New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 51620 link

Starred by 3 users

Issue metadata

Status: Fixed
Owner:
Email to this user bounced
Closed: Aug 2010
Cc:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 0
Type: Bug
M-6

Restricted
  • Only users with EditIssue permission may comment.



Sign in to add a comment

ChromeFrame: Crash Report - Stack Signature: base::RefCounted<ProtData>::Release()-122B5A

Reported by amit@chromium.org, Aug 9 2010

Issue description

Product: ChromeFrame
Stack Signature: base::RefCounted<ProtData>::Release()-122B5A
New Signature Label: base::RefCounted<ProtData>::Release()
New Signature Hash: 50ffe657_3110a37e_8d6099ab_908a9fe0_5d332a49

Report link: http://go/crash/reportdetail?reportid=cb2af6534af24b5e

Meta information:
Product Name: ChromeFrame
Product Version: 6.0.472.25

The crash is due to two versions of chrome frame loaded at the same time. These two versions end up associating incompatible data structures with the same key in the bind context.

Call stack:

- ref_counted.h:92]	base::RefCounted<ProtData>::Release()
0x08816827	 [npchrome_frame.dll	 - ref_counted.h:261]	scoped_refptr<ProtData>::operator=(ProtData *)
0x08815a13	 [npchrome_frame.dll	 - protocol_sink_wrap.cc:240]	PutProtData(IBindCtx *,ProtData *)
0x08816297	 [npchrome_frame.dll	 - protocol_sink_wrap.cc:634]	Hook_Start(long (*)(IInternetProtocol *,wchar_t const *,IInternetProtocolSink *,IInternetBindInfo *,unsigned long,unsigned long),IInternetProtocol *,wchar_t const *,IInternetProtocolSink *,IInternetBindInfo *,unsigned long,unsigned long)
0x7e69f546	 [urlmon.dll	 + 0x0000f546]	CBinding::StartBinding(unsigned short const *,IBindCtx *,_GUID const &,int,unsigned short * *,void * *)
0x7e69f1a3	 [urlmon.dll	 + 0x0000f1a3]	CUrlMon::StartBinding(int,IBindCtx *,IMoniker *,_GUID const &,void * *)
0x7e69f06d	 [urlmon.dll	 + 0x0000f06d]	CUrlMon::BindToStorage(IBindCtx *,IMoniker *,_GUID const &,void * *)
0x3303ba11	 [npchrome_frame.dll	 - urlmon_moniker.cc:245]	MonikerPatch::BindToStorage(long (*)(IMoniker *,IBindCtx *,IMoniker *,_GUID const &,void * *),IMoniker *,IBindCtx *,IMoniker *,_GUID const &,void * *)
0x7e416a61	 [mshtml.dll	 + 0x00086a61]	CDwnBindData::OnStopBinding(long,unsigned short const *)
0x7e40586e	 [mshtml.dll	 + 0x0007586e]	NewDwnBindData(DWNLOADINFO *,CDwnBindData * *,unsigned long)
0x7e4057bb	 [mshtml.dll	 + 0x000757bb]	CDwnLoad::Init(DWNLOADINFO *,CDwnInfo *,unsigned int,unsigned long)
0x7e4085e7	 [mshtml.dll	 + 0x000785e7]	CHtmLoad::Init(DWNLOADINFO *,CDwnInfo *)
0x7e407c3d	 [mshtml.dll	 + 0x00077c3d]	CDwnInfo::AddProgSink(IProgSink *)
0x7e3fc286	 [mshtml.dll	 + 0x0006c286]	CDwnCtx::SetLoad(int,DWNLOADINFO *,int)
0x7e3fc21e	 [mshtml.dll	 + 0x0006c21e]	CHtmCtx::SetLoad(int,DWNLOADINFO *,int)
0x7e406292	 [mshtml.dll	 + 0x00076292]	CMarkup::Load(HTMLOADINFO *)
0x7e4060d0	 [mshtml.dll	 + 0x000760d0]	CMarkup::LoadFromInfo(CDoc::LOADINFO *,unsigned long,unsigned short const *)
