| Issue 8477: | Crash in BrowserView | |
| 2 people starred this issue and may be notified of changes. | Back to list |
Sign in to add a comment
|
http://crash/reportdetail? reportid=dfc802909b6c00f6&product=Chrome&version=2.0.167.0&date=&signature=BrowserVie w::CanCurrentlyResize()-155F97F 0x015c5a88 [chrome.dll - browser_view.cc:266] BrowserView::CanCurrentlyResize() 0x015c562e [chrome.dll - browser_view.cc:163] ResizeCorner::GetPreferredSize() 0x015c5669 [chrome.dll - browser_view.cc:169] ResizeCorner::Layout() 0x016ff034 [chrome.dll - view.cc:219] views::View::Layout() 0x015d022c [chrome.dll - download_shelf_view.cc:210] DownloadShelfView::Layout() 0x015c7b7a [chrome.dll - browser_view.cc:1423] BrowserView::LayoutDownloadShelf() 0x015c74ab [chrome.dll - browser_view.cc:1199] BrowserView::Layout() 0x015c7d5c [chrome.dll - browser_view.cc:1478] BrowserView::UpdateUIForContents(TabContents *) 0x015c6f6e [chrome.dll - browser_view.cc:947] BrowserView::TabSelectedAt(TabContents *,TabContents *,int,bool) 0x012ea93b [chrome.dll - tab_strip_model.cc:584] TabStripModel::ChangeSelectedContentsFrom(TabContents *,int,bool) 0x012e9c1f [chrome.dll - tab_strip_model.cc:143] TabStripModel::DetachTabContentsAt(int) 0x012ea7aa [chrome.dll - tab_strip_model.cc:527] TabStripModel::Observe(NotificationType,NotificationSource const &,NotificationDetails const &) 0x011ec538 [chrome.dll - notification_service.cc:107] NotificationService::Notify(NotificationType,NotificationSource const &,NotificationDetails const &) 0x012a09aa [chrome.dll - tab_contents.cc:114] TabContents::Destroy() 0x0129ad4c [chrome.dll - web_contents.cc:343] WebContents::Destroy() 0x012c7a74 [chrome.dll - navigation_controller.cc:440] NavigationController::Destroy() 0x012ea82d [chrome.dll - tab_strip_model.cc:560] TabStripModel::InternalCloseTabContentsAt(int,bool) 0x012a5814 [chrome.dll - browser.cc:1723] Browser::CloseContents(TabContents *) 0x0129bab3 [chrome.dll - web_contents.cc:831] WebContents::Close(RenderViewHost *) 0x0129ce5e [chrome.dll - web_contents.cc:1366] WebContents::RendererUnresponsive(RenderViewHost *,bool) 0x012d77f1 [chrome.dll - render_view_host.cc:1304] RenderViewHost::NotifyRendererUnresponsive() 0x012f200a [chrome.dll - render_widget_host.cc:385] RenderWidgetHost::CheckRendererIsUnresponsive() 0x01549cd8 [chrome.dll - message_loop.cc:308] MessageLoop::RunTask(Task *) 0x01549d0f [chrome.dll - message_loop.cc:316] MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const &) 0x01549f63 [chrome.dll - message_loop.cc:435] MessageLoop::DoDelayedWork(base::Time *) 0x01563c1d [chrome.dll - message_pump_win.cc:213] base::MessagePumpForUI::DoRunLoop() 0x01563a30 [chrome.dll - message_pump_win.cc:52] base::MessagePumpWin::RunWithDispatcher(base::MessagePump::Delegate *,base::MessagePumpWin::Dispatcher *) 0x01549b99 [chrome.dll - message_loop.cc:192] MessageLoop::RunInternal() 0x01549b73 [chrome.dll - message_loop.cc:180] MessageLoop::RunHandler() 0x0154a0d9 [chrome.dll - message_loop.cc:558] MessageLoopForUI::Run(base::MessagePumpWin::Dispatcher *) 0x0126aac1 [chrome.dll - browser_main.cc:183] `anonymous namespace'::RunUIMessageLoop(BrowserProcess *) 0x0126b9db [chrome.dll - browser_main.cc:562] BrowserMain(MainFunctionParams const &) 0x011c340f [chrome.dll - chrome_dll_main.cc:332] ChromeMain 0x00402a70 [chrome.exe - google_update_client.cc:93] google_update::GoogleUpdateClient::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *,wchar_t *,char const *,int *) 0x004024ce [chrome.exe - chrome_exe_main.cc:67] wWinMain Here's how to repro: . Create a window with two tabs. . in the second tab download something so that the shelf remains visible. . drag the second tab out. . close the first window. . resize the second window. This is happening because dragging a tab out results in moving the download shelf to a new window. The ResizeCorner in the download shelf still references the old BrowserView and once the window closes the resize corner references a deleted object. |
||||||||||||||||||||||||
,
Mar 09, 2009
Issue 8549 has been merged into this issue.
