mac: chrome: Crash in BrowserView::ShouldHideUIForFullscreen (M115)

[magreenblatt]

Describe the bug Mac M115 crashes on startup with --enable-chrome-runtime.

To Reproduce Steps to reproduce the behavior:

1. Download the CEF binary distribution.
2. Build cefclient and run with --enable-chrome-runtime
3. Get the following crash:

% lldb -- ./tests/cefclient/Debug/cefclient.app/Contents/MacOS/cefclient --enable-chrome-runtime
(lldb) target create "./tests/cefclient/Debug/cefclient.app/Contents/MacOS/cefclient"
Current executable set to '/Users/marshall/Downloads/cef_binary_115.0.1+ge43eab3+chromium-115.0.5790.13_macosarm64_beta/build/tests/cefclient/Debug/cefclient.app/Contents/MacOS/cefclient' (arm64).
(lldb) settings set -- target.run-args  "--enable-chrome-runtime"
(lldb) add-dsym /Users/marshall/Downloads/cef_binary_115.0.1+ge43eab3+chromium-115.0.5790.13_macosarm64_beta_debug_symbols/Chromium\ Embedded\ Framework.dSYM 
error: symbol file '/Users/marshall/Downloads/cef_binary_115.0.1+ge43eab3+chromium-115.0.5790.13_macosarm64_beta_debug_symbols/Chromium Embedded Framework.dSYM/Contents/Resources/DWARF/Chromium Embedded Framework' does not match any existing module
(lldb) r
Process 21572 launched: '/Users/marshall/Downloads/cef_binary_115.0.1+ge43eab3+chromium-115.0.5790.13_macosarm64_beta/build/tests/cefclient/Debug/cefclient.app/Contents/MacOS/cefclient' (arm64)
[0605/210949.611637:WARNING:main_context_impl.cc(123)] Chrome runtime requires the Views framework.
[21572:58883:0605/210949.910842:ERROR:sandbox_mac.mm(49)] GetCanonicalSandboxPath() failed for: /Users/marshall/Library/Caches/CEF/User Data: No such file or directory (2)
[21572:259:0605/210949.917401:ERROR:chrome_browser_cloud_management_controller.cc(162)] Cloud management controller initialization aborted as CBCM is not enabled.
Process 21572 stopped
* thread #1, name = 'CrBrowserMain', queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
    frame #0: 0x0000000119994bd0 Chromium Embedded Framework`BrowserView::ShouldHideUIForFullscreen(this=0x0000000101099800) const at browser_view.cc:1833:35 [opt]
Target 0: (cefclient) stopped.
warning: Chromium Embedded Framework was compiled with optimization - stepping may behave oddly; variables may not be available.
(lldb) bt
* thread #1, name = 'CrBrowserMain', queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
  * frame #0: 0x0000000119994bd0 Chromium Embedded Framework`BrowserView::ShouldHideUIForFullscreen(this=0x0000000101099800) const at browser_view.cc:1833:35 [opt]
    frame #1: 0x000000011966fa84 Chromium Embedded Framework`Browser::SupportsWindowFeatureImpl(Browser::WindowFeature, bool) const [inlined] Browser::ShouldHideUIForFullscreen(this=0x000000010614ca00) const at browser.cc:3221:30 [opt]
    frame #2: 0x000000011966fa78 Chromium Embedded Framework`Browser::SupportsWindowFeatureImpl(Browser::WindowFeature, bool) const [inlined] Browser::PopupBrowserSupportsWindowFeature(this=0x000000010614ca00, feature=FEATURE_TABSTRIP, check_can_support=true) const at browser.cc:3060:21 [opt]
    frame #3: 0x000000011966fa78 Chromium Embedded Framework`Browser::SupportsWindowFeatureImpl(this=0x000000010614ca00, feature=FEATURE_TABSTRIP, check_can_support=true) const at browser.cc:3156:14 [opt]
    frame #4: 0x0000000119992f24 Chromium Embedded Framework`BrowserView::UsesImmersiveFullscreenMode() const [inlined] BrowserView::GetSupportsTabStrip(this=0x0000000101099800) const at browser_view.cc:1196:20 [opt]
    frame #5: 0x0000000119992f18 Chromium Embedded Framework`BrowserView::UsesImmersiveFullscreenMode(this=0x0000000101099800) const at browser_view.cc:1109:33 [opt]
    frame #6: 0x00000001199a3958 Chromium Embedded Framework`chrome::CreateImmersiveModeController(browser_view=0x0000000101099800) at immersive_mode_controller_factory_views.cc:26:21 [opt]
    frame #7: 0x0000000119991504 Chromium Embedded Framework`BrowserView::InitBrowser(this=0x0000000101099800, browser=nullptr) at browser_view.cc:805:32 [opt]
    frame #8: 0x000000010f4a51a8 Chromium Embedded Framework`ChromeBrowserFrame::Init(this=0x0000000105d37bb0, browser_view=0x0000000101099800, browser=nullptr) at chrome_browser_frame.cc:29:17 [opt]
