New issue
Advanced search Search tips

Issue 154173 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Closed: Oct 2012
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug



Sign in to add a comment

Chrome: Crash Report - Stack Signature: views::Widget::GetClientAreaBoundsInScreen(...

Reported by dharani@chromium.org, Oct 4 2012

Issue description

oshima@ could you please take a look?

Product: Chrome
Stack Signature: views::Widget::GetClientAreaBoundsInScreen()-4741C83
New Signature Label: views::Widget::GetClientAreaBoundsInScreen()
New Signature Hash: 79460b8a_3da7a33f_a2788f02_d6c008e9_62bc53e3

Report link: http://go/crash/reportdetail?reportid=ebe4003a2482f319

Meta information:
Product Name: Chrome
Product Version: 24.0.1285.2
Report ID: ebe4003a2482f319
Report Time: 2012/10/04 18:12:40, Thu
Uptime: 10 sec
Cumulative Uptime: 0 sec
OS Name: Windows NT
OS Version: 6.1.7601 Service Pack 1
CPU Architecture: x86
CPU Info: GenuineIntel family 15 model 4 stepping 9
ptype: browser


Thread 0 *CRASHED* ( EXCEPTION_ACCESS_VIOLATION_READ @ 0xfffffffff8e6860f )

0x64cf00ba	 [chrome.dll]	 - widget.cc:448 (cs|src|ann)]	views::Widget::GetClientAreaBoundsInScreen()
0x65e3f1c4	 [chrome.dll]	 - balloon_view_views.cc:226 (cs|src|ann)]	BalloonViewImpl::RepositionToBalloon()
0x65848203	 [chrome.dll]	 - balloon.cc:26 (cs|src|ann)]	Balloon::SetPosition(gfx::Point const &,bool)
0x64b91c37	 [chrome.dll]	 - balloon_collection_impl.cc:206 (cs|src|ann)]	BalloonCollectionImpl::PositionBalloonsInternal(bool)
0x66128bcb	 [chrome.dll]	 - balloon_collection_impl.cc:254 (cs|src|ann)]	BalloonCollectionImpl::CancelOffsets()
0x649f8293	 [chrome.dll]	 - bind_internal.h:882 (cs|src|ann)]	base::internal::InvokeHelper<1,void,base::internal::RunnableAdapter<void ( views::NativeTextfieldViews::*)(void)>,void (base::WeakPtr<views::NativeTextfieldViews> const &)>::MakeItSo(base::internal::RunnableAdapter<void ( views::NativeTextfieldViews::*)(void)>,base::WeakPtr<views::NativeTextfieldViews> const &)
0x649f8154	 [chrome.dll]	 - bind_internal.h:1172 (cs|src|ann)]	base::internal::Invoker<1,base::internal::BindState<base::internal::RunnableAdapter<void ( PromoResourceService::*)(void)>,void (PromoResourceService *),void (base::WeakPtr<PromoResourceService>)>,void (PromoResourceService *)>::Run(base::internal::BindStateBase *)
0x64860b2d	 [chrome.dll]	 - message_loop.cc:470 (cs|src|ann)]	MessageLoop::RunTask(base::PendingTask const &)
0x64860d76	 [chrome.dll]	 - message_loop.cc:699 (cs|src|ann)]	MessageLoop::DoDelayedWork(base::TimeTicks *)
0x64a0ac7f	 [chrome.dll]	 - message_pump_win.cc:246 (cs|src|ann)]	base::MessagePumpForUI::DoRunLoop()
0x648604dd	 [chrome.dll]	 - message_loop.cc:422 (cs|src|ann)]	MessageLoop::RunInternal()
0x64860448	 [chrome.dll]	 - run_loop.cc:45 (cs|src|ann)]	base::RunLoop::Run()
0x64cea2c5	 [chrome.dll]	 - chrome_browser_main.cc:1495 (cs|src|ann)]	ChromeBrowserMainParts::MainMessageLoopRun(int *)
0x64cea2de	 [chrome.dll]	 - chrome_browser_main.cc:1499 (cs|src|ann)]	ChromeBrowserMainParts::MainMessageLoopRun(int *)
0x64cea217	 [chrome.dll]	 - browser_main_loop.cc:481 (cs|src|ann)]	content::BrowserMainLoop::RunMainMessageLoopParts()
0x64cea1e1	 [chrome.dll]	 - browser_main_runner.cc:122 (cs|src|ann)]	`anonymous namespace'::BrowserMainRunnerImpl::Run()
0x648a90a5	 [chrome.dll]	 - browser_main.cc:21 (cs|src|ann)]	BrowserMain(content::MainFunctionParams const &)
0x6484864c	 [chrome.dll]	 - content_main_runner.cc:441 (cs|src|ann)]	content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *)
0x648485d3	 [chrome.dll]	 - content_main_runner.cc:734 (cs|src|ann)]	content::ContentMainRunnerImpl::Run()
0x6483a5fc	 [chrome.dll]	 - content_main.cc:35 (cs|src|ann)]	content::ContentMain(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *,content::ContentMainDelegate *)
0x6483a588	 [chrome.dll]	 - chrome_main.cc:28 (cs|src|ann)]	ChromeMain
0x00a1510d	 [chrome.exe]	 - client_util.cc:440 (cs|src|ann)]	MainDllLoader::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *)
0x00a17933	 [chrome.exe]	 - chrome_exe_main_win.cc:76 (cs|src|ann)]	RunChrome(HINSTANCE__ *)
0x00a1799e	 [chrome.exe]	 - chrome_exe_main_win.cc:92 (cs|src|ann)]	wWinMain
0x00a7031c	 [chrome.exe]	 - crt0.c:275]	__tmainCRTStartup
0x7756ed6b	 [kernel32.dll]	 + 0x0004ed6b]	BaseThreadInitThunk
0x779c377a	 [ntdll.dll]	 + 0x0006377a]	__RtlUserThreadStart
0x779c374d	 [ntdll.dll]	 + 0x0006374d]	_RtlUserThreadStart
 