0x7e42f96a	 [mshtml.dll	 + 0x0009f96a]	CDoc::DoNavigate(CStr *,CStr *,CDwnBindInfo *,IBindCtx *,unsigned short const *,unsigned short const *,COmWindowProxy *,COmWindowProxy * *,int,int,int,int,IHTMLWindow2 * *,TARGET_TYPE,unsigned long,unsigned short const *,int,unsigned short const *,IStream *,unsigned short const *,CElement *,int *,unsigned short const *)
0x7e42f1b9	 [mshtml.dll	 + 0x0009f1b9]	CDoc::ResetPrivacyList()
0x7e52b30a	 [mshtml.dll	 + 0x0019b30a]	CWindow::SuperNavigateInternal(unsigned short *,unsigned short *,unsigned short *,unsigned short *,unsigned short *,tagVARIANT *,tagVARIANT *,unsigned long)
0x7e43314b	 [mshtml.dll	 + 0x000a314b]	CWindow::SuperNavigate(unsigned short *,unsigned short *,unsigned short *,unsigned short *,tagVARIANT *,tagVARIANT *,unsigned long)
0x7e76c7dc	 [shdocvw.dll	 + 0x0002c7dc]	CDocObjectHost::_NavigateDocument(unsigned short *,unsigned short *)
0x7e76b323	 [shdocvw.dll	 + 0x0002b323]	CDocObjectHost::SetTarget(IMoniker *,unsigned int,unsigned short const *,_ITEMIDLIST *,IShellView *,int)
0x7e76b0b3	 [shdocvw.dll	 + 0x0002b0b3]	CDocObjectView::CreateViewWindow2(_SV2CVW2_PARAMS *)
0x7e76af6d	 [shdocvw.dll	 + 0x0002af6d]	CDocObjectView::CreateViewWindow(IShellView *,__MIDL___MIDL_itf_shobjidl_0199_0003 const *,IShellBrowser *,tagRECT *,HWND__ * *)
0x7e75af27	 [shdocvw.dll	 + 0x0001af27]	FileCabinet_CreateViewWindow2(IShellBrowser *,tagFolderSetDataBase *,IShellView *,IShellView *,tagRECT *,HWND__ * *)
0x7e75ae14	 [shdocvw.dll	 + 0x0001ae14]	CBaseBrowser2::CreateViewWindow(IShellView *,IShellView *,tagRECT *,HWND__ * *)
0x7e75b0de	 [shdocvw.dll	 + 0x0001b0de]	CBaseBrowser2::_CreateNewShellView(IShellFolder *,_ITEMIDLIST const *,unsigned long)
0x7e75af5f	 [shdocvw.dll	 + 0x0001af5f]	FileCabinet_CreateViewWindow2(IShellBrowser *,tagFolderSetDataBase *,IShellView *,IShellView *,tagRECT *,HWND__ * *)
0x7e75ad8d	 [shdocvw.dll	 + 0x0001ad8d]	CBaseBrowser2::_NavigateToPidl(_ITEMIDLIST const *,unsigned long,unsigned long)
0x7e75ac18	 [shdocvw.dll	 + 0x0001ac18]	CBaseBrowser2::_OnGoto()
0x7e75b2c0	 [shdocvw.dll	 + 0x0001b2c0]	CBaseBrowser2::_CreateNewShellViewPidl(_ITEMIDLIST const *,unsigned long,unsigned long)
0x7e7654c3	 [shdocvw.dll	 + 0x000254c3]	CWebBrowserSB::WndProcBS(HWND__ *,unsigned int,unsigned int,long)
0x7e765481	 [shdocvw.dll	 + 0x00025481]	CWebBrowserOC::v_WndProc(HWND__ *,unsigned int,unsigned int,long)
0x7e7642bc	 [shdocvw.dll	 + 0x000242bc]	CImpWndProc::s_WndProc(HWND__ *,unsigned int,unsigned int,long)
0x77cf8733	 [user32.dll	 + 0x00008733]	InternalCallWinProc
0x77cf8815	 [user32.dll	 + 0x00008815]	UserCallWinProcCheckWow
0x77cf89cc	 [user32.dll	 + 0x000089cc]	DispatchMessageWorker
0x77cf8a0f	 [user32.dll	 + 0x00008a0f]	DispatchMessageW
0x75eed874	 [browseui.dll	 + 0x0001d874]	TimedDispatchMessage(tagMSG *)
0x75ef5217	 [browseui.dll	 + 0x00025217]	BrowserThreadProc(IETHREADPARAM *)
0x75ef5388	 [browseui.dll	 + 0x00025388]	BrowserProtectedThreadProc(void *)
0x75ef5654	 [browseui.dll	 + 0x00025654]	SHOpenFolderWindow
0x7e7c8d79	 [shdocvw.dll	 + 0x00088d79]	IEWinMain
0x00402371	 [IEXPLORE.EXE	 + 0x00002371]	
0x00402443	 [IEXPLORE.EXE	 + 0x00002443]	
0x7c817066	 [kernel32.dll	 + 0x00017066]	BaseProcessStart
 

