GPF in cvmorph.cpp line 660 intermittently seen on win32 when running cvtest.exe -- using r2873 and previous versions (Bug #209)

I replicated this GPF again.
This time cn = 103523522 and _ksize = 12 and i= 1430. Based on how the loops are constructed, it does not make sense how cn is getting such a large value. When I run through the debugger, 'cn' does not have numbers this large except when a GPF occurs.

I am seeing several exceptions in the debugger like the one below, but I have not yet tracked down when these exceptions are being thrown -- may not be related to this issue.
First-chance exception at 0x7c812afb in cvtest.exe: Microsoft C++ exception: cv::Exception at memory location 0x00e6efec..

I will spend a little more time tracking down details on this on Monday (tomorrow).

Relicated GPF again using cvtest.exe
I modified the fcn 'operator()' were the GPF occurs to take a snapshot of the initial value of 'cn' when the function is entered.

For this GPF, 'cn' = 124279604 BUT initial_cn = 3
NOTE: 'cn' is always a rval in this fcn and is never assigned to.

This seems like this could be something like: a compiler optimization bug or a memory corruption issue in OpenCV, etc.

void operator()(const uchar* src, uchar* dst, int width, int cn)
{
        static int initial_cn = cn;  //+Initial value for cn

when you observe the crash again, please, write down the seed value (it's 16-digit hexadecimal number displayed in square brackets). It hopefully will help us to reproduce the problem

The 'seed' and related info is below -- from running cvtest.exe

[15f399af998699bd]
morph-dilate: .............................................
'cn' => 99434612 ; _ksize => 18 ; width => 981 ; initial_cn => 1 (my static var)

Unhandled exception at 0x00fa4a3c (cv210.dll) in cvtest.exe: 0xC0000005: Access violation reading location 0x05ed5000.

The full command line parameters are listed below:
cvtest.exe -r -d C:\tmp\ms_build_test\opencv_2_2873\opencv_extra\testdata\cv

I can update this with other GPF information as it occurs. I'll also upload the slightly modified cvmorph.cpp file I am using -- the only change is that I added "static int initial_cn = cn;" at the beginning of the function.

Another 2 GPFs occured on same line in cvmorph.cpp --> "m = op(m, s[j]);"
seed listed below -- the test dies here despite the '-r' command line paramater

[0a8cf6c6b706b191] ==> release build
morph-dilate: .................................
'cn' => 50668044 ; _ksize => 12 ; width => 885 ; initial_cn => 1 (my static var)
Unhandled exception at 0x00fa4a3c (cv210.dll) in cvtest.exe: 0xC0000005: Access violation reading location 0x03053000.

[508081a9bb0b286d] ==> debug build
morph-dilate: .................
'cn' => 3 ; _ksize => 21; width => 153 ; initial_cn => 1 (my static var)
Unhandled exception at 0x011645de (cv210d.dll) in cvtestd.exe: 0xC0000005: Access violation reading location 0x04175000.

When I configured with cMake, both IPP and OpenMP were turned off.
I am using a core2 e8400 cpu with 4 Gigs ram to build and test.