New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 7 users

Issue metadata

Status: Fixed
Owner:
Not on Chrome anymore
Closed: Jul 2010
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug
M-6

Restricted
  • Only users with EditIssue permission may comment.



Sign in to add a comment
link

Issue 49836: Renderer crash on youtube @ WebViewPlugin::didClearWindowObject(WebKit::WebFrame *)

Reported by sunandt@chromium.org, Jul 21 2010 Project Member

Issue description

As soon as I navigate to any youtube video page (http://www.youtube.com/watch?v=c_6uY-4-ExE&feature=popular), renderer crashes. I've a profile in case you need it. Once it starts crashing, virtually youtube is useless, chrome crashes on all youtube video pages.

Stack Trace
-----------
Thread 0 *CRASHED* ( EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000000 )

0x01d093a6	 [chrome.dll	 - print_system_win.cc:291]	WebViewPlugin::didClearWindowObject(WebKit::WebFrame *)
0x022d49a1	 [chrome.dll	 - frameloaderclientimpl.cpp:116]	WebKit::FrameLoaderClientImpl::dispatchDidClearWindowObjectInWorld(WebCore::DOMWrapperWorld *)
0x0207c5d0	 [chrome.dll	 - frameloader.cpp:3409]	WebCore::FrameLoader::dispatchDidClearWindowObjectInWorld(WebCore::DOMWrapperWorld *)
0x0207c58d	 [chrome.dll	 - frameloader.cpp:3401]	WebCore::FrameLoader::dispatchDidClearWindowObjectsInAllWorlds()
0x0207789a	 [chrome.dll	 - frameloader.cpp:676]	WebCore::FrameLoader::receivedFirstData()
0x0211fdf2	 [chrome.dll	 - documentwriter.cpp:236]	WebCore::DocumentWriter::setEncoding(WebCore::String const &,bool)
0x022c062b	 [chrome.dll	 - webframeimpl.cpp:1018]	WebKit::WebFrameImpl::commitDocumentData(char const *,unsigned int)
0x022d5cea	 [chrome.dll	 - frameloaderclientimpl.cpp:1042]	WebKit::FrameLoaderClientImpl::committedLoad(WebCore::DocumentLoader *,char const *,int)
0x0211bcfb	 [chrome.dll	 - documentloader.cpp:280]	WebCore::DocumentLoader::commitLoad(char const *,int)
0x0220ca1e	 [chrome.dll	 - mainresourceloader.cpp:147]	WebCore::MainResourceLoader::addData(char const *,int,bool)
0x0220bb69	 [chrome.dll	 - resourceloader.cpp:260]	WebCore::ResourceLoader::didReceiveData(char const *,int,__int64,bool)
0x0220d071	 [chrome.dll	 - mainresourceloader.cpp:416]	WebCore::MainResourceLoader::didReceiveData(char const *,int,__int64,bool)
0x0220cd3e	 [chrome.dll	 - mainresourceloader.cpp:274]	WebCore::MainResourceLoader::continueAfterContentPolicy(WebCore::PolicyAction,WebCore::ResourceResponse const &)
0x0220ce5a	 [chrome.dll	 - mainresourceloader.cpp:284]	WebCore::MainResourceLoader::callContinueAfterContentPolicy(void *,WebCore::PolicyAction)
0x0220cfb8	 [chrome.dll	 - mainresourceloader.cpp:370]	WebCore::MainResourceLoader::didReceiveResponse(WebCore::ResourceResponse const &)
0x0220d280	 [chrome.dll	 - mainresourceloader.cpp:484]	WebCore::MainResourceLoader::handleDataLoadNow(WebCore::Timer<WebCore::MainResourceLoader> *)
0x02217444	 [chrome.dll	 - timer.h:98]	WebCore::Timer<WebCore::EventSource>::fired()
0x021cda1b	 [chrome.dll	 - threadtimers.cpp:112]	WebCore::ThreadTimers::sharedTimerFiredInternal()
0x021cd98e	 [chrome.dll	 - threadtimers.cpp:90]	WebCore::ThreadTimers::sharedTimerFired()
0x01cec69d	 [chrome.dll	 - message_loop.cc:409]	MessageLoop::RunTask(Task *)
0x01cec729	 [chrome.dll	 - message_loop.cc:418]	MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const &)
0x01cec8bf	 [chrome.dll	 - message_loop.cc:525]	MessageLoop::DoWork()
0x01cfd543	 [chrome.dll	 - message_pump_default.cc:50]	base::MessagePumpDefault::Run(base::MessagePump::Delegate *)
0x01cec44c	 [chrome.dll	 - message_loop.cc:257]	MessageLoop::RunInternal()
0x01cec3d1	 [chrome.dll	 - message_loop.cc:229]	MessageLoop::RunHandler()
0x01cec37f	 [chrome.dll	 - message_loop.cc:207]	MessageLoop::Run()
0x01d11292	 [chrome.dll	 - renderer_main.cc:292]	RendererMain(MainFunctionParams const &)
0x01c33baa	 [chrome.dll	 - chrome_dll_main.cc:777]	ChromeMain
0x00403882	 [chrome.exe	 - client_util.cc:238]	MainDllLoader::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *)
0x00403e54	 [chrome.exe	 - chrome_exe_main.cc:46]	wWinMain
0x00446b3c	 [chrome.exe	 - crt0.c:263]	__tmainCRTStartup
0x7c817076	 [kernel32.dll	 + 0x00017076]	BaseProcessStart

