search

chromiumembedded / cef

Chromium Embedded Framework (CEF). A simple framework for embedding Chromium-based browsers in other applications.
https://bitbucket.org/chromiumembedded/cef/
Other
3.38k stars 467 forks source link

Crashes when opening a downloaded pdf #3750

Closed MichelFionfray closed 3 months ago

MichelFionfray commented 4 months ago

Describe the bug Downloading then opening a pdf file makes CEF crash. We get the following entry in debug.log: [0719/154357.911:ERROR:crashpad_client_win.cc(868)] not connected

To Reproduce Steps to reproduce the behavior with either cefclient or cefsimple:

  1. Go to an online pdf generator, for example https://www.ilovepdf.com/jpg_to_pdf
  2. Download the file and open it from either the top-right popup appearing after download is complete, or from the "recent download history" panel accessible if you're running cefclient (both methods are equivalent)
  3. The browser crashes and shuts down

Expected behavior Expected behavior is to open the file in the pdf reader

Versions (please complete the following information):

Additional context The problem occurs with both cefclient and cefsimple, in debug and release.

magreenblatt commented 4 months ago

Looks like another example of #3720.

[2797:259:0719/114135.570207:ERROR:file_dialog_manager.cc(402)] Multiple simultaneous dialogs are not supported; canceling the file dialog
[2797:259:0719/114136.381325:ERROR:partition_alloc_support.cc(687)] Detected dangling raw_ptr with id=0x00000110055d7c58:
[DanglingSignature] CefSelectFileDialogListener::~CefSelectFileDialogListener() FileSelectHelper::GetFileTypesInThreadPool(mojo::StructPtr<blink::mojom::FileChooserParams>)    void    FileSelectHelper::GetFileTypesInThreadPool(mojo::StructPtr<blink::mojom::FileChooserParams>)