    frame #9: 0x000000010f4a5500 Chromium Embedded Framework`ChromeBrowserView::InitBrowser(this=0x0000000101099800, browser=nullptr, browser_view=(ptr_ = 0x0000600002934238)) at chrome_browser_view.cc:26:18 [opt]
    frame #10: 0x000000010f49f8f8 Chromium Embedded Framework`ChromeBrowserHostImpl::CreateBrowser(params=<unavailable>) at chrome_browser_host_impl.cc:436:26 [opt]
    frame #11: 0x000000010f49f548 Chromium Embedded Framework`ChromeBrowserHostImpl::Create(params=0x0000000100a8da40) at chrome_browser_host_impl.cc:31:18 [opt]
    frame #12: 0x000000010f490870 Chromium Embedded Framework`CefBrowserHostBase::Create(create_params=0x0000000100a8da40) at browser_host_create.cc:168:20 [opt]
    frame #13: 0x000000010f55de00 Chromium Embedded Framework`CefBrowserViewImpl::OnBrowserViewAdded(this=0x0000600002934230) at browser_view_impl.cc:208:5 [opt]
    frame #14: 0x0000000116ec82c8 Chromium Embedded Framework`views::View::PropagateAddNotifications(this=0x00000001010999c0, details=0x000000016fdfb030, is_added_to_widget=true) at view.cc:3076:5 [opt]
    frame #15: 0x0000000116ec7bf4 Chromium Embedded Framework`views::View::AddChildViewAtImpl(this=0x0000000106140178, view=0x00000001010999c0, index=<unavailable>) at view.cc:2962:9 [opt]
    frame #16: 0x000000010f56db60 Chromium Embedded Framework`CefPanelImpl<CefWindowView, CefWindow, CefWindowDelegate>::AddChildView(scoped_refptr<CefView>) [inlined] views::View* views::View::AddChildView<views::View>(this=<unavailable>, view=<unavailable>) at view.h:445:5 [opt]
    frame #17: 0x000000010f56db48 Chromium Embedded Framework`CefPanelImpl<CefWindowView, CefWindow, CefWindowDelegate>::AddChildView(this=0x0000600002c3d400, view=(ptr_ = 0x0000600002934238)) at panel_impl.h:122:32 [opt]
    frame #18: 0x000000010f455b28 Chromium Embedded Framework`(anonymous namespace)::window_add_child_view(self=<unavailable>, view=0x0000000100b4d0d0) at window_cpptoc.cc:816:9 [opt]
    frame #19: 0x00000001001ef7f8 cefclient`CefWindowCToCpp::AddChildView(this=0x0000600000293fb0, view=(ptr_ = 0x000060000026bbf0)) at window_ctocpp.cc:790:3
    frame #20: 0x00000001000cbe78 cefclient`client::ViewsWindow::AddBrowserView(this=0x0000600003d113b0) at views_window.cc:1040:12
    frame #21: 0x00000001000cbacc cefclient`client::ViewsWindow::OnWindowCreated(this=0x0000600003d113b0, window=(ptr_ = 0x0000600000293fb0)) at views_window.cc:618:5
    frame #22: 0x0000000100161d14 cefclient`(anonymous namespace)::window_delegate_on_window_created(self=0x0000000100b4d2d0, window=0x0000000100b6dba0) at window_delegate_cpptoc.cc:42:39
    frame #23: 0x000000010f45a4c8 Chromium Embedded Framework`CefWindowDelegateCToCpp::OnWindowCreated(this=<unavailable>, window=(ptr_ = 0x0000600002c3d408)) at window_delegate_ctocpp.cc:40:3 [opt]
    frame #24: 0x000000010f569e1c Chromium Embedded Framework`CefWindowImpl::Create(delegate=(ptr_ = 0x0000600000246990), parent_widget=<unavailable>) at window_impl.cc:117:15 [opt]
    frame #25: 0x000000010f569c80 Chromium Embedded Framework`CefWindow::CreateTopLevelWindow(delegate=(ptr_ = 0x0000600000246990)) at window_impl.cc:105:10 [opt]
    frame #26: 0x000000010f45285c Chromium Embedded Framework`::cef_window_create_top_level(delegate=0x0000000100b4d2d0) at window_cpptoc.cc:45:7 [opt]
    frame #27: 0x0000000100232938 cefclient`::cef_window_create_top_level(delegate=0x0000000100b4d2d0) at libcef_dll_dylib.cc:1342:10
    frame #28: 0x00000001001ed25c cefclient`CefWindow::CreateTopLevelWindow(delegate=(ptr_ = 0x0000600003d113d0)) at window_ctocpp.cc:46:7
    frame #29: 0x00000001000c6f34 cefclient`client::ViewsWindow::Create(delegate=0x0000600003002520, client=(ptr_ = 0x0000000105d2c170), url=0x000000016fdfc1b0, settings=0x0000000100a7da58, request_context=(ptr_ = 0x0000600000278890)) at views_window.cc:153:3
    frame #30: 0x0000000100094614 cefclient`client::RootWindowViews::CreateViewsWindow(this=0x0000600003002520, settings=0x0000000100a7da58, request_context=(ptr_ = 0x0000600000278890), images=size=2) at root_window_views.cc:559:3

