(No comment was entered for this change.)

(No comment was entered for this change.)

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=98693

------------------------------------------------------------------------
r98693 | sky@chromium.org | Mon Aug 29 13:44:34 PDT 2011

Changed paths:
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/views/infobars/before_translate_infobar.h?r1=98693&r2=98692&pathrev=98693
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/views/infobars/before_translate_infobar.cc?r1=98693&r2=98692&pathrev=98693

Speculative fix for 93314. I suspect the
OptionMenuModel::translate_infobar_delegate_ has been deleted. This
may be possible if BeforeTranslateInfoBar is deleted while the menu is
showing. Changing the code like I'm doing makes sure the menu is
deleted if BeforeTranslateInfoBar is deleted too.

BUG=93314
TEST=none
R=pkasting@chromium.org

Review URL: http://codereview.chromium.org/7745057
------------------------------------------------------------------------

This code has been deleted.

I don't understand the comment #4. If the code is deleted, why do we see the same issue again in 874.0. There are 9 crashes so far.

http://crash/reportdetail?reportid=01ba8401c6e30026

Maybe this isn't the profiles menu, then. I shouldn't own this.

(No comment was entered for this change.)

(No comment was entered for this change.)

still working on this?

http://codereview.chromium.org/7796010/

(No comment was entered for this change.)

(No comment was entered for this change.)

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=101958

------------------------------------------------------------------------
r101958 | sky@chromium.org | Tue Sep 20 08:23:51 PDT 2011

Changed paths:
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/views/infobars/infobar_view.cc?r1=101958&r2=101957&pathrev=101958
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/views/infobars/extension_infobar.h?r1=101958&r2=101957&pathrev=101958
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/views/infobars/confirm_infobar.h?r1=101958&r2=101957&pathrev=101958
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/views/infobars/extension_infobar.cc?r1=101958&r2=101957&pathrev=101958
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/views/infobars/infobar_view.h?r1=101958&r2=101957&pathrev=101958
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/views/infobars/link_infobar.h?r1=101958&r2=101957&pathrev=101958
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/views/infobars/after_translate_infobar.cc?r1=101958&r2=101957&pathrev=101958
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/views/infobars/before_translate_infobar.h?r1=101958&r2=101957&pathrev=101958
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/views/infobars/translate_message_infobar.h?r1=101958&r2=101957&pathrev=101958
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/views/infobars/before_translate_infobar.cc?r1=101958&r2=101957&pathrev=101958
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/views/infobars/after_translate_infobar.h?r1=101958&r2=101957&pathrev=101958

Attempt at fixing crash in menus shown from infobars. Here's what the
current code does when closing an infobar:
. The animation ends, resulting in a delayed deletion of InfoBarView
  (InfoBarContainerView::PlatformSpecificRemoveInfoBar).
. The InfoBarDelegate deletes itself (InfoBarDelegate::InfoBarClosed).
. Eventually the InfoBarView is deleted.
This leaves a window of time between which the view is alive, but the
delegate has been deleted. The view doesn't directly reference the
delegate anymore, but the menu models created by the infobarviews
do. This means if a paint comes in to the menu it's going to query the
deleted delegate and we crash.

I made CancelMenu pure virtual in hopes of avoiding this in the future
by making subclasses think about it.

BUG=93314
TEST=make sure menus on infobars still work.
R=pkasting@chromium.org

Review URL: http://codereview.chromium.org/7796010
------------------------------------------------------------------------

similar crash which scott believes is a manifestation of this bug. The below crash is seen in 887 and 874.21

http://crash/reportdetail?reportid=01396c11b82f51d8

Thread 0 *CRASHED* ( EXCEPTION_ACCESS_VIOLATION_EXEC @ 0x00000001 )

