search

chromiumembedded / cef

Chromium Embedded Framework (CEF). A simple framework for embedding Chromium-based browsers in other applications.
https://bitbucket.org/chromiumembedded/cef/
Other
3.32k stars 464 forks source link

CEF 2526: Linux: Google docs crash #1764

Closed magreenblatt closed 8 years ago

magreenblatt commented 8 years ago

Original report by syed idris shah (Bitbucket: idrissha, GitHub: idrissha).

Steps to reproduce:

  1. Run cefclient with the command: ./out/Debug/cefclient --no-sandbox --register-pepper-plugins="/opt/google/chrome/PepperFlash/libpepflashplayer.so;application/x-shockwave-flash" --ppapi-flash-path="/opt/google/chrome/PepperFlash/libpepflashplayer.so"

  2. Login to mail.google.com. Go to google drive.

  3. Open jpg files.

  4. Click on top "open with: " and select any app: (like: Pixlr Express).

  5. Cefclient crashes.

magreenblatt commented 8 years ago

Original comment by syed idris shah (Bitbucket: idrissha, GitHub: idrissha).

Here is the pull request that should fix the crash: https://bitbucket.org/chromiumembedded/cef/pull-requests/35/fix-the-google-docs-crash-issue-1764/diff

magreenblatt commented 8 years ago

What OS and CEF version? What is the symbolized stack trace for the crash?

magreenblatt commented 8 years ago

Original comment by syed idris shah (Bitbucket: idrissha, GitHub: idrissha).

Here is the backtrace:

Program received signal SIGSEGV, Segmentation fault. 0x00007fffebfb8b5f in CefBrowserHostImpl::TitleWasSet (this=0xbe4ca0, entry=0x0, explicit_set=true) at ../../cef/libcef/browser/browser_host_impl.cc:2804 2804 OnTitleChange(entry->GetTitle()); Missing separate debuginfos, use: debuginfo-install PackageKit-gtk3-module-1.0.6-1.fc21.x86_64 adwaita-gtk2-theme-3.14.2.2-1.fc21.x86_64 gvfs-1.22.4-2.fc21.x86_64 libXScrnSaver-1.2.2-8.fc21.x86_64 libcanberra-0.30-7.fc21.x86_64 libcanberra-gtk2-0.30-7.fc21.x86_64 libtdb-1.3.1-1.fc21.x86_64 libtool-ltdl-2.4.2-31.fc21.x86_64 systemd-libs-216-25.fc21.x86_64 (gdb) bt

0 0x00007fffebfb8b5f in CefBrowserHostImpl::TitleWasSet(content::NavigationEntry*, bool) (this=0xbe4ca0, entry=0x0, explicit_set=true) at ../../cef/libcef/browser/browser_host_impl.cc:2804

1 0x00007ffff3312929 in content::WebContentsImpl::UpdateTitleForEntry(content::NavigationEntryImpl*, std::basic_string<unsigned short, base::string16_char_traits, std::allocator > const&) (this=0xbde060, entry=0x0,

title="L\000o\000a\000d\000i\000n\000g\000.\000.\000.\000") at ../../content/browser/web_contents/web_contents_impl.cc:3578

2 0x00007ffff331539c in content::WebContentsImpl::UpdateTitle(content::RenderFrameHost*, int, std::basic_string<unsigned short, base::string16_char_traits, std::allocator > const&, base::i18n::TextDirection) (this=0xbde060, render_frame_host=0xb53840, page_id=-1, title="L\000o\000a\000d\000i\000n\000g\000.\000.\000.\000", title_direction=base::i18n::LEFT_TO_RIGHT)

at ../../content/browser/web_contents/web_contents_impl.cc:4104

3 0x00007ffff2c8c8ce in content::RenderFrameHostImpl::OnUpdateTitle(std::basic_string<unsigned short, base::string16_char_traits, std::allocator > const&, blink::WebTextDirection) (this=0xb53840, title="L\000o\000a\000d\000i\000n\000g\000.\000.\000.\000", title_direction=blink::WebTextDirectionLeftToRight) at ../../content/browser/frame_host/render_frame_host_impl.cc:1347

