search

chromiumembedded / cef

Chromium Embedded Framework (CEF). A simple framework for embedding Chromium-based browsers in other applications.
https://bitbucket.org/chromiumembedded/cef/
Other
3.27k stars 456 forks source link

model->Clear() results in a crash in CEF 125 #3711

Closed nattu97 closed 3 months ago

nattu97 commented 3 months ago

Describe the bug To suppress the context menu, I'm calling model->Clear() in ClientHandler::OnBeforeContextMenu(). This results in crash the second time I RMB in the browser window.

To Reproduce Steps to reproduce the behavior:

  1. In cefclient sample, add the following code: void ClientHandler::OnBeforeContextMenu(CefRefPtr browser, CefRefPtr frame, CefRefPtr params, CefRefPtr model) { CEF_REQUIRE_UI_THREAD(); model->Clear(); return; }

  2. Compile and launch CefClient.exe

  3. RMB in the browser two times

You will see a crash.

Versions (please complete the following information):

Here's the callstack: [Inline Frame] libcef.dll!base::ImmediateCrash() Line 176 C++ Symbols loaded. libcef.dll!logging::LogMessage::HandleFatal(unsigned int64 stack_start=89, const std::__Cr::basic_string<char,std::Cr::char_traits,std::Cr::allocator> & str_newline={...}) Line 1036 C++ Symbols loaded. [Inline Frame] libcef.dll!logging::LogMessage::Flush::::operator()() Line 740 C++ Symbols loaded. [Inline Frame] libcef.dll!absl::cleanup_internal::Storage<lambda at ..\..\base\logging.cc:738:40'>::InvokeCallback() Line 87 C++ Symbols loaded. [Inline Frame] libcef.dll!absl::Cleanup<absl::cleanup_internal::Tag,lambda at ....\base\logging.cc:738:40'>::~Cleanup() Line 106 C++ Symbols loaded. libcef.dll!logging::LogMessage::Flush() Line 923 C++ Symbols loaded. libcef.dll!logging::LogMessage::~LogMessage() Line 698 C++ Symbols loaded. [Inline Frame] libcef.dll!logging::anonymous namespace'::DCheckLogMessage::~DCheckLogMessage() Line 166 C++ Symbols loaded. libcef.dll!logging::anonymous namespace'::DCheckLogMessage::~DCheckLogMessage() Line 161 C++ Symbols loaded. [Inline Frame] libcef.dll!std::Cr::default_delete::operator()(logging::LogMessage ptr) Line 67 C++ Symbols loaded. [Inline Frame] libcef.dll!std::Cr::unique_ptr<logging::LogMessage,std::__Cr::default_delete>::reset(logging::LogMessage p) Line 278 C++ Symbols loaded. libcef.dll!logging::CheckError::~CheckError() Line 343 C++ Symbols loaded. libcef.dll!CefSimpleMenuModelImpl::~CefSimpleMenuModelImpl() Line 59 C++ Symbols loaded. libcef.dll![thunk]:CefSimpleMenuModelImpl::vector deleting destructor'vtordisp{4294967292,0}' (unsigned int) C++ Symbols loaded. libcef.dll![thunk]:CefSimpleMenuModelImpl::Releasevtordisp{4294967292,0}' (void) C++ Symbols loaded. [Inline Frame] libcef.dll!scoped_refptr<CefSimpleMenuModelImpl>::Release(CefSimpleMenuModelImpl * ptr) Line 384 C++ Symbols loaded. [Inline Frame] libcef.dll!scoped_refptr<CefSimpleMenuModelImpl>::~scoped_refptr() Line 273 C++ Symbols loaded. [Inline Frame] libcef.dll!context_menu::anonymous namespace'::CefContextMenuObserver::~CefContextMenuObserver() Line 79 C++ Symbols loaded. libcef.dll!context_menu::`anonymous namespace'::CefContextMenuObserver::~CefContextMenuObserver() Line 79 C++ Symbols loaded. [Inline Frame] libcef.dll!std::__Cr::default_delete::operator()(RenderViewContextMenuObserver * ptr) Line 67 C++ Symbols loaded. [Inline Frame] libcef.dll!std::Cr::unique_ptr<RenderViewContextMenuObserver,std::__Cr::default_delete>::reset(RenderViewContextMenuObserver * p) Line 278 C++ Symbols loaded. [Inline Frame] libcef.dll!std::Cr::unique_ptr<RenderViewContextMenuObserver,std::Cr::default_delete>::~unique_ptr() Line 248 C++ Symbols loaded. libcef.dll!RenderViewContextMenu::~RenderViewContextMenu() Line 895 C++ Symbols loaded. [Inline Frame] libcef.dll!RenderViewContextMenuViews::~RenderViewContextMenuViews() Line 130 C++ Symbols loaded. libcef.dll!RenderViewContextMenuViews::~RenderViewContextMenuViews() Line 129 C++ Symbols loaded. [Inline Frame] libcef.dll!std::Cr::default_delete::operator()(RenderViewContextMenuBase * ptr) Line 67 C++ Symbols loaded. [Inline Frame] libcef.dll!std::Cr::unique_ptr<RenderViewContextMenuBase,std::__Cr::default_delete>::reset(RenderViewContextMenuBase * p) Line 278 C++ Symbols loaded. [Inline Frame] libcef.dll!std::Cr::unique_ptr<RenderViewContextMenuBase,std::__Cr::default_delete>::operator=(std::Cr::unique_ptr<RenderViewContextMenuBase,std::Cr::default_delete> && u={...}) Line 219 C++ Symbols loaded. libcef.dll!ChromeWebContentsViewDelegateViews::ShowMenu(std::Cr::unique_ptr<RenderViewContextMenuBase,std::Cr::default_delete> menu={...}) Line 88 C++ Symbols loaded. libcef.dll!ChromeWebContentsViewDelegateViews::ShowContextMenu(content::RenderFrameHost & render_frame_host={...}, const content::ContextMenuParams & params) Line 97 C++ Symbols loaded. libcef.dll!content::WebContentsImpl::ShowContextMenu(content::RenderFrameHost & render_frame_host={...}, mojo::PendingAssociatedRemote context_menu_client={...