Linux: Crash in BitmapContentLayerUpdater destructor with off-screen rendering and CefDoMessageLoopWork

Ubuntu 12.10 64-bit
CEF version 3.2171.1902
JCEF revision 112

What steps will reproduce the problem?
1. Embed CEF in another framework (like JCEF) with off-screen rendering and 
CefDoMessageLoopWork.
2. Show the off-screen browser.

What is the expected output? What do you see instead?
The browser should render the first frame successfully. Instead, get the 
following crash:

Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffa2646700 (LWP 12447)]
0x00007ffff7410f77 in __GI_raise (sig=sig@entry=6) at 
../nptl/sysdeps/unix/sysv/linux/raise.c:56
56  ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  0x00007ffff7410f77 in __GI_raise (sig=sig@entry=6) at 
../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff74145e8 in __GI_abort () at abort.c:90
#2  0x00007ffff744e4fb in __libc_message (do_abort=do_abort@entry=2, 
    fmt=fmt@entry=0x7ffff7562240 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:199
#3  0x00007ffff745a996 in malloc_printerr (ptr=0x1d13ad9f6000, 
str=0x7ffff755e205 "free(): invalid pointer", action=3)
    at malloc.c:4923
#4  _int_free (av=<optimized out>, p=0x1d13ad9f5ff0, have_lock=0) at 
malloc.c:3779
#5  0x00007fffd8b3e7d5 in SkMallocPixelRef::~SkMallocPixelRef() ()
   from /home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so
#6  0x00007fffd8b004cf in SkBitmap::~SkBitmap() ()
   from /home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so
#7  0x00007fffd9f7cc33 in 
cc::BitmapContentLayerUpdater::~BitmapContentLayerUpdater() ()
   from /home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so
#8  0x00007fffd9f2ec4a in cc::ContentLayer::~ContentLayer() ()
   from /home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so
#9  0x00007fffda5c3de2 in ui::Layer::SwitchToLayer(scoped_refptr<cc::Layer>) ()
   from /home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so
#10 0x00007fffda5c43e7 in 
ui::Layer::SetShowDelegatedContent(cc::DelegatedFrameProvider*, gfx::Size) ()
   from /home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so
#11 0x00007fffdaa368dd in 
content::DelegatedFrameHost::SwapDelegatedFrame(unsigned int, 
scoped_ptr<cc::DelegatedFrameData, base::DefaultDeleter<cc::DelegatedFrameData> 
>, float, std::vector<ui::LatencyInfo, std::allocator<ui::LatencyInfo> > 
const&) ()
   from /home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so
#12 0x00007fffd8744320 in 
CefRenderWidgetHostViewOSR::OnSwapCompositorFrame(unsigned int, 
scoped_ptr<cc::CompositorFrame, base::DefaultDeleter<cc::CompositorFrame> >) () 
from 
/home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so
#13 0x00007fffda96c391 in 
content::RenderWidgetHostImpl::OnSwapCompositorFrame(IPC::Message const&) ()
   from /home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so
#14 0x00007fffda96b4ba in 
content::RenderWidgetHostImpl::OnMessageReceived(IPC::Message const&) ()
   from /home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so
#15 0x00007fffda9659e1 in 
content::RenderViewHostImpl::OnMessageReceived(IPC::Message const&) ()
   from /home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so
#16 0x00007fffda95996e in 
content::RenderProcessHostImpl::OnMessageReceived(IPC::Message const&) ()
   from /home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so
#17 0x00007fffda11efec in 
IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) ()
   from /home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so
#18 0x00007fffd87f6a72 in base::debug::TaskAnnotator::RunTask(char const*, char 
const*, base::PendingTask const&) ()
   from /home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so
#19 0x00007fffd88218e2 in base::MessageLoop::RunTask(base::PendingTask const&) 
()
   from /home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so
#20 0x00007fffd8821e4c in base::MessageLoop::DoWork() ()
   from /home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so
---Type <return> to continue, or q <return> to quit---
#21 0x00007fffd87e5f0a in base::(anonymous 
namespace)::WorkSourceDispatch(_GSource*, int (*)(void*), void*) ()
   from /home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so
#22 0x00007fffe20833b6 in g_main_dispatch (context=0x7fff9401aa20) at 
/build/buildd/glib2.0-2.38.1/./glib/gmain.c:3065
#23 g_main_context_dispatch (context=context@entry=0x7fff9401aa20) at 
/build/buildd/glib2.0-2.38.1/./glib/gmain.c:3641
#24 0x00007fffe2083708 in g_main_context_iterate 
(context=context@entry=0x7fff9401aa20, block=block@entry=0, 
    dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.38.1/./glib/gmain.c:3712
#25 0x00007fffe20837ac in g_main_context_iteration (context=0x7fff9401aa20, 
may_block=0)
    at /build/buildd/glib2.0-2.38.1/./glib/gmain.c:3773
#26 0x00007fffd87e5d6b in 
base::MessagePumpGlib::Run(base::MessagePump::Delegate*) ()
   from /home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so
#27 0x00007fffd8835884 in base::RunLoop::Run() ()
   from /home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so
#28 0x00007fffd8719cba in CefBrowserMessageLoop::DoMessageLoopIteration() ()
   from /home/marshall/code/jcef/src/binary_distrib/linux64/bin/lib/linux64/libcef.so

Please use labels and text to provide additional information.
This forum thread describes a similar crash: 
http://www.magpcss.org/ceforum/viewtopic.php?f=6&t=12225
Original issue reported on code.google.com by magreenb...@gmail.com on 20 Nov 2014 at 10:49
roadlabs / chromiumembedded

Linux: Crash in BitmapContentLayerUpdater destructor with off-screen rendering and CefDoMessageLoopWork #1446
