crash calling CefFrame::LoadURL() (macos with OSR)

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

crash calling CefFrame::LoadURL() (macos with OSR)

Postby robs » Fri Jun 15, 2018 8:10 am

I found this crash that is 100% reproducible using the binary distribution of the cefclient sample. Tested on Mac OS 10.13.5.

First found with my code when updating to CEF 3396.1777. Reproduced using cefclient 3396.1778.

1. Download Mac OS binary distribution of CEF client 3396.1778.
2. Launch cef client with offscreen rendering enabled.
Code: Select all
./cefclient.app/Contents/MacOS/cefclient --off-screen-rendering-enabled

3. Launch is successful with google loaded.
4. Type any address into the address bar.
5. Crash.

Call stack from the debug build pasted below.

Thanks in advance for any ideas!

Code: Select all
(lldb) bt
* thread #1, name = 'CrBrowserMain', queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x108)
  * frame #0: 0x0000000105059dc9 Chromium Embedded Framework`ui::Compositor::vsync_manager() const [inlined] scoped_refptr<ui::CompositorVSyncManager>::scoped_refptr(this=0x00007ffeefbf9a90, r=<unavailable>) at scoped_refptr.h:181 [opt]
    frame #1: 0x0000000105059dc9 Chromium Embedded Framework`ui::Compositor::vsync_manager(this=0x0000000000000000) const at compositor.cc:488 [opt]
    frame #2: 0x0000000102f9483e Chromium Embedded Framework`CefRenderWidgetHostViewOSR::SetFrameRate(this=0x000000010b843cf0) at render_widget_host_view_osr.cc:1300 [opt]
    frame #3: 0x0000000102f90e75 Chromium Embedded Framework`CefRenderWidgetHostViewOSR::ResizeRootLayer(this=0x000000010b843cf0) at render_widget_host_view_osr.cc:1345 [opt]
    frame #4: 0x0000000102f90e33 Chromium Embedded Framework`CefRenderWidgetHostViewOSR::CefRenderWidgetHostViewOSR(this=0x000000010b843cf0, background_color=<unavailable>, widget=<unavailable>, parent_host_view=<unavailable>, is_guest_view_hack=<unavailable>) at render_widget_host_view_osr.cc:282 [opt]
    frame #5: 0x0000000102f98a25 Chromium Embedded Framework`CefWebContentsViewOSR::CreateViewForWidget(this=0x000060c000220d80, render_widget_host=0x000000010c873a00, embedder_render_widget_host=<unavailable>) at web_contents_view_osr.cc:112 [opt]
    frame #6: 0x000000010272e2eb Chromium Embedded Framework`non-virtual thunk to content::WebContentsImpl::CreateRenderWidgetHostViewForRenderManager(content::RenderViewHost*) [inlined] content::WebContentsImpl::CreateRenderWidgetHostViewForRenderManager(this=<unavailable>, render_view_host=<unavailable>) at web_contents_impl.cc:5770 [opt]
    frame #7: 0x000000010272e2cd Chromium Embedded Framework`non-virtual thunk to content::WebContentsImpl::CreateRenderWidgetHostViewForRenderManager(this=0x000000010e005490, render_view_host=<unavailable>) at web_contents_impl.cc:0 [opt]
    frame #8: 0x0000000102398be3 Chromium Embedded Framework`content::RenderFrameHostManager::CreateRenderFrame(this=0x0000000109d249d0, instance=0x0000000109e44930, hidden=<unavailable>, view_routing_id_ptr=0x0000000000000000) at render_frame_host_manager.cc:1743 [opt]