Expected behavior The application should not crash.

Versions (please complete the following information):

• OS: macOS 13.4 (22F66)
• CEF Version: 115.0.1+ge43eab3+chromium-115.0.5790.13_macosarm64

[magreenblatt]

Looks like a chicken/egg problem where BrowserView::ShouldHideUIForFullscreen is trying to access |immersive_modecontroller| while that object is being constructed in BrowserView::InitBrowser.

void BrowserView::InitBrowser(std::unique_ptr<Browser> browser) {
  DCHECK(!browser_);
  browser_ = std::move(browser);

  immersive_mode_controller_ = chrome::CreateImmersiveModeController(this);
  ...
}

* thread #1, name = 'CrBrowserMain', queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
    frame #0: 0x00000001c940f5b3 Chromium Embedded Framework`BrowserView::ShouldHideUIForFullscreen(this=0x00000001018b4600) const at browser_view.cc:1833:35
   1830 
   1831 bool BrowserView::ShouldHideUIForFullscreen() const {
   1832   // Immersive mode needs UI for the slide-down top panel.
-> 1833   if (immersive_mode_controller_->IsEnabled())
   1834     return false;
   1835 
   1836   if (!frame_->GetFrameView())
Target 0: (cefclient) stopped.
(lldb) bt
* thread #1, name = 'CrBrowserMain', queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
  * frame #0: 0x00000001c940f5b3 Chromium Embedded Framework`BrowserView::ShouldHideUIForFullscreen(this=0x00000001018b4600) const at browser_view.cc:1833:35
    frame #1: 0x00000001c89e0ed1 Chromium Embedded Framework`Browser::ShouldHideUIForFullscreen(this=0x0000000102063800) const at browser.cc:3221:30
    frame #2: 0x00000001c89e0f17 Chromium Embedded Framework`Browser::PopupBrowserSupportsWindowFeature(this=0x0000000102063800, feature=FEATURE_TABSTRIP, check_can_support=true) const at browser.cc:3060:21
    frame #3: 0x00000001c89d72b8 Chromium Embedded Framework`Browser::SupportsWindowFeatureImpl(this=0x0000000102063800, feature=FEATURE_TABSTRIP, check_can_support=true) const at browser.cc:3156:14
    frame #4: 0x00000001c89d73a0 Chromium Embedded Framework`Browser::CanSupportWindowFeature(this=0x0000000102063800, feature=FEATURE_TABSTRIP) const at browser.cc:1102:10
    frame #5: 0x00000001c940af79 Chromium Embedded Framework`BrowserView::GetSupportsTabStrip(this=0x00000001018b4600) const at browser_view.cc:1196:20
    frame #6: 0x00000001c940aefa Chromium Embedded Framework`BrowserView::UsesImmersiveFullscreenMode(this=0x00000001018b4600) const at browser_view.cc:1109:33
    frame #7: 0x00000001c9447aa3 Chromium Embedded Framework`chrome::CreateImmersiveModeController(browser_view=0x00000001018b4600) at immersive_mode_controller_factory_views.cc:26:21
    frame #8: 0x00000001c94065a7 Chromium Embedded Framework`BrowserView::InitBrowser(this=0x00000001018b4600, browser=nullptr) at browser_view.cc:805:32

[magreenblatt]

Looks to have been broken by this Chromium commit that added the call to GetSupportsTabStrip from UsesImmersiveFullscreenMode.

[magreenblatt]

Filed with Chromium as https://bugs.chromium.org/p/chromium/issues/detail?id=1451731.