Full report @ http://crash/reportdetail?reportid=0f3129bf6085bd34

Google Chrome 6.0.472.0 (Official Build 53024)

I do have a profile where I can repro this 100% of the times. Let me know if you need it.
 

Comment 1 by sunandt@chromium.org, Jul 21 2010

Summary: Renderer crash on youtube @ WebViewPlugin::didClearWindowObject(WebKit::WebFrame *)

Comment 2 by dglazkov@chromium.org, Jul 23 2010

It sounds like an extension is at play here. Can you possibly reduce to which one is causing the problem?

Comment 3 by dglazkov@chromium.org, Jul 23 2010

Status: Assigned

Comment 4 by sunandt@chromium.org, Jul 26 2010

 Issue 50153  has been merged into this issue.

Comment 6 by sunandt@chromium.org, Jul 26 2010

Steps
-----
1. Install AdBlock extension
2. Block all Plugins through content settings
3. Navigate to www.youtube.com and load a video

Renderer crashes.

Comment 7 by sunandt@chromium.org, Jul 26 2010

 Issue 50180  has been merged into this issue.

Comment 8 by sunandt@chromium.org, Jul 26 2010

 Issue 49674  has been merged into this issue.

Comment 10 by thestig@chromium.org, Jul 26 2010

Labels: OS-All

Comment 11 by bugdro...@gmail.com, Jul 28 2010

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=53932 

------------------------------------------------------------------------
r53932 | bauerb@chromium.org | 2010-07-28 04:57:04 -0700 (Wed, 28 Jul 2010) | 6 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/webkit/glue/plugins/webview_plugin.cc?r1=53932&r2=53931

Watch out for invalid delegate and container after destroying the WebViewPlugin.

BUG= 49836 
TEST=Enable FlashBlock, block all plugins and go to a site with a flash animation. No crashy!

Review URL: http://codereview.chromium.org/3020031
------------------------------------------------------------------------

Comment 12 by dglazkov@chromium.org, Jul 28 2010

bauerb, I see you have a fix? :)

Comment 13 by bauerb@chromium.org, Jul 28 2010

Status: Fixed
r53932 should have fixed it. It only happens with click-to-play which is behind a switch now anyway.

Comment 14 by bugdro...@gmail.com, Aug 3 2010

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=54655 

------------------------------------------------------------------------
r54655 | ananta@chromium.org | 2010-08-02 18:06:09 -0700 (Mon, 02 Aug 2010) | 9 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/472/src/webkit/glue/plugins/webview_plugin.cc?r1=54655&r2=54654

Merge 53932 - Watch out for invalid delegate and container after destroying the WebViewPlugin.

BUG= 49836 
TEST=Enable FlashBlock, block all plugins and go to a site with a flash animation. No crashy!

Review URL: http://codereview.chromium.org/3020031

TBR=bauerb@chromium.org
Review URL: http://codereview.chromium.org/3053035
------------------------------------------------------------------------

Comment 15 by lafo...@chromium.org, Mar 19 2011

Labels: -Crash bulkmove Stability-Crash
As soon as I navigate to any youtube video page (http://www.youtube.com/watch?v=c_6uY-4-ExE&amp;feature=popular), renderer crashes. I've a profile in case you need it. Once it starts crashing, virtually youtube is useless, chrome crashes on all youtube video pages.

Stack Trace
-----------
Thread 0 *CRASHED* ( EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000000 )