}, const content::ContextMenuParams & params) Line 7792 C++ Symbols loaded. libcef.dll!content::RenderFrameHostImpl::ShowContextMenu(mojo::PendingAssociatedRemote context_menu_client={...}, const blink::UntrustworthyContextMenuParams & params) Line 7931 C++ Symbols loaded. libcef.dll!blink::mojom::LocalFrameHostStubDispatch::Accept(blink::mojom::LocalFrameHost impl=0x0000412c00335ab8, mojo::Message message) Line 9105 C++ Symbols loaded. libcef.dll!mojo::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message message=0x00000095937fcc80) Line 1039 C++ Symbols loaded. libcef.dll!mojo::MessageDispatcher::Accept(mojo::Message message=0x00000095937fcc80) Line 48 C++ Symbols loaded. libcef.dll!mojo::InterfaceEndpointClient::HandleIncomingMessage(mojo::Message message=0x00000095937fcc80) Line 721 C++ Symbols loaded. libcef.dll!IPC::ChannelAssociatedGroupController::AcceptOnEndpointThread(mojo::Message message={...}, IPC::`anonymous namespace'::ScopedUrgentMessageNotification scoped_urgent_message_notification={...}) Line 1198 C++ Symbols loaded. [Inline Frame] libcef.dll!base::internal::DecayedFunctorTraits<void (IPC::ChannelAssociatedGroupController::)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification),IPC::ChannelAssociatedGroupController &&,mojo::Message &&,IPC::(anonymous namespace)::ScopedUrgentMessageNotification &&>::Invoke(void(IPC::ChannelAssociatedGroupController::)(mojo::Message, IPC::anonymous namespace'::ScopedUrgentMessageNotification) method=0x00007ffe9c66fb80, scoped_refptr<IPC::ChannelAssociatedGroupController> && receiver_ptr, mojo::Message && args={...}, IPC::anonymous namespace'::ScopedUrgentMessageNotification && args) Line 738 C++ Symbols loaded. [Inline Frame] libcef.dll!base::internal::InvokeHelper<0,base::internal::FunctorTraits<void (IPC::ChannelAssociatedGroupController::&&)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification),IPC::ChannelAssociatedGroupController &&,mojo::Message &&,IPC::(anonymous namespace)::ScopedUrgentMessageNotification &&>,void,0,1,2>::MakeItSo(void(IPC::ChannelAssociatedGroupController::)(mojo::Message, IPC::`anonymous namespace'::ScopedUrgentMessageNotification) && functor, std::__Cr::tuple<scoped_refptr,mojo::Message,IPC::(anonymous namespace)::ScopedUrgentMessageNotification> && bound) Line 930 C++ Symbols loaded. [Inline Frame] libcef.dll!base::internal::Invoker<base::internal::FunctorTraits<void (IPC::ChannelAssociatedGroupController::&&)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification),IPC::ChannelAssociatedGroupController &&,mojo::Message &&,IPC::(anonymous namespace)::ScopedUrgentMessageNotification &&>,base::internal::BindState<1,1,0,void (IPC::ChannelAssociatedGroupController::)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification),scoped_refptr,mojo::Message,IPC::(anonymous namespace)::ScopedUrgentMessageNotification>,void ()>::RunImpl(void(IPC::ChannelAssociatedGroupController::)(mojo::Message, IPC::`anonymous namespace'::ScopedUrgentMessageNotification) && functor, std::__Cr::tuple<scoped_refptr,mojo::Message,IPC::(anonymous namespace)::ScopedUrgentMessageNotification> && bound, std::__Cr::integer_sequence<unsigned long long,0,1,2>) Line 1067 C++ Symbols loaded. libcef.dll!base::internal::Invoker<base::internal::FunctorTraits<void (IPC::ChannelAssociatedGroupController::&&)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification),IPC::ChannelAssociatedGroupController &&,mojo::Message &&,IPC::(anonymous namespace)::ScopedUrgentMessageNotification &&>,base::internal::BindState<1,1,0,void (IPC::ChannelAssociatedGroupController::)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification),scoped_refptr,mojo::Message,IPC::(anonymous namespace)::ScopedUrgentMessageNotification>,void ()>::RunOnce(base::internal::BindStateBase base) Line 980 C++ Symbols loaded. libcef.dll!base::OnceCallback<void ()>::Run() Line 156 C++ Symbols loaded. libcef.dll!base::TaskAnnotator::RunTaskImpl(base::PendingTask & pending_task) Line 204 C++ Symbols loaded. [Inline Frame] libcef.dll!base::TaskAnnotator::RunTask(perfetto::StaticString event_name={...}, base::PendingTask & pending_task={...}, base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl:: && args) Line 90 C++ Symbols loaded. libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow continuation_lazy_now=0x00000095937fd790) Line 473 C++ Symbols loaded. libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() Line 347 C++ Symbols loaded. libcef.dll!base::MessagePumpForUI::DoRunLoop() Line 257 C++ Symbols loaded. libcef.dll!base::MessagePumpWin::Run(base::MessagePump::Delegate * delegate=0x00004248002e4fe0) Line 83 C++ Symbols loaded. libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool application_tasks_allowed, base::TimeDelta timeout) Line 644 C++ Symbols loaded. libcef.dll!base::RunLoop::Run(const base::Location & location) Line 136 C++ Symbols loaded. libcef.dll!CefMainRunner::RunMessageLoop() Line 345 C++ Symbols loaded. [Inline Frame] libcef.dll!CefContext::RunMessageLoop() Line 512 C++ Symbols loaded. libcef.dll!CefRunMessageLoop() Line 385 C++ Symbols loaded.