Cc: all-bugs...@chromium.org
|
|||||||||||||||||||||||||
,
Mar 09, 2009
MAD is on vacation all week, so I'm taking.
Owner: s...@chromium.org
Cc: m...@chromium.org Labels: Mstone-2.0 Crash |
|||||||||||||||||||||||||
,
Mar 09, 2009
The following revision refers to this bug:
http://src.chromium.org/viewvc/chrome?view=rev&revision=11285
------------------------------------------------------------------------
r11285 | sky@google.com | 2009-03-09 13:55:54 -0700 (Mon, 09 Mar 2009) | 10 lines
Changed paths:
M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/views/frame/browser_view.cc?r1=11285&r2=11284
M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/views/frame/browser_view.h?r1=11285&r2=11284
M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/views/view.cc?r1=11285&r2=11284
M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/views/view.h?r1=11285&r2=11284
Fixes crash in ResizeCorner. ResizeCorner was caching the BrowserView
that created it, but if a tab contained a download shelf and was
dragged to a new window the ResizeCorner would be referencing the
wrong BrowserView. I've changed the code to look up the ancestor
BrowserView as necessary.
BUG=8477
TEST=see bug
Review URL: http://codereview.chromium.org/41010
------------------------------------------------------------------------
|
|||||||||||||||||||||||||
,
Mar 09, 2009
(No comment was entered for this change.)
Status: Fixed
|
|||||||||||||||||||||||||
,
Mar 09, 2009
Hey Scott, Is there are relation to those crashes and the ones we are seeing in this query? http://crash/search?query=Chrome+2.0.168.0+ResizeCorner::Layout() |
|||||||||||||||||||||||||
,
Mar 10, 2009
Yes, they are all the same. |
|||||||||||||||||||||||||
,
Mar 10, 2009
The following revision refers to this bug:
http://src.chromium.org/viewvc/chrome?view=rev&revision=11417
------------------------------------------------------------------------
r11417 | mal@chromium.org | 2009-03-10 20:25:43 -0700 (Tue, 10 Mar 2009) | 13 lines
Changed paths:
M http://src.chromium.org/viewvc/chrome/branches/169/src/chrome/browser/views/frame/browser_view.cc?r1=11417&r2=11416
M http://src.chromium.org/viewvc/chrome/branches/169/src/chrome/browser/views/frame/browser_view.h?r1=11417&r2=11416
M http://src.chromium.org/viewvc/chrome/branches/169/src/chrome/views/view.cc?r1=11417&r2=11416
M http://src.chromium.org/viewvc/chrome/branches/169/src/chrome/views/view.h?r1=11417&r2=11416
Merge r11285.
Fixes crash in ResizeCorner. ResizeCorner was caching the BrowserView
that created it, but if a tab contained a download shelf and was
dragged to a new window the ResizeCorner would be referencing the
wrong BrowserView. I've changed the code to look up the ancestor
BrowserView as necessary.
Review URL: http://codereview.chromium.org/41010
BUG=8477
TBR= sky
Review URL: http://codereview.chromium.org/42058
------------------------------------------------------------------------
|
|||||||||||||||||||||||||
,
Mar 12, 2009
This crash was found in 2.0.169.0 and is currently ranked #4 (based on the relative number of reports in the release). There have been 35 reports from 34 clients. http://crash/search?query=Chrome+2.0.169.0+BrowserView%3A%3ACanCurrentlyResize%28%29 This crash looks like it has re-appeared in 2.0.169.0 I'm reopening.
Status: Assigned
Labels: Crash-2.0.169.0 |
|||||||||||||||||||||||||
,
Mar 13, 2009
That's because the fix was not in 169.1 (or even 169.1 I believe). Mark just merged it to the 169 branch.
Status: Fixed
|
|||||||||||||||||||||||||
,
Mar 17, 2009
Works fine in 2.0.170.0 (Official Build 11755). -Venkat.
Status: Verified
|
|||||||||||||||||||||||||
| ► Sign in to add a comment | |||||||||||||||||||||||||