0x00000001			
0x028d04e0	 [chrome.dll	 - simple_menu_model.cc:69	ui::SimpleMenuModel::Delegate::ExecuteCommand(int,int)
0x028d0df9	 [chrome.dll	 - simple_menu_model.cc:318	ui::SimpleMenuModel::ActivatedAt(int,int)
0x029d23e2	 [chrome.dll	 - menu_model_adapter.cc:70	views::MenuModelAdapter::ExecuteCommand(int,int)
0x029d20e4	 [chrome.dll	 - menu_runner.cc:228	views::internal::MenuRunnerImpl::MenuDone(views::MenuItemView *,int)
0x029d1f5e	 [chrome.dll	 - menu_runner.cc:178	views::internal::MenuRunnerImpl::RunMenuAt(views::Widget *,views::MenuButton *,gfx::Rect const &,views::MenuItemView::AnchorPosition,int)
0x021dc0c2	 [chrome.dll	 - before_translate_infobar.cc:204	BeforeTranslateInfoBar::RunMenu(views::View *,gfx::Point const &)
0x029d4782	 [chrome.dll	 - menu_button.cc:110	views::MenuButton::Activate()
0x029d492b	 [chrome.dll	 - menu_button.cc:189	views::MenuButton::OnMousePressed(views::MouseEvent const &)
0x029c2056	 [chrome.dll	 - view.cc:1815	views::View::ProcessMousePressed(views::MouseEvent const &,views::View::DragInfo *)
0x029e4810	 [chrome.dll	 - root_view.cc:208	views::internal::RootView::OnMousePressed(views::MouseEvent const &)
0x029c5044	 [chrome.dll	 - widget.cc:946	views::Widget::OnMouseEvent(views::MouseEvent const &)
0x029c7e81	 [chrome.dll	 - native_widget_win.cc:1529	views::NativeWidgetWin::OnMouseRange(unsigned int,unsigned int,long)
0x01f1ccd8	 [chrome.dll	 - native_widget_win.h:289	views::NativeWidgetWin::_ProcessWindowMessage(HWND__ *,unsigned int,unsigned int,long,long &,unsigned long)
0x01f1cca0	 [chrome.dll	 - native_widget_win.h:287	views::NativeWidgetWin::ProcessWindowMessage(HWND__ *,unsigned int,unsigned int,long,long &,unsigned long)
0x029c745e	 [chrome.dll	 - native_widget_win.cc:1117	views::NativeWidgetWin::OnWndProc(unsigned int,unsigned int,long)
0x028d5dd7	 [chrome.dll	 - window_impl.cc:191	ui::WindowImpl::WndProc(HWND__ *,unsigned int,unsigned int,long)
0x028d612e	 [chrome.dll	 - wrapped_window_proc.h:60	base::win::WrappedWindowProc<&ui::WindowImpl::WndProc(HWND__ *,unsigned int,unsigned int,long)>(HWND__ *,unsigned int,unsigned int,long)
0x77d18733	 [user32.dll	 + 0x00008733]	InternalCallWinProc
0x77d18815	 [user32.dll	 + 0x00008815]	UserCallWinProcCheckWow
0x77d189cc	 [user32.dll	 + 0x000089cc]	DispatchMessageWorker
0x77d18a0f	 [user32.dll	 + 0x00008a0f]	DispatchMessageW
0x029c5c97	 [chrome.dll	 - accelerator_handler_win.cc:54	views::AcceleratorHandler::Dispatch(tagMSG const &)
0x01e474b8	 [chrome.dll	 - message_pump_win.cc:354	base::MessagePumpForUI::ProcessMessageHelper(tagMSG const &)
0x01e47311	 [chrome.dll	 - message_pump_win.cc:199	base::MessagePumpForUI::DoRunLoop()
0x01e47130	 [chrome.dll	 - message_pump_win.cc:51	base::MessagePumpWin::RunWithDispatcher(base::MessagePump::Delegate *,base::MessagePumpWin::Dispatcher *)
0x01e2adda	 [chrome.dll	 - message_loop.cc:438	MessageLoop::RunInternal()
0x01e2ad6a	 [chrome.dll	 - message_loop.cc:416	MessageLoop::RunHandler()
0x01e2b4b3	 [chrome.dll	 - message_loop.cc:823	MessageLoopForUI::Run(base::MessagePumpWin::Dispatcher *)
0x01f2ea50	 [chrome.dll	 - browser_main.cc:244	`anonymous namespace'::RunUIMessageLoop(BrowserProcess *)
0x01f31ac4	 [chrome.dll	 - browser_main.cc:1847	ChromeBrowserMainParts::TemporaryContinue()
0x022ea29a	 [chrome.dll	 - browser_main.cc:311	BrowserMain(MainFunctionParams const &)
0x01e4ec47	 [chrome.dll	 - content_main.cc:292	`anonymous namespace'::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,MainFunctionParams const &,content::ContentMainDelegate *)
0x01e4efdc	 [chrome.dll	 - content_main.cc:482	content::ContentMain(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *,content::ContentMainDelegate *)
0x01c31a38	 [chrome.dll	 - chrome_main.cc:759	ChromeMain
0x00401dc3	 [chrome.exe	 - client_util.cc:360	MainDllLoader::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *)
0x004010c8	 [chrome.exe	 - chrome_exe_main_win.cc:36	wWinMain
0x004596af	 [chrome.exe	 - crt0.c:263	__tmainCRTStartup
0x7c817076	 [kernel32.dll	 + 0x00017076]	BaseProcessStart

