rdmenezes / cefpython

Automatically exported from code.google.com/p/cefpython
1 stars 0 forks source link

Crash in V8 bindings when calling Frame.LoadUrl #130

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Run the wxpython.py example
2. Run the "Browser object" LoadUrl popup test (which calls Frame.LoadUrl under 
the hood)
3. Run the LoadUrl popup test again, crash!

When javascript bindings were disabled by removing the `SetJavascriptBindings` 
method, it stopped crashing.

Logs:

    [wxpython.py] LoadHandler::OnLoadEnd()
        frame url = data:text/html,Test#Browser.LoadUrl
        http status code = 0
    [wxpython.py] LoadHandler::OnLoadingStateChange()
        isLoading = True, canGoBack = False, canGoForward = False
    [CEF Python] Renderer: DoJavascriptBindingsForFrame(): bindings are set
    [wxpython.py] RequestHandler::OnBeforeBrowse()
        url = file:///home/czarek/cefpython/cefpython/cefpython/cef3/linux/binaries_64bit/example.html
    [CEF Python] Renderer: OnProcessMessageReceived(): DoJavascriptBindings
    [wxpython.py] RequestHandler::OnBeforeResourceLoad()
        url = file:///home/czarek/cefpython/cefpython/cefpython/cef3/linux/binaries_64bit/example.html
    [CEF Python] Renderer: OnContextReleased()
    [CEF Python] Renderer: OnContextCreated()
    [CEF Python] Renderer: DoJavascriptBindingsForFrame(): bindings are set
    [CEF Python] Browser: OnProcessMessageReceived(): OnContextReleased
    [CEF Python] V8ContextHandler_OnContextReleased()
    [CEF Python] del g_pyFrames[3#3]
    [CEF Python] Browser: OnProcessMessageReceived(): RemovePythonCallbacksForFrame
    [CEF Python] Browser: OnProcessMessageReceived(): OnContextCreated
    [CEF Python] V8ContextHandler_OnContextCreated()
    [CEF Python] Renderer: DoJavascriptBindingsForFrame(): bindings are set
    [0730/145552:ERROR_REPORT:v8_impl.cc(910)] Check failed: false. V8 handle is not valid
    [0730/145552:ERROR_REPORT:v8_impl.cc(901)] Check failed: false. V8 handle is not valid
    [0730/145552:ERROR_REPORT:v8_impl.cc(1161)] Check failed: false. not currently in a V8 context
    [wxpython.py] LoadHandler::OnLoadStart()
        frame url = file:///home/czarek/cefpython/cefpython/cefpython/cef3/linux/binaries_64bit/example.html
    [wxpython.py] DisplayHandler::OnAddressChange()
        url = file:///home/czarek/cefpython/cefpython/cefpython/cef3/linux/binaries_64bit/example.html
    [CEF Python] Browser: OnRenderProcessTerminated()
    [wxpython.py] RequestHandler::OnRendererProcessTerminated()
        status = TS_PROCESS_CRASHED
    [wxpython.py] LoadHandler::OnLoadingStateChange()
        isLoading = False, canGoBack = True, canGoForward = False
    [wxpython.py] DisplayHandler::OnTitleChange()
        title = example.html
    [CEF Python] Browser: OnRenderProcessTerminated()
    [wxpython.py] RequestHandler::OnRendererProcessTerminated()
        status = TS_PROCESS_CRASHED
    [CEF Python] del g_pyFrames[3#3]
    [CEF Python] del g_pyBrowsers[3]
    (.:2373): LIBDBUSMENU-GLIB-WARNING **: Trying to remove a child that doesn't believe we're it's parent.
    (.:2373): LIBDBUSMENU-GLIB-WARNING **: Trying to remove a child that doesn't believe we're it's parent.
    [CEF Python] Shutdown()
    [CEF Python] del g_pyFrames[1#1]
    [CEF Python] del g_pyBrowsers[1]
    ./wxpython.sh: line 2:  2373 Segmentation fault      (core dumped) python wxpython.py

Original issue reported on code.google.com by czarek.t...@gmail.com on 30 Jul 2014 at 1:00

GoogleCodeExporter commented 9 years ago
Sometimes it crashes the first time. Other times you need to repeat loading the 
popup test 5-10 times.

Original comment by czarek.t...@gmail.com on 30 Jul 2014 at 1:15

GoogleCodeExporter commented 9 years ago
Navigation can cause creation of new render processes if the origin (scheme + 
domain) changes. In our case it is a redirect from a "data:text/html," url to a 
"file://" url. This causes creation of a new renderer process and the V8 
handles that CEF provides are no more valid. It happens randomly, dunno whether 
this is some timing issue, or whether Chromium randomly decides to create a new 
renderer process or reuse the current one.

The solution was to check whether the context by provided 
CefV8Context::OnContextCreated is valid. If it's invalid then abort creating 
bindings in DoJavascriptBindingsForFrame. The bindings are still working, 
because there is a back-up plan. We're doing the javascript bindings work two 
times. One in CefV8Context::OnContextCreated which runs in the Renderer 
process. The second time the bindings work is initiated from the Browser 
process using process messaging, it is the "DoJavascriptBindingsForBrowser" 
message that initiates the bindings for the second time.

Fixed in revision e62b45d61aeb.

Original comment by czarek.t...@gmail.com on 30 Jul 2014 at 3:51

GoogleCodeExporter commented 9 years ago
See also this CEF topic for reference:
http://www.magpcss.org/ceforum/viewtopic.php?f=6&t=11009

Original comment by czarek.t...@gmail.com on 30 Jul 2014 at 3:52

GoogleCodeExporter commented 9 years ago
This could also cause issues even when the scheme (file:// or http://) didn't 
change, but when Chromium decided to start a new renderer process for the new 
website visited. According to Marshall, Chromium can start new renderer process 
when origin changes (scheme + domain). So making a redirect to a new domain 
could also result in crashes.

Original comment by czarek.t...@gmail.com on 30 Jul 2014 at 4:01