The memory was freed at:
0   Chromium Embedded Framework         0x00000003d48d2b68 base::debug::CollectStackTrace(void const**, unsigned long) + 48
1   Chromium Embedded Framework         0x00000003d48a08c0 base::debug::StackTrace::StackTrace(unsigned long) + 112
2   Chromium Embedded Framework         0x00000003d48a0968 base::debug::StackTrace::StackTrace(unsigned long) + 36
3   Chromium Embedded Framework         0x00000003d48e17b0 base::allocator::(anonymous namespace)::DanglingRawPtrDetected(unsigned long) + 516
4   Chromium Embedded Framework         0x00000003bfb2f644 partition_alloc::internal::InSlotMetadata::CheckDanglingPointersOnFree(unsigned long long) + 116
5   Chromium Embedded Framework         0x00000003bfb30918 partition_alloc::internal::InSlotMetadata::ReleaseFromAllocator() + 152
6   Chromium Embedded Framework         0x00000003bfb2db80 partition_alloc::PartitionRoot::FreeNoHooksImmediate(void*, partition_alloc::internal::SlotSpanMetadata*, unsigned long) + 652
7   Chromium Embedded Framework         0x00000003d49f12bc void partition_alloc::PartitionRoot::FreeInline<(partition_alloc::internal::FreeFlags)2>(void*) + 408
8   Chromium Embedded Framework         0x00000003d9dfa3f0 gwp_asan::internal::(anonymous namespace)::FreeFn(allocator_shim::AllocatorDispatch const*, void*, void*) + 100
9   Chromium Embedded Framework         0x00000003d3da18fc base::allocator::dispatcher::internal::DispatcherImpl<base::PoissonAllocationSampler>::FreeFn(allocator_shim::AllocatorDispatch const*, void*, void*) + 64
10  Chromium Embedded Framework         0x00000003bfb72714 CefSelectFileDialogListener::~CefSelectFileDialogListener() + 36
11  Chromium Embedded Framework         0x00000003bfb728a8 CefSelectFileDialogListener::Destroy() + 60
12  Chromium Embedded Framework         0x00000003bfb6b91c CefSelectFileDialogListener::Cancel(bool) + 64
13  Chromium Embedded Framework         0x00000003bfb684e0 CefFileDialogManager::SelectFileDoneByListenerCallback(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, bool) + 736
14  Chromium Embedded Framework         0x00000003bfb6acdc CefFileDialogManager::SelectFileListenerDestroyed(ui::SelectFileDialog::Listener*) + 312
15  Chromium Embedded Framework         0x00000003bfaa72b8 CefBrowserHostBase::SelectFileListenerDestroyed(ui::SelectFileDialog::Listener*) + 64
16  Chromium Embedded Framework         0x00000003bfb7b5ec (anonymous namespace)::CefSelectFileDialog::ListenerDestroyed() + 80
17  Chromium Embedded Framework         0x00000003da969fd0 FileSelectHelper::RunFileChooserEnd() + 172
18  Chromium Embedded Framework         0x00000003da96a44c FileSelectHelper::FileSelectionCanceled(void*) + 28
19  Chromium Embedded Framework         0x00000003bfb6a624 CefFileDialogManager::SelectFileDoneByDelegateCallback(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 340
20  Chromium Embedded Framework         0x00000003bfb700d0 void base::internal::DecayedFunctorTraits<void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>&&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*>::Invoke<void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager> const&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&>(void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager> const&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>&&, void*&&, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 208
21  Chromium Embedded Framework         0x00000003bfb6ff54 void base::internal::InvokeHelper<true, base::internal::FunctorTraits<void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>&&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*>, void, 0ul, 1ul, 2ul>::MakeItSo<void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), std::__Cr::tuple<base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&>(void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), std::__Cr::tuple<base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>&&, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 204
22  Chromium Embedded Framework         0x00000003bfb6fe7c void base::internal::Invoker<base::internal::FunctorTraits<void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>&&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*>, base::internal::BindState<true, true, false, void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>, void (std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&)>::RunImpl<void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), std::__Cr::tuple<base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>, 0ul, 1ul, 2ul>(void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), std::__Cr::tuple<base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>&&, std::__Cr::integer_sequence<unsigned long, 0ul, 1ul, 2ul>, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 40
23  Chromium Embedded Framework         0x00000003bfb6fde4 base::internal::Invoker<base::internal::FunctorTraits<void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>&&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*>, base::internal::BindState<true, true, false, void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>, void (std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&)>::RunOnce(base::internal::BindStateBase*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 60
24  Chromium Embedded Framework         0x00000003bfaa6f68 base::OnceCallback<void (std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&)>::Run(std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) && + 244
25  Chromium Embedded Framework         0x00000003bfb69d10 CefFileDialogManager::RunSelectFile(ui::SelectFileDialog::Listener*, std::__Cr::unique_ptr<ui::SelectFilePolicy, std::__Cr::default_delete<ui::SelectFilePolicy>>, ui::SelectFileDialog::Type, std::__Cr::basic_string<char16_t, std::__Cr::char_traits<char16_t>, std::__Cr::allocator<char16_t>> const&, base::FilePath const&, ui::SelectFileDialog::FileTypeInfo const*, int, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&, gfx::NativeWindow, void*) + 840
26  Chromium Embedded Framework         0x00000003bfaa71d8 CefBrowserHostBase::RunSelectFile(ui::SelectFileDialog::Listener*, std::__Cr::unique_ptr<ui::SelectFilePolicy, std::__Cr::default_delete<ui::SelectFilePolicy>>, ui::SelectFileDialog::Type, std::__Cr::basic_string<char16_t, std::__Cr::char_traits<char16_t>, std::__Cr::allocator<char16_t>> const&, base::FilePath const&, ui::SelectFileDialog::FileTypeInfo const*, int, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&, gfx::NativeWindow, void*) + 388
27  Chromium Embedded Framework         0x00000003bfb7bb50 (anonymous namespace)::CefSelectFileDialog::SelectFileImpl(ui::SelectFileDialog::Type, std::__Cr::basic_string<char16_t, std::__Cr::char_traits<char16_t>, std::__Cr::allocator<char16_t>> const&, base::FilePath const&, ui::SelectFileDialog::FileTypeInfo const*, int, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&, gfx::NativeWindow, void*, GURL const*) + 1256
28  Chromium Embedded Framework         0x00000003d9d71fe4 ui::SelectFileDialog::SelectFile(ui::SelectFileDialog::Type, std::__Cr::basic_string<char16_t, std::__Cr::char_traits<char16_t>, std::__Cr::allocator<char16_t>> const&, base::FilePath const&, ui::SelectFileDialog::FileTypeInfo const*, int, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&, gfx::NativeWindow, void*, GURL const*) + 500
29  Chromium Embedded Framework         0x00000003da96de6c FileSelectHelper::RunFileChooserOnUIThread(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>) + 1012
30  Chromium Embedded Framework         0x00000003da96e068 FileSelectHelper::ProceedWithSafeBrowsingVerdict(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool) + 120
31  Chromium Embedded Framework         0x00000003da975434 void base::internal::DecayedFunctorTraits<void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), FileSelectHelper*&&, base::FilePath&&, mojo::StructPtr<blink::mojom::FileChooserParams>&&>::Invoke<void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), scoped_refptr<FileSelectHelper>, base::FilePath, mojo::StructPtr<blink::mojom::FileChooserParams>, bool>(void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), scoped_refptr<FileSelectHelper>&&, base::FilePath&&, mojo::StructPtr<blink::mojom::FileChooserParams>&&, bool&&) + 220

