Chromium Embedded Framework Forum

by **magreenblatt** » Mon Jul 09, 2018 7:30 pm

If I'm understanding correctly, the problem could be that we cast StructName* to cef_base_ref_counted_t* in CefCToCppRefCounted::UnderlyingAddRef, and then pass that pointer to cef_base_ref_counted_t::add_ref:

Code: Select all: // Increment/decrement reference counts on only the underlying class. void UnderlyingAddRef() const { cef_base_ref_counted_t* base = reinterpret_cast<cef_base_ref_counted_t*>(GetStruct()); if (base->add_ref) base->add_ref(base); }

Chromium provides this configuration to work around the error in build/config/sanitizers/BUILD.gn:

Code: Select all: # crbug.com/785442: Fix cfi-icall failures for code that casts pointer argument # types in function pointer type signatures. config("cfi_icall_generalize_pointers") { if (is_clang && is_cfi && use_cfi_icall) { cflags = [ "-fsanitize-cfi-icall-generalize-pointers" ] } }

by **magreenblatt** » Mon Jul 09, 2018 8:08 pm

Alternate theory: CefCToCppRefCounted::Wrap() is referencing WrapperStruct::wrapper_ which is uninitialized due to the use of "new WrapperStruct;". It should be "new WrapperStruct();" instead so that the members are initialized.

by **magreenblatt** » Tue Jul 10, 2018 11:29 am

I've filed https://bitbucket.org/chromiumembedded/cef/issues/2472 for this.

Chromium Embedded Framework Forum

crash in cefclient on ubuntu 18.04 with proprietary codecs?

Re: crash in cefclient on ubuntu 18.04 with proprietary code

Re: crash in cefclient on ubuntu 18.04 with proprietary code

Re: crash in cefclient on ubuntu 18.04 with proprietary code

Who is online