    frame #9: 0x00000001023961b0 Chromium Embedded Framework`content::RenderFrameHostManager::CreateSpeculativeRenderFrameHost(this=0x0000000109d249d0, old_instance=0x000000010b9177d0, new_instance=0x0000000109e44930) at render_frame_host_manager.cc:1687 [opt]
    frame #10: 0x00000001023958a8 Chromium Embedded Framework`content::RenderFrameHostManager::GetFrameHostForNavigation(this=0x0000000109d249d0, request=0x000000010c8dc200) at render_frame_host_manager.cc:571 [opt]
    frame #11: 0x000000010239562d Chromium Embedded Framework`content::RenderFrameHostManager::DidCreateNavigationRequest(this=0x0000000109d249d0, request=0x000000010c8dc200) at render_frame_host_manager.cc:474 [opt]
    frame #12: 0x000000010233a286 Chromium Embedded Framework`content::FrameTreeNode::CreatedNavigationRequest(this=0x0000000109d249c0, navigation_request=<unavailable>) at frame_tree_node.cc:497 [opt]
    frame #13: 0x0000000102364991 Chromium Embedded Framework`content::NavigatorImpl::RequestNavigation(this=<unavailable>, frame_tree_node=0x0000000109d249c0, dest_url=0x00007ffeefbfa6e0, dest_referrer=0x00007ffeefbfa660, frame_entry=0x0000000109e445a0, entry=0x000000010c8dbc00, reload_type=NONE, previews_state=0, is_same_document_history_load=<unavailable>, is_history_navigation_in_new_child=<unavailable>, post_body=0x00007ffeefbfa820, navigation_start=TimeTicks @ 0x00007ffeefbfa4a8, navigation_ui_data=unique_ptr<content::NavigationUIData, std::__1::default_delete<content::NavigationUIData> > @ 0x00007ffeefbfa4b0) at navigator_impl.cc:1086 [opt]
    frame #14: 0x0000000102364303 Chromium Embedded Framework`content::NavigatorImpl::NavigateToEntry(this=0x00006080000e5e00, frame_tree_node=0x0000000109d249c0, frame_entry=0x0000000109e445a0, entry=0x000000010c8dbc00, reload_type=<unavailable>, is_same_document_history_load=false, is_history_navigation_in_new_child=<unavailable>, is_pending_entry=true, post_body=0x00007ffeefbfa820, navigation_ui_data=unique_ptr<content::NavigationUIData, std::__1::default_delete<content::NavigationUIData> > @ 0x00007ffeefbfa818) at navigator_impl.cc:341 [opt]
    frame #15: 0x0000000102364acb Chromium Embedded Framework`content::NavigatorImpl::NavigateToPendingEntry(this=0x00006080000e5e00, frame_tree_node=<unavailable>, frame_entry=<unavailable>, reload_type=<unavailable>, is_same_document_history_load=<unavailable>, navigation_ui_data=<unavailable>) at navigator_impl.cc:390 [opt]
    frame #16: 0x000000010234b04f Chromium Embedded Framework`content::NavigationControllerImpl::NavigateToPendingEntryInternal(this=<unavailable>, reload_type=NONE, navigation_ui_data=unique_ptr<content::NavigationUIData, std::__1::default_delete<content::NavigationUIData> > @ 0x00007ffeefbfab80) at navigation_controller_impl.cc:2157 [opt]
    frame #17: 0x0000000102345392 Chromium Embedded Framework`content::NavigationControllerImpl::NavigateToPendingEntry(this=0x000000010e0054c0, reload_type=NONE, navigation_ui_data=unique_ptr<content::NavigationUIData, std::__1::default_delete<content::NavigationUIData> > @ 0x00007ffeefbfabe0) at navigation_controller_impl.cc:2111 [opt]