Task trace:
0   Chromium Embedded Framework         0x00000003da96d348 FileSelectHelper::GetFileTypesInThreadPool(mojo::StructPtr<blink::mojom::FileChooserParams>) + 236
1   Chromium Embedded Framework         0x00000003da96cd8c FileSelectHelper::RunFileChooser(content::RenderFrameHost*, scoped_refptr<content::FileSelectListener>, mojo::StructPtr<blink::mojom::FileChooserParams>) + 1044
2   Chromium Embedded Framework         0x00000003bfb6139c (anonymous namespace)::CefBeforeDownloadCallbackImpl::GenerateFilename(base::WeakPtr<content::DownloadManager>, unsigned int, base::FilePath const&, base::FilePath const&, bool, base::OnceCallback<void (download::DownloadTargetInfo)>) + 528
3   Chromium Embedded Framework         0x00000003bfb60e6c (anonymous namespace)::CefBeforeDownloadCallbackImpl::Continue(CefStringBase<CefStringTraitsUTF16> const&, bool) + 184
4   Chromium Embedded Framework         0x00000003c9126d7c download::DownloadFileImpl::Initialize(base::RepeatingCallback<void (download::DownloadInterruptReason, long long)>, base::RepeatingCallback<void (long long)>, std::__Cr::vector<download::DownloadItem::ReceivedSlice, std::__Cr::allocator<download::DownloadItem::ReceivedSlice>> const&) + 988
Task trace buffer limit hit, update PendingTask::kTaskBacktraceLength to increase.