Comment 1 by amit@chromium.org, Aug 9 2010

Labels: -Pri-2 Pri-0
Summary: ChromeFrame: Crash Report - Stack Signature: base::RefCounted&lt;ProtData&gt;::Release()-122B5A
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=55474 

------------------------------------------------------------------------
r55474 | amit@chromium.org | 2010-08-09 14:30:33 -0700 (Mon, 09 Aug 2010) | 15 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/module_utils.cc?r1=55474&r2=55473

Fix chrome frame upgrade from old to new beta

During upgrade process, two versions of chrome frame may get
loaded in IE at the same time. We have a DLL redirection code
to avoid conflicts when this happens. However, we changed the
way this redirect code works after the first beta and hence
need to fix new code to make it work with older version to 
avoid a crash during upgrade.

BUG= 51620 
TEST=test upgrade from 5.0.375.125 to 6.0.472.XXX while IE is
running and try 'Open in New window' etc.. 


Review URL: http://codereview.chromium.org/3119001
------------------------------------------------------------------------

Summary: ChromeFrame: Crash Report - Stack Signature: base::RefCounted&amp;lt;ProtData&amp;gt;::Release()-122B5A
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=55475 

------------------------------------------------------------------------
r55475 | amit@chromium.org | 2010-08-09 14:32:41 -0700 (Mon, 09 Aug 2010) | 18 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/472/src/chrome_frame/module_utils.cc?r1=55475&r2=55474

Merge 55474 - Fix chrome frame upgrade from old to new beta

During upgrade process, two versions of chrome frame may get
loaded in IE at the same time. We have a DLL redirection code
to avoid conflicts when this happens. However, we changed the
way this redirect code works after the first beta and hence
need to fix new code to make it work with older version to 
avoid a crash during upgrade.

BUG= 51620 
TEST=test upgrade from 5.0.375.125 to 6.0.472.XXX while IE is
running and try 'Open in New window' etc.. 


Review URL: http://codereview.chromium.org/3119001

TBR=amit@chromium.org
Review URL: http://codereview.chromium.org/3107002
------------------------------------------------------------------------

Comment 4 by amit@chromium.org, Aug 11 2010

Status: Fixed

Comment 5 by bugdro...@gmail.com, Aug 12 2010

Summary: ChromeFrame: Crash Report - Stack Signature: base::RefCounted&amp;amp;lt;ProtData&amp;amp;gt;::Release()-122B5A
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=55939 

------------------------------------------------------------------------
r55939 | ananta@chromium.org | 2010-08-12 13:54:13 -0700 (Thu, 12 Aug 2010) | 9 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/module_utils.cc?r1=55939&r2=55938

Fix chrome frame upgrade from old to new beta. During upgrade process, two versions of chrome
frame may get loaded in IE at the same time. We have code to fallback to the old version in
case this happens. However a small overight in declaring a local variable twice in different
scopes led to these checks to fail.

BUG= 51620 
TEST=test upgrade from 5.0.375.125 to 6.0.472.XXX while IE is running and try 'Open in New window' etc.. 

Review URL: http://codereview.chromium.org/3136009
------------------------------------------------------------------------

Comment 6 by bugdro...@gmail.com, Aug 12 2010

Summary: ChromeFrame: Crash Report - Stack Signature: base::RefCounted&amp;amp;amp;lt;ProtData&amp;amp;amp;gt;::Release()-122B5A
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=55941 

------------------------------------------------------------------------
r55941 | ananta@chromium.org | 2010-08-12 13:56:59 -0700 (Thu, 12 Aug 2010) | 12 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/472/src/chrome_frame/module_utils.cc?r1=55941&r2=55940

Merge 55939 - Fix chrome frame upgrade from old to new beta. During upgrade process, two versions of chrome
frame may get loaded in IE at the same time. We have code to fallback to the old version in
case this happens. However a small overight in declaring a local variable twice in different
scopes led to these checks to fail.

BUG= 51620 
TEST=test upgrade from 5.0.375.125 to 6.0.472.XXX while IE is running and try 'Open in New window' etc.. 

Review URL: http://codereview.chromium.org/3136009

TBR=ananta@chromium.org
Review URL: http://codereview.chromium.org/3159012
------------------------------------------------------------------------

Labels: -Area-ChromeFrame bulkmove Feature-ChromeFrame
Project Member

Comment 8 by bugdroid1@chromium.org, Oct 13 2012

Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member

Comment 9 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Mstone-6 -Feature-ChromeFrame M-6 Cr-ChromeFrame
Project Member

Comment 10 by bugdroid1@chromium.org, Mar 13 2013

Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue

Sign in to add a comment