crash on open address: http://unimedia.md/?mod=news&id=31781

[GoogleCodeExporter]

What steps will reproduce the problem?
1. run cefclient
2. try to open address: http://unimedia.md/?mod=news&id=31781

What is the expected output? What do you see instead?
the application is crashing

What version of the product are you using? On what operating system?
212 win32

Original issue reported on code.google.com by ionlupascu on 28 Mar 2011 at 11:01

[GoogleCodeExporter]

I'm unable to duplicate. What version of Windows are you using? Can you provide 
a Debug stack trace for the crash?

Original comment by magreenb...@gmail.com on 28 Mar 2011 at 4:44

[GoogleCodeExporter]

I see that crash on many pages:
  http://www.aol.com 
is crashing all the time for me.  (I tried the 
http://unimedia.md/?mod=news&id=31781 - it gave me the same crash.)

At first I thought it was sites with Flash, but My Macintosh with Parallels 
which has never had Flash installed in the Windows VM has the same crash.

Here is the exception Visual Studio shows:
  Unhandled exception at 0x5220a806 (libcef.dll) in cefclient.exe: 0x80000026: A long jump has been executed.

The stack trace only shows one stack entry.
>   libcef.dll!_longjmp()  + 0x4e bytes Asm

What version of the product are you using? On what operating system?
214 win32

We have 4 machines it crashes on, 2 that it does not crash.
We have seen the crash on both XP and Windows 7.

(Tomorrow we will start filtering out resources by type until the crash goes 
away.)

Original comment by Fe3...@gmail.com on 7 Apr 2011 at 9:55

[GoogleCodeExporter]

You probably need to build Chromium/CEF from source code and see if you can 
reproduce the crash in Debug mode. That should provide a meaningful stack trace.

Original comment by magreenb...@gmail.com on 8 Apr 2011 at 1:56

[GoogleCodeExporter]

>>You probably need to build Chromium/CEF from source code
Yes, it was fully built form source.  The crash is destroying the stack.  I 
think the exception is correct, it is a bad long jump. (setjmp longjmp - old c 
error handling - used by libjpeg. can rewind the stack.)

When I suppressed .jpg & .jpeg  files in HandleBeforeResourceLoad most of the 
sites loaded.  (http://unimedia.md/?mod=news&id=31781 still did not, but it has 
some query strings, that may be loading JPEGS).

Now to set breakpoints all over the place on longjmp...

Original comment by Fe3...@gmail.com on 8 Apr 2011 at 5:08

[GoogleCodeExporter]

...\src\third_party\WebKit\Source\WebCore\platform\image-decoders\jpeg\JPEGImage
Decoder.cpp

// Override the standard error method in the IJG JPEG decoder code.
void error_exit(j_common_ptr cinfo)
{
    // Return control to the setjmp point.
    decoder_error_mgr *err = (decoder_error_mgr *) cinfo->err;
    longjmp(err->setjmp_buffer, -1);
}

When it crashed err was NULL, so the longjmp was bad.

Crawling up the stack the 
ERREXIT2(cinfo, JERR_BAD_STRUCT_SIZE
was called

...\src\third_party\libjpeg\jdapimin.c
GLOBAL(void)
jpeg_CreateDecompress (j_decompress_ptr cinfo, int version, size_t structsize)
{
  int i;

  /* Guard against version mismatches between library and caller. */
  cinfo->mem = NULL;        /* so jpeg_destroy knows mem mgr not called */
  if (version != JPEG_LIB_VERSION)
    ERREXIT2(cinfo, JERR_BAD_LIB_VERSION, JPEG_LIB_VERSION, version);
  if (structsize != SIZEOF(struct jpeg_decompress_struct))
    ERREXIT2(cinfo, JERR_BAD_STRUCT_SIZE, 
         (int) SIZEOF(struct jpeg_decompress_struct), (int) structsize);

Original comment by Fe3...@gmail.com on 8 Apr 2011 at 5:43

[GoogleCodeExporter]

AH - false bug.

Cleaning the libjpeg object files fixed the problem.  After the Chromium update 
many files in that folder did not rebuild.

Original comment by Fe3...@gmail.com on 8 Apr 2011 at 7:19

[GoogleCodeExporter]

Original comment by magreenb...@gmail.com on 8 Apr 2011 at 7:24

• Changed state: WontFix