JavaScript execute task crashes after window is closed

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Call CefFrameImpl::ExecuteJavaScript multiple times with long running
JavaScript.  I modified "Tests > JavaScript Execute" in cefclient.  Diff is
attached.
2. Immediately close the window.  This is easier to accomplish with a
separate UI thread, but the problem exists either way.
3. Crash

What is the expected output? What do you see instead?

Expected result is a graceful shutdown.  Actual result is a crash with the
following call stack:

feeefeee()  
libcef.dll!CefBrowserImpl::GetWebFrame(CefRefPtr<CefFrame> frame={...}) 
Line 176 + 0x9 bytes    C++
libcef.dll!CefBrowserImpl::UIT_ExecuteJavaScript(CefFrame *
frame=0x00b81aa8, const
std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t>
> & js_code="busywait(2003);", const
std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t>
> & script_url="about:blank", int start_line=0x00000000)  Line 479 + 0x1f
bytes   C++
libcef.dll!RunnableMethod<CefBrowserImpl,void (__thiscall
CefBrowserImpl::*)(CefFrame
*,std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t>
> const
&,std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t>
> const &,int),Tuple4<CefFrame
*,std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t>
>,std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t>
>,int> >::Run()  Line 290   C++
libcef.dll!MessageLoop::RunTask(Task * task=0x00b818c0)  Line 321   C++
libcef.dll!MessageLoop::DoWork()  Line 435 + 0x8 bytes  C++
libcef.dll!base::MessagePumpForUI::DoRunLoop()  Line 210    C++
libcef.dll!base::MessagePumpWin::Run(base::MessagePump::Delegate *
delegate=0x00d4fec8)  Line 78 + 0x42 bytes  C++
libcef.dll!MessageLoop::RunInternal()  Line 205 + 0xb bytes C++
libcef.dll!MessageLoop::Run()  Line 156 C++
libcef.dll!ThreadHandlerUI(void * lpParam=0x00b37438)  Line 249 C++
kernel32.dll!_BaseThreadStart@8()  + 0x37 bytes 

What version of the product are you using? On what operating system?
CEF r72, Windows XP

Please provide any additional information below.
The WebViewHost's WebWidget is closed in WM_DESTROY.  A JavaScript
execution task, which is processed after WM_DESTROY, tries to use the
WebWidget.

Original issue reported on code.google.com by mikeyk...@gmail.com on 26 Apr 2010 at 7:49

Attachments:

• crash.txt

[GoogleCodeExporter]

The attached patch prevents the crash.  I just started looking around the code, 
so
I'm not sure if it is a proper fix.  Could someone take a second look?

Original comment by mikeyk...@gmail.com on 26 Apr 2010 at 9:40

Attachments:

• execute_js_fix.txt

[GoogleCodeExporter]

Thanks for the report.  I think your approach is correct but additionally we 
should
check everywhere that the result of GetWebView() and GetWebViewHost() is 
non-NULL.

Original comment by magreenb...@gmail.com on 27 Apr 2010 at 3:38

• Changed state: Accepted

[GoogleCodeExporter]

I've updated my original patch for this issue.  At your request, I am now 
checking for a valid pointer in all places where GetWebView() and 
GetWebViewHost() are directly used.  This will prevent potential crashes after 
WM_DESTROY is processed, and resolves the original problem which I've 
encountered in practice.

Original comment by mikeyk...@gmail.com on 10 Aug 2010 at 4:18

Attachments:

• jsnull.txt

[GoogleCodeExporter]

Thanks for the patch. Committed with minor changes as revision 97.

Original comment by magreenb...@gmail.com on 31 Aug 2010 at 2:11

• Changed state: Fixed