    frame #18: 0x00000001023457b6 Chromium Embedded Framework`content::NavigationControllerImpl::LoadEntry(this=0x000000010e0054c0, entry=unique_ptr<content::NavigationEntryImpl, std::__1::default_delete<content::NavigationEntryImpl> > @ 0x00007ffeefbfada0, navigation_ui_data=unique_ptr<content::NavigationUIData, std::__1::default_delete<content::NavigationUIData> > @ 0x00007ffeefbfada8) at navigation_controller_impl.cc:512 [opt]
    frame #19: 0x0000000102346ae0 Chromium Embedded Framework`content::NavigationControllerImpl::LoadURLWithParams(this=<unavailable>, params=0x00007ffeefbfae20) at navigation_controller_impl.cc:870 [opt]
    frame #20: 0x00000001023462fd Chromium Embedded Framework`content::NavigationControllerImpl::LoadURL(this=0x000000010e0054c0, url=<unavailable>, referrer=0x00007ffeefbfb3e0, transition=PAGE_TRANSITION_TYPED, extra_headers=<unavailable>) at navigation_controller_impl.cc:721 [opt]
    frame #21: 0x0000000102f0998d Chromium Embedded Framework`CefBrowserHostImpl::LoadURL(this=0x000000010b82e930, frame_id=-1, url=<unavailable>, referrer=0x00007ffeefbfb3e0, transition=PAGE_TRANSITION_TYPED, extra_headers=0x00007ffeefbfb490) at browser_host_impl.cc:1672 [opt]
    frame #22: 0x0000000102f5f511 Chromium Embedded Framework`CefFrameHostImpl::LoadURL(this=<unavailable>, url=0x00007ffeefbfb4e0) at frame_host_impl.cc:138 [opt]
    frame #23: 0x00000001008b32e6 Chromium Embedded Framework`(anonymous namespace)::frame_load_url(self=<unavailable>, url=0x000060800003eb80) at frame_cpptoc.cc:189 [opt]
    frame #24: 0x0000000100152ae2 cefclient`CefFrameCToCpp::LoadURL(this=0x000060800003ff10, url=0x00007ffeefbfb810) at frame_ctocpp.cc:187
    frame #25: 0x000000010007fed7 cefclient`::-[RootWindowDelegate takeURLStringValueFrom:](self=0x0000608000033b00, _cmd="takeURLStringValueFrom:", sender=0x0000000109e28370) at root_window_mac.mm:113
    frame #26: 0x00007fff35ab8a43 AppKit`-[NSApplication(NSResponder) sendAction:to:from:] + 312
    frame #27: 0x00007fff3555e53f AppKit`-[NSControl sendAction:to:] + 86
    frame #28: 0x00007fff354cfdaa AppKit`-[NSTextField textDidEndEditing:] + 937
    frame #29: 0x00007fff37da861c CoreFoundation`__CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ + 12
    frame #30: 0x00007fff37da84ea CoreFoundation`_CFXRegistrationPost + 458
    frame #31: 0x00007fff37da8221 CoreFoundation`___CFXNotificationPost_block_invoke + 225
    frame #32: 0x00007fff37d66d72 CoreFoundation`-[_CFXNotificationRegistrar find:object:observer:enumerator:] + 1826
    frame #33: 0x00007fff37d65e03 CoreFoundation`_CFXNotificationPost + 659
    frame #34: 0x00007fff39e8f8c7 Foundation`-[NSNotificationCenter postNotificationName:object:userInfo:] + 66
    frame #35: 0x00007fff3564443a AppKit`-[NSTextView(NSPrivate) _giveUpFirstResponder:] + 440
    frame #36: 0x00007fff354bccff AppKit`-[NSTextView doCommandBySelector:] + 200
    frame #37: 0x00007fff354bcc13 AppKit`-[NSTextInputContext(NSInputContext_WithCompletion) doCommandBySelector:completionHandler:] + 118
    frame #38: 0x00007fff3549e14e AppKit`-[NSKeyBindingManager(NSKeyBindingManager_MultiClients) interpretEventAsCommand:forClient:] + 2898
    frame #39: 0x00007fff35d37cbf AppKit`__84-[NSTextInputContext _handleEvent:options:allowingSyntheticEvent:completionHandler:]_block_invoke.1109 + 360