cefclient.exe!CefRunMessageLoop() Line 141 C++ Symbols loaded. cefclient.exe!client::MainMessageLoopStd::Run() Line 15 C++ Symbols loaded. cefclient.exe!client::`anonymous namespace'::RunMain(HINSTANCE * hInstance=0x00007ff66a5f0000, int nCmdShow=10) Line 119 C++ Symbols loaded. cefclient.exe!wWinMain(HINSTANCE hInstance=0x00007ff66a5f0000, HINSTANCE__ hPrevInstance=0x0000000000000000, wchar_t lpCmdLine=0x0000021606129ffc, int nCmdShow=10) Line 159 C++ Symbols loaded. cefclient.exe!invoke_main() Line 123 C++ Symbols loaded. cefclient.exe!__scrt_common_main_seh() Line 288 C++ Symbols loaded. cefclient.exe!__scrt_common_main() Line 331 C++ Symbols loaded. cefclient.exe!wWinMainCRTStartup(void __formal=0x0000009592efb000) Line 17 C++ Symbols loaded. kernel32.dll!BaseThreadInitThunk() Unknown Symbols loaded. ntdll.dll!RtlUserThreadStart() Unknown Symbols loaded.

Hethsron commented 3 months ago

@nattu97, Is DCHECK set to true in your source code ?

It seems that your model is invalid (see here)

nattu97 commented 3 months ago

Thanks for fixing this.