The dangling raw_ptr was released at:
0   Chromium Embedded Framework         0x00000003d48d2b68 base::debug::CollectStackTrace(void const**, unsigned long) + 48
1   Chromium Embedded Framework         0x00000003d48a08c0 base::debug::StackTrace::StackTrace(unsigned long) + 112
2   Chromium Embedded Framework         0x00000003d48a0968 base::debug::StackTrace::StackTrace(unsigned long) + 36
3   Chromium Embedded Framework         0x00000003d48e1bf4 void base::allocator::(anonymous namespace)::DanglingRawPtrReleased<(base::features::DanglingPtrMode)0, (base::features::DanglingPtrType)0>(unsigned long) + 80
4   Chromium Embedded Framework         0x00000003d49e8c68 base::internal::RawPtrBackupRefImpl<false, false>::ReleaseInternal(unsigned long) + 448
5   Chromium Embedded Framework         0x00000003bfb6ed0c void base::internal::RawPtrBackupRefImpl<false, false>::ReleaseWrappedPtr<ui::SelectFileDialog::Listener>(ui::SelectFileDialog::Listener*) + 212
6   Chromium Embedded Framework         0x00000003bfb72c10 base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)0>::operator=(std::nullptr_t) + 36
7   Chromium Embedded Framework         0x00000003d9d761cc ui::SelectFileDialogImpl::ListenerDestroyed() + 32
8   Chromium Embedded Framework         0x00000003bfb684f8 CefFileDialogManager::SelectFileDoneByListenerCallback(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, bool) + 760
9   Chromium Embedded Framework         0x00000003bfb6acdc CefFileDialogManager::SelectFileListenerDestroyed(ui::SelectFileDialog::Listener*) + 312
10  Chromium Embedded Framework         0x00000003bfaa72b8 CefBrowserHostBase::SelectFileListenerDestroyed(ui::SelectFileDialog::Listener*) + 64
11  Chromium Embedded Framework         0x00000003bfb7b5ec (anonymous namespace)::CefSelectFileDialog::ListenerDestroyed() + 80
12  Chromium Embedded Framework         0x00000003da969fd0 FileSelectHelper::RunFileChooserEnd() + 172
13  Chromium Embedded Framework         0x00000003da96a44c FileSelectHelper::FileSelectionCanceled(void*) + 28
14  Chromium Embedded Framework         0x00000003bfb6a624 CefFileDialogManager::SelectFileDoneByDelegateCallback(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 340
15  Chromium Embedded Framework         0x00000003bfb700d0 void base::internal::DecayedFunctorTraits<void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>&&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*>::Invoke<void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager> const&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&>(void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager> const&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>&&, void*&&, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 208
16  Chromium Embedded Framework         0x00000003bfb6ff54 void base::internal::InvokeHelper<true, base::internal::FunctorTraits<void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>&&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*>, void, 0ul, 1ul, 2ul>::MakeItSo<void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), std::__Cr::tuple<base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&>(void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), std::__Cr::tuple<base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>&&, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 204
17  Chromium Embedded Framework         0x00000003bfb6fe7c void base::internal::Invoker<base::internal::FunctorTraits<void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>&&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*>, base::internal::BindState<true, true, false, void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>, void (std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&)>::RunImpl<void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), std::__Cr::tuple<base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>, 0ul, 1ul, 2ul>(void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), std::__Cr::tuple<base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>&&, std::__Cr::integer_sequence<unsigned long, 0ul, 1ul, 2ul>, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 40
18  Chromium Embedded Framework         0x00000003bfb6fde4 base::internal::Invoker<base::internal::FunctorTraits<void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>&&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*>, base::internal::BindState<true, true, false, void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>, void (std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&)>::RunOnce(base::internal::BindStateBase*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 60
19  Chromium Embedded Framework         0x00000003bfaa6f68 base::OnceCallback<void (std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&)>::Run(std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) && + 244
20  Chromium Embedded Framework         0x00000003bfb69d10 CefFileDialogManager::RunSelectFile(ui::SelectFileDialog::Listener*, std::__Cr::unique_ptr<ui::SelectFilePolicy, std::__Cr::default_delete<ui::SelectFilePolicy>>, ui::SelectFileDialog::Type, std::__Cr::basic_string<char16_t, std::__Cr::char_traits<char16_t>, std::__Cr::allocator<char16_t>> const&, base::FilePath const&, ui::SelectFileDialog::FileTypeInfo const*, int, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&, gfx::NativeWindow, void*) + 840
21  Chromium Embedded Framework         0x00000003bfaa71d8 CefBrowserHostBase::RunSelectFile(ui::SelectFileDialog::Listener*, std::__Cr::unique_ptr<ui::SelectFilePolicy, std::__Cr::default_delete<ui::SelectFilePolicy>>, ui::SelectFileDialog::Type, std::__Cr::basic_string<char16_t, std::__Cr::char_traits<char16_t>, std::__Cr::allocator<char16_t>> const&, base::FilePath const&, ui::SelectFileDialog::FileTypeInfo const*, int, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&, gfx::NativeWindow, void*) + 388
22  Chromium Embedded Framework         0x00000003bfb7bb50 (anonymous namespace)::CefSelectFileDialog::SelectFileImpl(ui::SelectFileDialog::Type, std::__Cr::basic_string<char16_t, std::__Cr::char_traits<char16_t>, std::__Cr::allocator<char16_t>> const&, base::FilePath const&, ui::SelectFileDialog::FileTypeInfo const*, int, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&, gfx::NativeWindow, void*, GURL const*) + 1256
23  Chromium Embedded Framework         0x00000003d9d71fe4 ui::SelectFileDialog::SelectFile(ui::SelectFileDialog::Type, std::__Cr::basic_string<char16_t, std::__Cr::char_traits<char16_t>, std::__Cr::allocator<char16_t>> const&, base::FilePath const&, ui::SelectFileDialog::FileTypeInfo const*, int, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&, gfx::NativeWindow, void*, GURL const*) + 500
24  Chromium Embedded Framework         0x00000003da96de6c FileSelectHelper::RunFileChooserOnUIThread(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>) + 1012
25  Chromium Embedded Framework         0x00000003da96e068 FileSelectHelper::ProceedWithSafeBrowsingVerdict(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool) + 120
26  Chromium Embedded Framework         0x00000003da975434 void base::internal::DecayedFunctorTraits<void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), FileSelectHelper*&&, base::FilePath&&, mojo::StructPtr<blink::mojom::FileChooserParams>&&>::Invoke<void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), scoped_refptr<FileSelectHelper>, base::FilePath, mojo::StructPtr<blink::mojom::FileChooserParams>, bool>(void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), scoped_refptr<FileSelectHelper>&&, base::FilePath&&, mojo::StructPtr<blink::mojom::FileChooserParams>&&, bool&&) + 220
27  Chromium Embedded Framework         0x00000003da975340 void base::internal::InvokeHelper<false, base::internal::FunctorTraits<void (FileSelectHelper::*&&)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), FileSelectHelper*&&, base::FilePath&&, mojo::StructPtr<blink::mojom::FileChooserParams>&&>, void, 0ul, 1ul, 2ul>::MakeItSo<void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), std::__Cr::tuple<scoped_refptr<FileSelectHelper>, base::FilePath, mojo::StructPtr<blink::mojom::FileChooserParams>>, bool>(void (FileSelectHelper::*&&)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), std::__Cr::tuple<scoped_refptr<FileSelectHelper>, base::FilePath, mojo::StructPtr<blink::mojom::FileChooserParams>>&&, bool&&) + 136
28  Chromium Embedded Framework         0x00000003da9752ac void base::internal::Invoker<base::internal::FunctorTraits<void (FileSelectHelper::*&&)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), FileSelectHelper*&&, base::FilePath&&, mojo::StructPtr<blink::mojom::FileChooserParams>&&>, base::internal::BindState<true, true, false, void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), scoped_refptr<FileSelectHelper>, base::FilePath, mojo::StructPtr<blink::mojom::FileChooserParams>>, void (bool)>::RunImpl<void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), std::__Cr::tuple<scoped_refptr<FileSelectHelper>, base::FilePath, mojo::StructPtr<blink::mojom::FileChooserParams>>, 0ul, 1ul, 2ul>(void (FileSelectHelper::*&&)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), std::__Cr::tuple<scoped_refptr<FileSelectHelper>, base::FilePath, mojo::StructPtr<blink::mojom::FileChooserParams>>&&, std::__Cr::integer_sequence<unsigned long, 0ul, 1ul, 2ul>, bool&&) + 40
29  Chromium Embedded Framework         0x00000003da9751f4 base::internal::Invoker<base::internal::FunctorTraits<void (FileSelectHelper::*&&)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), FileSelectHelper*&&, base::FilePath&&, mojo::StructPtr<blink::mojom::FileChooserParams>&&>, base::internal::BindState<true, true, false, void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), scoped_refptr<FileSelectHelper>, base::FilePath, mojo::StructPtr<blink::mojom::FileChooserParams>>, void (bool)>::RunOnce(base::internal::BindStateBase*, bool) + 76
30  Chromium Embedded Framework         0x00000003bfa73cac base::OnceCallback<void (bool)>::Run(bool) && + 248
31  Chromium Embedded Framework         0x00000003da96df78 (anonymous namespace)::InterpretSafeBrowsingVerdict(base::OnceCallback<void (bool)>, safe_browsing::DownloadCheckResult) + 64