    frame #40: 0x00007fff35d37aee AppKit`__84-[NSTextInputContext _handleEvent:options:allowingSyntheticEvent:completionHandler:]_block_invoke_3 + 79
    frame #41: 0x00007fff354a5989 AppKit`-[NSTextInputContext tryHandleEvent_HasMarkedText_withDispatchCondition:dispatchWork:continuation:] + 92
    frame #42: 0x00007fff35d37a6d AppKit`__84-[NSTextInputContext _handleEvent:options:allowingSyntheticEvent:completionHandler:]_block_invoke.1099 + 251
    frame #43: 0x00007fff3709eace HIToolbox`__TSMProcessRawKeyEventWithOptionsAndCompletionHandler_block_invoke_5 + 70
    frame #44: 0x00007fff3709d986 HIToolbox`___ZL23DispatchEventToHandlersP14EventTargetRecP14OpaqueEventRefP14HandlerCallRec_block_invoke + 110
    frame #45: 0x00007fff35d304cc AppKit`__55-[NSTextInputContext handleTSMEvent:completionHandler:]_block_invoke.320 + 580
    frame #46: 0x00007fff3549f4df AppKit`__55-[NSTextInputContext handleTSMEvent:completionHandler:]_block_invoke_2 + 79
    frame #47: 0x00007fff3549f462 AppKit`-[NSTextInputContext tryHandleTSMEvent_HasMarkedText_withDispatchCondition:dispatchWork:continuation:] + 92
    frame #48: 0x00007fff3549efc5 AppKit`-[NSTextInputContext handleTSMEvent:completionHandler:] + 1722
    frame #49: 0x00007fff3549e895 AppKit`_NSTSMEventHandler + 311
    frame #50: 0x00007fff37047904 HIToolbox`DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*) + 1541
    frame #51: 0x00007fff37046c4d HIToolbox`SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*) + 374
    frame #52: 0x00007fff37046ac3 HIToolbox`SendEventToEventTargetWithOptions + 45
    frame #53: 0x00007fff3709abd9 HIToolbox`SendTSMEvent_WithCompletionHandler + 389
    frame #54: 0x00007fff3709b0a4 HIToolbox`__SendUnicodeTextAEToUnicodeDoc_WithCompletionHandler_block_invoke + 403
    frame #55: 0x00007fff3709af02 HIToolbox`__SendFilterTextEvent_WithCompletionHandler_block_invoke + 219
    frame #56: 0x00007fff3709ac28 HIToolbox`SendTSMEvent_WithCompletionHandler + 468
    frame #57: 0x00007fff3709aa27 HIToolbox`SendFilterTextEvent_WithCompletionHandler + 233
    frame #58: 0x00007fff3709a6e6 HIToolbox`SendUnicodeTextAEToUnicodeDoc_WithCompletionHandler + 290
    frame #59: 0x00007fff3709a49a HIToolbox`__utDeliverTSMEvent_WithCompletionHandler_block_invoke_2 + 289
    frame #60: 0x00007fff3709a31b HIToolbox`__utDeliverTSMEvent_WithCompletionHandler_block_invoke + 405
    frame #61: 0x00007fff3709a108 HIToolbox`TSMKeyEvent_WithCompletionHandler + 636
    frame #62: 0x00007fff37099e4c HIToolbox`__TSMProcessRawKeyEventWithOptionsAndCompletionHandler_block_invoke_4 + 262
    frame #63: 0x00007fff37099c67 HIToolbox`__TSMProcessRawKeyEventWithOptionsAndCompletionHandler_block_invoke_3 + 263
    frame #64: 0x00007fff370999a2 HIToolbox`__TSMProcessRawKeyEventWithOptionsAndCompletionHandler_block_invoke_2 + 288
    frame #65: 0x00007fff370996f8 HIToolbox`__TSMProcessRawKeyEventWithOptionsAndCompletionHandler_block_invoke + 280
    frame #66: 0x00007fff37098cef HIToolbox`TSMProcessRawKeyEventWithOptionsAndCompletionHandler + 3433
    frame #67: 0x00007fff35d378e9 AppKit`__84-[NSTextInputContext _handleEvent:options:allowingSyntheticEvent:completionHandler:]_block_invoke.1090 + 115