Owner: ----
Status: Available
I merely renamed the method in r147499. I haven't worked on notification code for
long time, nor on windows port.

Comment 2 by dharani@google.com, Oct 12 2012

Owner: sky@chromium.org
Status: Assigned
assigning it to sky@ to get it triaged.

Comment 3 by sky@chromium.org, Oct 15 2012

Labels: iteration-67

Comment 4 by sky@chromium.org, Oct 16 2012

Status: Started
I see this crash going back to 22. I think this is a long standing issue.
Project Member

Comment 5 by bugdroid1@chromium.org, Oct 16 2012

Summary: Chrome: Crash Report - Stack Signature: views::Widget::GetClientAreaBoundsInScreen(...
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=162146

------------------------------------------------------------------------
r162146 | sky@chromium.org | 2012-10-16T16:46:01.499748Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/views/notifications/balloon_view_views.h?r1=162146&r2=162145&pathrev=162146
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/views/notifications/balloon_view_views.cc?r1=162146&r2=162145&pathrev=162146
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/notifications/balloon.h?r1=162146&r2=162145&pathrev=162146

Attempt at fixing crash in balloon code. The current code does a
Widget::Close() and posts a delayed task to cleanup (delete this)
after that. That means there is a window of time between when Close()
completes and the task is run where the widget has been destroyed. I'm
moving cleanup to DeleteDelegate() so there is no window.

This change would also cover the case of the NativeWindow being
deleted out from under the balloon.

BUG= 154173 
TEST=none
R=ben@chromium.org

Review URL: https://codereview.chromium.org/11143031
------------------------------------------------------------------------

Comment 6 by sky@chromium.org, Oct 18 2012

Status: Fixed
I don't see this in 24.0.1299.0 or 24.0.1300.0. I'm hoping my fix worked.

Comment 7 by kareng@google.com, Oct 25 2012

i see this crash in 23. is it safe to merge back?

https://crash.corp.google.com/reportdetail?reportid=10aaaa2d6e3b4085#crashing_thread 

here's one. 
Project Member

Comment 8 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Mstone-24 -Area-UI M-24 Cr-UI

Sign in to add a comment