Task trace:
0   Chromium Embedded Framework         0x00000003da96d348 FileSelectHelper::GetFileTypesInThreadPool(mojo::StructPtr<blink::mojom::FileChooserParams>) + 236
1   Chromium Embedded Framework         0x00000003da96cd8c FileSelectHelper::RunFileChooser(content::RenderFrameHost*, scoped_refptr<content::FileSelectListener>, mojo::StructPtr<blink::mojom::FileChooserParams>) + 1044
2   Chromium Embedded Framework         0x00000003bfb6139c (anonymous namespace)::CefBeforeDownloadCallbackImpl::GenerateFilename(base::WeakPtr<content::DownloadManager>, unsigned int, base::FilePath const&, base::FilePath const&, bool, base::OnceCallback<void (download::DownloadTargetInfo)>) + 528
3   Chromium Embedded Framework         0x00000003bfb60e6c (anonymous namespace)::CefBeforeDownloadCallbackImpl::Continue(CefStringBase<CefStringTraitsUTF16> const&, bool) + 184
4   Chromium Embedded Framework         0x00000003c9126d7c download::DownloadFileImpl::Initialize(base::RepeatingCallback<void (download::DownloadInterruptReason, long long)>, base::RepeatingCallback<void (long long)>, std::__Cr::vector<download::DownloadItem::ReceivedSlice, std::__Cr::allocator<download::DownloadItem::ReceivedSlice>> const&) + 988
Task trace buffer limit hit, update PendingTask::kTaskBacktraceLength to increase.
magreenblatt commented 3 months ago