    frame #68: 0x00007fff35d36cb7 AppKit`__204-[NSTextInputContext tryTSMProcessRawKeyEvent_orSubstitution:dispatchCondition:setupForDispatch:furtherCondition:doubleSpaceSubstitutionCondition:doubleSpaceSubstitutionWork:dispatchTSMWork:continuation:]_block_invoke.1016 + 120
    frame #69: 0x00007fff35d36b20 AppKit`-[NSTextInputContext tryTSMProcessRawKeyEvent_orSubstitution:dispatchCondition:setupForDispatch:furtherCondition:doubleSpaceSubstitutionCondition:doubleSpaceSubstitutionWork:dispatchTSMWork:continuation:] + 255
    frame #70: 0x00007fff35d3732d AppKit`-[NSTextInputContext _handleEvent:options:allowingSyntheticEvent:completionHandler:] + 1237
    frame #71: 0x00007fff35d369ad AppKit`-[NSTextInputContext _handleEvent:allowingSyntheticEvent:] + 114
    frame #72: 0x00007fff3549d33d AppKit`-[NSView interpretKeyEvents:] + 209
    frame #73: 0x00007fff3549d15f AppKit`-[NSTextView keyDown:] + 724
    frame #74: 0x00007fff35c5543d AppKit`-[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:] + 5040
    frame #75: 0x00007fff35c53c70 AppKit`-[NSWindow(NSEventRouting) sendEvent:] + 497
    frame #76: 0x00007fff35ab5236 AppKit`-[NSApplication(NSEvent) sendEvent:] + 2462
    frame #77: 0x00000001000c0f8f cefclient`::-[ClientApplication sendEvent:](self=0x0000600000120140, _cmd="sendEvent:", event=0x000060c000125e60) at cefclient_mac.mm:90
    frame #78: 0x00007fff353158b5 AppKit`-[NSApplication run] + 812
    frame #79: 0x000000010327020c Chromium Embedded Framework`base::MessagePumpNSApplication::DoRun(this=0x00006040001010e0, delegate=<unavailable>) at message_pump_mac.mm:815 [opt]
    frame #80: 0x000000010326e9fe Chromium Embedded Framework`base::MessagePumpCFRunLoopBase::Run(this=0x00006040001010e0, delegate=0x000000010b908190) at message_pump_mac.mm:189 [opt]
    frame #81: 0x000000010326b569 Chromium Embedded Framework`base::MessageLoop::Run(this=0x000000010b908190, application_tasks_allowed=<unavailable>) at message_loop.cc:306 [opt]
    frame #82: 0x00000001032981b9 Chromium Embedded Framework`base::RunLoop::Run(this=0x00007ffeefbff098) at run_loop.cc:130 [opt]
    frame #83: 0x0000000102f28b63 Chromium Embedded Framework`CefBrowserMessageLoop::RunMessageLoop() + 51
    frame #84: 0x0000000100209739 cefclient`CefRunMessageLoop() at libcef_dll_wrapper.cc:406
    frame #85: 0x00000001000cf2d1 cefclient`client::MainMessageLoopStd::Run(this=0x0000600000000110) at main_message_loop_std.cc:14
    frame #86: 0x00000001000c2350 cefclient`client::(anonymous namespace)::RunMain(argc=2, argv=0x00007ffeefbff4d0) at cefclient_mac.mm:389
    frame #87: 0x00000001000c1d22 cefclient`main(argc=2, argv=0x00007ffeefbff4d0) at cefclient_mac.mm:408
    frame #88: 0x00007fff5fc3d015 libdyld.dylib`start + 1
robs
Mentor
 
Posts: 70
Joined: Wed Jun 05, 2013 2:22 pm

Re: crash calling CefFrame::LoadURL() (macos with OSR)

Postby magreenblatt » Fri Jun 15, 2018 11:24 am

Please add a bug.
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm

Re: crash calling CefFrame::LoadURL() (macos with OSR)

Postby robs » Fri Jun 15, 2018 11:35 am

Here you go. Issue number 2458.

Thanks,
Rob
robs
Mentor
 
Posts: 70
Joined: Wed Jun 05, 2013 2:22 pm


Return to Support Forum

Who is online

Users browsing this forum: Google [Bot] and 20 guests