4 0x00007ffff27546b8 in base::DispatchToMethodImpl<ppapi::proxy::PPB_Graphics3D_Proxy, void (ppapi::proxy::PPB_Graphics3D_Proxy::)(ppapi::HostResource const&, int), ppapi::HostResource, int, 0ul, 1ul>(ppapi::proxy::PPB_Graphics3D_Proxy, void (ppapi::proxy::PPB_Graphics3D_Proxy::*)(ppapi::HostResource const&, int), base::Tuple<ppapi::HostResource, int> const&, base::IndexSequence<0ul, 1ul>) (obj=0xb53840, method=

(void (ppapi::proxy::PPB_Graphics3D_Proxy::*)(ppapi::proxy::PPB_Graphics3D_Proxy * const, const ppapi::HostResource &, int)) 0x7ffff2c8c780 <content::RenderFrameHostImpl::OnUpdateTitle(std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const&, blink::WebTextDirection)>, arg=...) at ../../base/tuple.h:254

5 0x00007ffff2c9da85 in base::DispatchToMethod<content::RenderFrameHostImpl, void (content::RenderFrameHostImpl::)(std::basic_string<unsigned short, base::string16_char_traits, std::allocator > const&, blink::WebTextDirection), std::basic_string<unsigned short, base::string16_char_traits, std::allocator >, blink::WebTextDirection>(content::RenderFrameHostImpl, void (content::RenderFrameHostImpl::*)(std::basic_string<unsigned short, base::string16_char_traits, std::allocator > const&, blink::WebTextDirection), base::Tuple<std::basic_string<unsigned short, base::string16_char_traits, std::allocator >, blink::WebTextDirection> const&) (obj=0xb53840, method=

(void (content::RenderFrameHostImpl::*)(content::RenderFrameHostImpl * const, const std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > &, blink::WebTextDirection)) 0x7ffff2c8c780 <content::RenderFrameHostImpl::OnUpdateTitle(std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const&, blink::WebTextDirection)>, arg=...) at ../../base/tuple.h:261

6 0x00007ffff2c95307 in FrameHostMsg_UpdateTitle::Dispatch<content::RenderFrameHostImpl, content::RenderFrameHostImpl, void, void (content::RenderFrameHostImpl::)(std::basic_string<unsigned short, base::string16_char_traits, std::allocator > const&, blink::WebTextDirection)>(IPC::Message const, content::RenderFrameHostImpl, content::RenderFrameHostImpl, void, void (content::RenderFrameHostImpl::)(std::basic_string<unsigned short, base::string16_char_traits, std::allocator > const&, blink::WebTextDirection)) (msg=0x7fffa92350f0, obj=0xb53840, sender=0xb53840, parameter=0x0, func=

(void (content::RenderFrameHostImpl::*)(content::RenderFrameHostImpl * const, const std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > &, blink::WebTextDirection)) 0x7ffff2c8c780 <content::RenderFrameHostImpl::OnUpdateTitle(std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const&, blink::WebTextDirection)>)
at ../../content/common/frame_messages.h:805

7 0x00007ffff2c896fe in content::RenderFrameHostImpl::OnMessageReceived(IPC::Message const&) (this=0xb53840, msg=...)

at ../../content/browser/frame_host/render_frame_host_impl.cc:467

8 0x00007ffff309193a in content::RenderProcessHostImpl::OnMessageReceived(IPC::Message const&) (this=0xa90970, msg=...)

at ../../content/browser/renderer_host/render_process_host_impl.cc:1611

9 0x00007ffff003137a in IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) (this=0xac89b0, message=...)

at ../../ipc/ipc_channel_proxy.cc:288

10 0x00007fffebfcc821 in base::internal::RunnableAdapter<void (CefBrowserHostImpl::)(CefStringBase const&)>::Run(CefBrowserHostImpl, CefStringBase const&) (this=0x7fffffffca40, object=0xac89b0, args=...)

at ../../base/bind_internal.h:176

11 0x00007ffff0035851 in base::internal::InvokeHelper<false, void, base::internal::RunnableAdapter<void (IPC::ChannelProxy::Context::)(IPC::Message const&)>, base::internal::TypeList<IPC::ChannelProxy::Context const&, IPC::Message const&> >::MakeItSo(base::internal::RunnableAdapter<void (IPC::ChannelProxy::Context::)(IPC::Message const&)>, IPC::ChannelProxy::Context const&, IPC::Message const&) (runnable=..., args=@0x7fffa92350e8: 0xac89b0, args=...) at ../../base/bind_internal.h:293