I'm seeing a different crash in M128 (Windows 11), failing the DCHECK here.

>   libcef.dll!ChromeBrowserDelegate::OpenURLFromTabEx(content::WebContents * source, const content::OpenURLParams & params, base::OnceCallback<void (content::NavigationHandle &)> & navigation_handle_callback) Line 539  C++
    libcef.dll!Browser::OpenURLFromTab(content::WebContents * source, const content::OpenURLParams & params, base::OnceCallback<void (content::NavigationHandle &)> navigation_handle_callback) Line 1842   C++
    libcef.dll!Browser::OpenURL(const content::OpenURLParams & params, base::OnceCallback<void (content::NavigationHandle &)> navigation_handle_callback) Line 1409 C++
    libcef.dll!ChromeDownloadManagerDelegate::OpenDownload(download::DownloadItem * download) Line 1065 C++
    libcef.dll!content::DownloadManagerImpl::OpenDownload(download::DownloadItemImpl * download) Line 1323  C++
    libcef.dll!download::DownloadItemImpl::OpenDownload() Line 740  C++
    libcef.dll!DownloadItemModel::ExecuteCommand(DownloadCommands * download_commands, DownloadCommands::Command command) Line 988  C++
    libcef.dll!DownloadCommands::ExecuteCommand(DownloadCommands::Command command) Line 167 C++
    libcef.dll!DownloadBubbleUIController::ProcessDownloadButtonPress(base::WeakPtr<DownloadUIModel> model, DownloadCommands::Command command, bool is_main_view) Line 342  C++
    libcef.dll!DownloadBubbleRowView::OnActionButtonPressed(DownloadCommands::Command command, const ui::Event & event) Line 852    C++

This is a new Browser (no WebContents yet) created using ScopedTabbedBrowserDisplayer in ChromeDownloadManagerDelegate::OpenDownload.

The intention of ScopedTabbedBrowserDisplayer is to create a new Browser (with TabStrip) if one does not already exist for the current Profile. CEF-hosted Browsers do not have a TabStrip and consequently don't match this logic.

In the CEF case we should probably route these calls to OnOpenURLFromTab for the source Browser, as would happen in the normal "open in new tab" flow.

magreenblatt commented 3 months ago

The dangling rawptr crash mentioned above appears to be fixed in M128.