My fix went into 888. It's still early on in 888, so I can't say if it's fully addressed this.

I still see one crash in 888 that looks related, but that's no where near the number of crashes we were seeing. I'm requesting a merge of 101958.

(No comment was entered for this change.)

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=102375

------------------------------------------------------------------------
r102375 | sky@chromium.org | Thu Sep 22 14:39:20 PDT 2011

Changed paths:
 M http://src.chromium.org/viewvc/chrome/branches/874/src/chrome/browser/ui/views/infobars/infobar_view.cc?r1=102375&r2=102374&pathrev=102375
 M http://src.chromium.org/viewvc/chrome/branches/874/src/chrome/browser/ui/views/infobars/extension_infobar.h?r1=102375&r2=102374&pathrev=102375
 M http://src.chromium.org/viewvc/chrome/branches/874/src/chrome/browser/ui/views/infobars/confirm_infobar.h?r1=102375&r2=102374&pathrev=102375
 M http://src.chromium.org/viewvc/chrome/branches/874/src/chrome/browser/ui/views/infobars/extension_infobar.cc?r1=102375&r2=102374&pathrev=102375
 M http://src.chromium.org/viewvc/chrome/branches/874/src/chrome/browser/ui/views/infobars/infobar_view.h?r1=102375&r2=102374&pathrev=102375
 M http://src.chromium.org/viewvc/chrome/branches/874/src/chrome/browser/ui/views/infobars/link_infobar.h?r1=102375&r2=102374&pathrev=102375
 M http://src.chromium.org/viewvc/chrome/branches/874/src/chrome/browser/ui/views/infobars/after_translate_infobar.cc?r1=102375&r2=102374&pathrev=102375
 M http://src.chromium.org/viewvc/chrome/branches/874/src/chrome/browser/ui/views/infobars/before_translate_infobar.h?r1=102375&r2=102374&pathrev=102375
 M http://src.chromium.org/viewvc/chrome/branches/874/src/chrome/browser/ui/views/infobars/translate_message_infobar.h?r1=102375&r2=102374&pathrev=102375
 M http://src.chromium.org/viewvc/chrome/branches/874/src/chrome/browser/ui/views/infobars/before_translate_infobar.cc?r1=102375&r2=102374&pathrev=102375
 M http://src.chromium.org/viewvc/chrome/branches/874/src/chrome/browser/ui/views/infobars/after_translate_infobar.h?r1=102375&r2=102374&pathrev=102375

Merge 101958 - Attempt at fixing crash in menus shown from infobars. Here's what the
current code does when closing an infobar:
. The animation ends, resulting in a delayed deletion of InfoBarView
  (InfoBarContainerView::PlatformSpecificRemoveInfoBar).
. The InfoBarDelegate deletes itself (InfoBarDelegate::InfoBarClosed).
. Eventually the InfoBarView is deleted.
This leaves a window of time between which the view is alive, but the
delegate has been deleted. The view doesn't directly reference the
delegate anymore, but the menu models created by the infobarviews
do. This means if a paint comes in to the menu it's going to query the
deleted delegate and we crash.

I made CancelMenu pure virtual in hopes of avoiding this in the future
by making subclasses think about it.

BUG=93314
TEST=make sure menus on infobars still work.
R=pkasting@chromium.org

Review URL: http://codereview.chromium.org/7796010

TBR=sky@chromium.org
Review URL: http://codereview.chromium.org/7969024
------------------------------------------------------------------------

(No comment was entered for this change.)