12 0x00007ffff0035801 in base::internal::Invoker<base::IndexSequence<0ul, 1ul>, base::internal::BindState<base::internal::RunnableAdapter<void (IPC::ChannelProxy::Context::)(IPC::Message const&)>, void (IPC::ChannelProxy::Context, IPC::Message const&), base::internal::TypeList<IPC::ChannelProxy::Context, IPC::Message> >, base::internal::TypeList<base::internal::UnwrapTraits<IPC::ChannelProxy::Context>, base::internal::UnwrapTraits >, base::internal::InvokeHelper<false, void, base::internal::RunnableAdapter<void (IPC::ChannelProxy::Context::)(IPC::Message const&)>, base::internal::TypeList<IPC::ChannelProxy::Context const&, IPC::Message const&> >, void ()>::Run(base::internal::BindStateBase*) (base=0x7fffa92350c0) at ../../base/bind_internal.h:343

13 0x00007fffec01b98e in base::Callback<void ()>::Run() const (this=0x7fffffffcf08) at ../../base/callback.h:396

14 0x00007fffec2b9703 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&) (this=0x653d40, queue_function=0x7ffff4988969 <.L.str.9> "MessageLoop::PostTask", pending_task=...) at ../../base/debug/task_annotator.cc:51

15 0x00007fffec31b0e6 in base::MessageLoop::RunTask(base::PendingTask const&) (this=0x653b50, pending_task=...)

at ../../base/message_loop/message_loop.cc:475

16 0x00007fffec31b368 in base::MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) (this=0x653b50, pending_task=...)

at ../../base/message_loop/message_loop.cc:484

17 0x00007fffec31b532 in base::MessageLoop::DoWork() (this=0x653b50) at ../../base/message_loop/message_loop.cc:596

18 0x00007fffec2879b6 in base::MessagePumpGlib::Run(base::MessagePump::Delegate*) (this=0x654a30, delegate=0x653b50)

at ../../base/message_loop/message_pump_glib.cc:313

19 0x00007fffec31ab1f in base::MessageLoop::RunHandler() (this=0x653b50) at ../../base/message_loop/message_loop.cc:439

20 0x00007fffec375764 in base::RunLoop::Run() (this=0x7fffffffd1f8) at ../../base/run_loop.cc:55

21 0x00007fffec319bb6 in base::MessageLoop::Run() (this=0x653b50) at ../../base/message_loop/message_loop.cc:282

22 0x00007fffebfe1e25 in CefBrowserMessageLoop::RunMessageLoop() (this=0x653b50)

at ../../cef/libcef/browser/browser_message_loop.cc:27

23 0x00007fffec0080a2 in CefRunMessageLoop() () at ../../cef/libcef/browser/context.cc:182

24 0x00007fffebecac99 in cef_run_message_loop() () at ../../cef/libcef_dll/libcef_dll.cc:299

25 0x00000000004a3489 in CefRunMessageLoop() () at ../../cef/libcef_dll/wrapper/libcef_dll_wrapper.cc:291

26 0x0000000000442291 in client::MainMessageLoopStd::Run() (this=0x5fd640)

at ../../cef/tests/cefclient/browser/main_message_loop_std.cc:15

---Type to continue, or q to quit---

27 0x000000000042ab6b in client::(anonymous namespace)::RunMain(int, char**) (argc=4, argv=0x7fffffffdbe8)

at ../../cef/tests/cefclient/cefclient_gtk.cc:124

28 0x000000000042a602 in main(int, char**) (argc=4, argv=0x7fffffffdbe8) at ../../cef/tests/cefclient/cefclient_gtk.cc:142

magreenblatt commented 8 years ago

According to WebContentsImpl::UpdateTitleForEntry the |entry| argument to CefBrowserHostImpl::TitleWasSet will be NULL if if a page is created via window.open and never navigated. If |entry| is NULL we can call WebContentsImpl::GetTitle() which should return the |page_title_when_no_navigationentry| value.

magreenblatt commented 8 years ago

This is further complicated by the recent popup changes in master. See #1289/simultaneous-popups-are-cancelled#comment-23787382.

magreenblatt commented 8 years ago

Original comment by syed idris shah (Bitbucket: idrissha, GitHub: idrissha).

Ok. Thanks for the explanation. Since you are already taking care of it now, i wont do anything more.

magreenblatt commented 8 years ago

Fixed in master revision 26e68c3 (bb) and 2526 branch revision 3fb1b92 (bb).

magreenblatt commented 8 years ago

Original changes by syed idris shah (Bitbucket: idrissha, GitHub: idrissha).

magreenblatt commented 8 years ago