

------------------------------------------------------------------------
r11553 | laforge@chromium.org | 2009-03-12 11:14:42 -0700 (Thu, 12 Mar 2009) | 10 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/169/src/chrome/browser/views/password_manager_exceptions_view.cc?r1=11553&r2=11552
   M http://src.chromium.org/viewvc/chrome/branches/169/src/chrome/browser/views/password_manager_exceptions_view.h?r1=11553&r2=11552
   M http://src.chromium.org/viewvc/chrome/branches/169/src/chrome/browser/views/password_manager_view.cc?r1=11553&r2=11552
   M http://src.chromium.org/viewvc/chrome/branches/169/src/chrome/browser/views/password_manager_view.h?r1=11553&r2=11552

Merge 11279 - Added a PasswordManagerTableModelObserver to listen for row count change events.
PasswordManagerView and PasswordManagerExceptionsView are listening to the
event.
Move the |instance_| variable from static global to the respective class to
avoid future misuse of the variable.

Review URL: http://codereview.chromium.org/39313
BUG=8345
TBR=hclam@chromium.org
Review URL: http://codereview.chromium.org/43147
------------------------------------------------------------------------
Comment 11 by laforge@chromium.org, Mar 12, 2009 
(No comment was entered for this change.)
Labels: -OS-Win OS-Windows
Comment 12 by laforge@chromium.org, Mar 12, 2009 
This crash was found in 2.0.169.0 and is currently ranked #6 (based on the relative number of reports in the release).  There have been 34 reports from 19 clients.
http://crash/search?query=Chrome+2.0.169.0+PasswordManagerTableModel%3A%3AForgetAndRemoveSignon%28int%29
This crash looks like it has re-appeared in 2.0.169.0 I'm reopening.
Summary: Browser crash on &quot;Remove/Remove All&#39; of Password&#39;s Exceptions !!
Status: Assigned
Labels: Crash-2.0.169.0
Comment 13 by tony.chromium, Mar 13, 2009 
 Issue 8550  has been merged into this issue.
Comment 14 by hc...@chromium.org, Mar 13, 2009 
2.0.169.0 is r11198 while the patch is committed since r11279. Please verify.
Comment 16 by hc...@chromium.org, Mar 13, 2009 
2.0.169.1 is built from branch 169 r11427 while the patch was merged since 11553. The 
crash reports are prior to the patch was merged. Please verify.
Comment 17 by laforge@chromium.org, Mar 16, 2009 
This crash was found in 2.0.169.1 and is currently ranked #8 (based on the relative number of reports in the release).  There have been 42 reports from 18 clients.
http://crash/search?query=Chrome+2.0.169.1+PasswordManagerTableModel%3A%3AForgetAndRemoveSignon%28int%29
Summary: Browser crash on &amp;quot;Remove/Remove All&amp;#39; of Password&amp;#39;s Exceptions !!
Labels: Crash-2.0.169.1
Comment 18 by laforge@chromium.org, Mar 16, 2009 
(No comment was entered for this change.)
Status: Fixed
Comment 19 by venkataramana@chromium.org, Mar 19, 2009 
 Issue 8967  has been merged into this issue.
Comment 20 by mberkow...@chromium.org, Mar 30, 2009 
Verified in 2.0.172.0 (Developer Build 12779)
Status: Verified
Sign in to add a comment

Powered by Google Project Hosting