0x01d093a6	 [chrome.dll	 - print_system_win.cc:291]	WebViewPlugin::didClearWindowObject(WebKit::WebFrame *)
0x022d49a1	 [chrome.dll	 - frameloaderclientimpl.cpp:116]	WebKit::FrameLoaderClientImpl::dispatchDidClearWindowObjectInWorld(WebCore::DOMWrapperWorld *)
0x0207c5d0	 [chrome.dll	 - frameloader.cpp:3409]	WebCore::FrameLoader::dispatchDidClearWindowObjectInWorld(WebCore::DOMWrapperWorld *)
0x0207c58d	 [chrome.dll	 - frameloader.cpp:3401]	WebCore::FrameLoader::dispatchDidClearWindowObjectsInAllWorlds()
0x0207789a	 [chrome.dll	 - frameloader.cpp:676]	WebCore::FrameLoader::receivedFirstData()
0x0211fdf2	 [chrome.dll	 - documentwriter.cpp:236]	WebCore::DocumentWriter::setEncoding(WebCore::String const &amp;,bool)
0x022c062b	 [chrome.dll	 - webframeimpl.cpp:1018]	WebKit::WebFrameImpl::commitDocumentData(char const *,unsigned int)
0x022d5cea	 [chrome.dll	 - frameloaderclientimpl.cpp:1042]	WebKit::FrameLoaderClientImpl::committedLoad(WebCore::DocumentLoader *,char const *,int)
0x0211bcfb	 [chrome.dll	 - documentloader.cpp:280]	WebCore::DocumentLoader::commitLoad(char const *,int)
0x0220ca1e	 [chrome.dll	 - mainresourceloader.cpp:147]	WebCore::MainResourceLoader::addData(char const *,int,bool)
0x0220bb69	 [chrome.dll	 - resourceloader.cpp:260]	WebCore::ResourceLoader::didReceiveData(char const *,int,__int64,bool)
0x0220d071	 [chrome.dll	 - mainresourceloader.cpp:416]	WebCore::MainResourceLoader::didReceiveData(char const *,int,__int64,bool)
0x0220cd3e	 [chrome.dll	 - mainresourceloader.cpp:274]	WebCore::MainResourceLoader::continueAfterContentPolicy(WebCore::PolicyAction,WebCore::ResourceResponse const &amp;)
0x0220ce5a	 [chrome.dll	 - mainresourceloader.cpp:284]	WebCore::MainResourceLoader::callContinueAfterContentPolicy(void *,WebCore::PolicyAction)
0x0220cfb8	 [chrome.dll	 - mainresourceloader.cpp:370]	WebCore::MainResourceLoader::didReceiveResponse(WebCore::ResourceResponse const &amp;)
0x0220d280	 [chrome.dll	 - mainresourceloader.cpp:484]	WebCore::MainResourceLoader::handleDataLoadNow(WebCore::Timer&lt;WebCore::MainResourceLoader&gt; *)
0x02217444	 [chrome.dll	 - timer.h:98]	WebCore::Timer&lt;WebCore::EventSource&gt;::fired()
0x021cda1b	 [chrome.dll	 - threadtimers.cpp:112]	WebCore::ThreadTimers::sharedTimerFiredInternal()
0x021cd98e	 [chrome.dll	 - threadtimers.cpp:90]	WebCore::ThreadTimers::sharedTimerFired()
0x01cec69d	 [chrome.dll	 - message_loop.cc:409]	MessageLoop::RunTask(Task *)
0x01cec729	 [chrome.dll	 - message_loop.cc:418]	MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const &amp;)
0x01cec8bf	 [chrome.dll	 - message_loop.cc:525]	MessageLoop::DoWork()
0x01cfd543	 [chrome.dll	 - message_pump_default.cc:50]	base::MessagePumpDefault::Run(base::MessagePump::Delegate *)
0x01cec44c	 [chrome.dll	 - message_loop.cc:257]	MessageLoop::RunInternal()
0x01cec3d1	 [chrome.dll	 - message_loop.cc:229]	MessageLoop::RunHandler()
0x01cec37f	 [chrome.dll	 - message_loop.cc:207]	MessageLoop::Run()
0x01d11292	 [chrome.dll	 - renderer_main.cc:292]	RendererMain(MainFunctionParams const &amp;)
0x01c33baa	 [chrome.dll	 - chrome_dll_main.cc:777]	ChromeMain
0x00403882	 [chrome.exe	 - client_util.cc:238]	MainDllLoader::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *)
0x00403e54	 [chrome.exe	 - chrome_exe_main.cc:46]	wWinMain
0x00446b3c	 [chrome.exe	 - crt0.c:263]	__tmainCRTStartup
0x7c817076	 [kernel32.dll	 + 0x00017076]	BaseProcessStart

Full report @ http://crash/reportdetail?reportid=0f3129bf6085bd34

Google Chrome 6.0.472.0 (Official Build 53024)

I do have a profile where I can repro this 100% of the times. Let me know if you need it.

Comment 16 by bugdroid1@chromium.org, Oct 13 2012

Project Member
Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.

Comment 17 by bugdroid1@chromium.org, Mar 10 2013

Project Member
Labels: -Area-WebKit -Mstone-6 Cr-Content M-6

Comment 18 by bugdroid1@chromium.org, Mar 13 2013

Project Member
Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue

Comment 19 by bugdroid1@chromium.org, Apr 6 2013

Project Member
Labels: -Cr-Content Cr-Blink

Comment 20 by smokana@chromium.org, Jun 18 2014

Labels: hasTestcase

Sign in to add a comment