Windows: Setting focus to browser close to disposal can crash host application

[magreenblatt]

Original report by Jesse Taber (Bitbucket: Jesse Taber).

---

This issue presents in v92.0.16 . It’s possible to get an access violation error if you attempt to focus the browser immediately after it was disposed. This can be observed in the CefSharp Windows Forms example application if you use a keyboard shortcut to close an open browser tab. I was able to get the proper release symbols and generate a crash dump to find a stack trace (see below). It appears that it’s possible to have Chromium return nullptr when calling HWNDForWidget which might be causing the problem?

CefSharp Issue Thread: https://github.com/cefsharp/CefSharp/issues/3715

Error Details and stack trace:

Unhandled exception at 0x11F19ED3 (libcef.dll) in ce1a5314 (bb)-6529-4599-a552-2b52910908c2.dmp: 0xC0000005: Access violation reading location 0x2061CF89.

libcef.dll!views::Widget::GetNativeWindow() Line 438 C++
libcef.dll!CefBrowserPlatformDelegateNativeWin::SendFocusEvent(bool setFocus) Line 285 C++
libcef.dll!AlloyBrowserHostImpl::OnSetFocus( source) Line 831 C++
libcef.dll!AlloyBrowserHostImpl::SetFocusInternal(bool focus) Line 376 C++
[Inline Frame] libcef.dll!base::internal::FunctorTraits<void (CefMenuModelImpl::)(bool) attribute((thiscall)),void>::Invoke(void(CefMenuModelImpl::)(bool) method, scoped_refptr && receiver_ptr, bool && args) Line 509 C++
[Inline Frame] libcef.dll!base::internal::InvokeHelper<0,void>::MakeItSo(void(CefMenuModelImpl::)(bool) && functor, scoped_refptr && args, bool && args) Line 648 C++
[Inline Frame] libcef.dll!base::internal::Invoker<base::internal::BindState<void (CefMenuModelImpl::)(bool) attribute((thiscall)),scoped_refptr,bool>,void ()>::RunImpl(void(CefMenuModelImpl::)(bool) && functor, std::__1::tuple<scoped_refptr,bool> && bound, std::__1::integer_sequence<unsigned int,0,1>) Line 721 C++
libcef.dll!base::internal::Invoker<base::internal::BindState<void (CefMenuModelImpl::)(bool) attribute((thiscall)),scoped_refptr,bool>,void ()>::RunOnce(base::internal::BindStateBase * base) Line 694 C++
[Inline Frame] libcef.dll!base::OnceCallback<void ()>::Run() Line 98 C++
libcef.dll!base::TaskAnnotator::RunTask(const char * trace_event_name, base::PendingTask * pending_task) Line 178 C++
libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::sequence_manager::LazyNow * continuation_lazy_now) Line 360 C++
libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() Line 266 C++
libcef.dll!base::MessagePumpForUI::DoRunLoop() Line 221 C++
libcef.dll!base::MessagePumpWin::Run(base::MessagePump::Delegate * delegate) Line 80 C++
libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool application_tasks_allowed, base::TimeDelta timeout) Line 471 C++
libcef.dll!base::RunLoop::Run(const base::Location & location) Line 136 C++
libcef.dll!CefMainRunner::RunMessageLoop() Line 288 C++
libcef.dll!CefUIThread::ThreadMain() Line 184 C++
libcef.dll!base::`anonymous namespace'::ThreadFunc(void * params) Line 113 C++
KERNEL32.dll!@BaseThreadInitThunk@12�() Unknown
ntdll.dll!__RtlUserThreadStart() Unknown
ntdll.dll!__RtlUserThreadStart@8�() Unknown

‌

[magreenblatt]

Issue #3366 was marked as a duplicate of this issue.

[magreenblatt]

This is likely due to the async execution of SetFocusInternal added in issue #3040.

[magreenblatt]

Fix issues with browser focus assignment (fixes issue #3306, fixes issue #3166, see issue #3040)

DesktopWindowTreeHostWin ("Chrome_WidgetWin_0") focus needs to be set synchronously in response to the parent window WM_SETFOCUS message and before the associated call to WebContents::Focus. See updated comments in CefBrowserPlatformDelegateNativeWin::SetFocus.

→ <<cset 21d714ab6e09 (bb)>>

[magreenblatt]

Fix issues with browser focus assignment (fixes issue #3306, fixes issue #3166, see issue #3040)

DesktopWindowTreeHostWin ("Chrome_WidgetWin_0") focus needs to be set synchronously in response to the parent window WM_SETFOCUS message and before the associated call to WebContents::Focus. See updated comments in CefBrowserPlatformDelegateNativeWin::SetFocus.

→ <<cset 08f37697afd7 (bb)>>

[magreenblatt]

Fix issues with browser focus assignment (fixes issue #3306, fixes issue #3166, see issue #3040)

DesktopWindowTreeHostWin ("Chrome_WidgetWin_0") focus needs to be set synchronously in response to the parent window WM_SETFOCUS message and before the associated call to WebContents::Focus. See updated comments in CefBrowserPlatformDelegateNativeWin::SetFocus.

→ <<cset 2587cf23c511 (bb)>>

[magreenblatt]

• changed component from "Unclassified" to "Framework"

[magreenblatt]

• changed title from "Setting focus to browser close to disposal can crash host application" to "Windows: Setting focus to browser close to disposal can crash host application"

[magreenblatt]

• changed state from "new" to "resolved"