Chromium Embedded Framework Forum

Forum for support and discussion of the Chromium Embedded Framework (CEF)
Visit the CEF Project Site to download CEF and report issues.

Skip to content

CEF crashing while closing CEF application

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.
Forum rules
Post a reply

CEF crashing while closing CEF application

Postby amit99531 » Fri Aug 17, 2018 6:30 am

I am getting crash in my application while closing it. This error occurs at both allocation and deallocation of memory and only occurring for mac. You can find error message and log below.

Crashed Thread: 13 Chrome_IOThread

Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY

Application Specific Information:
abort() called
*** error for object 0x7fd6ec251358: incorrect checksum for freed object - object was probably modified after being freed.

Thread 13 Crashed:: Chrome_IOThread
0 libsystem_kernel.dylib 0x00007fffe1f41d42 __pthread_kill + 10
1 libsystem_pthread.dylib 0x00007fffe202f457 pthread_kill + 90
2 libsystem_c.dylib 0x00007fffe1ea74bb __abort + 140
3 libsystem_c.dylib 0x00007fffe1ea742f abort + 144
4 libsystem_malloc.dylib 0x00007fffe1fa1f5d szone_error + 626
5 libsystem_malloc.dylib 0x00007fffe1f97f0d tiny_free_list_remove_ptr + 292
6 libsystem_malloc.dylib 0x00007fffe1fac914 tiny_free_no_lock + 1484
7 libsystem_malloc.dylib 0x00007fffe1fad0d5 free_tiny + 671
8 org.chromium.ContentShell.framework 0x00000001162f45be base::allocator::(anonymous namespace)::FreeDefiniteSizeImpl(base::allocator::AllocatorDispatch const*, void*, unsigned long, void*) + 62 (allocator_shim_default_dispatch_to_mac_zoned_malloc.cc:87)
9 org.chromium.ContentShell.framework 0x00000001162f3d97 ShimFreeDefiniteSize + 55 (allocator_shim.cc:292)
10 org.chromium.ContentShell.framework 0x00000001162f3d4c base::allocator::MallocZoneFunctionsToReplaceDefault()::$_9::operator()(_malloc_zone_t*, void*, unsigned long) const + 44 (allocator_shim_override_mac_symbols.h:55)
11 org.chromium.ContentShell.framework 0x00000001162f3d18 base::allocator::MallocZoneFunctionsToReplaceDefault()::$_9::__invoke(_malloc_zone_t*, void*, unsigned long) + 40 (allocator_shim_override_mac_symbols.h:52)
12 org.chromium.ContentShell.framework 0x00000001162f45be base::allocator::(anonymous namespace)::FreeDefiniteSizeImpl(base::allocator::AllocatorDispatch const*, void*, unsigned long, void*) + 62 (allocator_shim_default_dispatch_to_mac_zoned_malloc.cc:87)
13 org.chromium.ContentShell.framework 0x00000001162f3d97 ShimFreeDefiniteSize + 55 (allocator_shim.cc:292)
14 org.chromium.ContentShell.framework 0x00000001162f3d4c base::allocator::MallocZoneFunctionsToReplaceDefault()::$_9::operator()(_malloc_zone_t*, void*, unsigned long) const + 44 (allocator_shim_override_mac_symbols.h:55)
15 org.chromium.ContentShell.framework 0x00000001162f3d18 base::allocator::MallocZoneFunctionsToReplaceDefault()::$_9::__invoke(_malloc_zone_t*, void*, unsigned long) + 40 (allocator_shim_override_mac_symbols.h:52)
16 org.chromium.ContentShell.framework 0x00000001176faac0 base::RefCountedThreadSafe<mojo::ScopedInterfaceEndpointHandle::State, base::DefaultRefCountedThreadSafeTraits<mojo::ScopedInterfaceEndpointHandle::State> >::DeleteInternal(mojo::ScopedInterfaceEndpointHandle::State const*) + 48 (ref_counted.h:358)
17 org.chromium.ContentShell.framework 0x00000001176faa85 base::DefaultRefCountedThreadSafeTraits<mojo::ScopedInterfaceEndpointHandle::State>::Destruct(mojo::ScopedInterfaceEndpointHandle::State const*) + 21 (ref_counted.h:315)
18 org.chromium.ContentShell.framework 0x00000001176faa68 base::RefCountedThreadSafe<mojo::ScopedInterfaceEndpointHandle::State, base::DefaultRefCountedThreadSafeTraits<mojo::ScopedInterfaceEndpointHandle::State> >::Release() const + 56 (ref_counted.h:351)
19 org.chromium.ContentShell.framework 0x00000001176faa05 scoped_refptr<mojo::ScopedInterfaceEndpointHandle::State>::Release(mojo::ScopedInterfaceEndpointHandle::State*) + 21 (ref_counted.h:618)
20 org.chromium.ContentShell.framework 0x00000001176fbcea scoped_refptr<mojo::ScopedInterfaceEndpointHandle::State>::~scoped_refptr() + 42 (ref_counted.h:513)
21 org.chromium.ContentShell.framework 0x00000001176f8845 scoped_refptr<mojo::ScopedInterfaceEndpointHandle::State>::~scoped_refptr() + 21 (ref_counted.h:513)
22 org.chromium.ContentShell.framework 0x00000001176f8a66 mojo::ScopedInterfaceEndpointHandle::~ScopedInterfaceEndpointHandle() + 86 (scoped_interface_endpoint_handle.cc:309)
23 org.chromium.ContentShell.framework 0x00000001176f88a5 mojo::ScopedInterfaceEndpointHandle::~ScopedInterfaceEndpointHandle() + 21 (scoped_interface_endpoint_handle.cc:309)
24 org.chromium.ContentShell.framework 0x00000001176c4646 mojo::InterfaceEndpointClient::~InterfaceEndpointClient() + 1142 (interface_endpoint_client.cc:179)
25 org.chromium.ContentShell.framework 0x00000001176c4945 mojo::InterfaceEndpointClient::~InterfaceEndpointClient() + 21 (interface_endpoint_client.cc:179)
26 org.chromium.ContentShell.framework 0x00000001176c4969 mojo::InterfaceEndpointClient::~InterfaceEndpointClient() + 25 (interface_endpoint_client.cc:168)
27 org.chromium.ContentShell.framework 0x00000001176aba23 mojo::internal::BindingStateBase::Close() + 195 (binding_state.cc:44)
28 org.chromium.ContentShell.framework 0x0000000112d998af mojo::internal::BindingState<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >::~BindingState() + 31 (binding_state.h:103)
29 org.chromium.ContentShell.framework 0x0000000112d99885 mojo::internal::BindingState<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >::~BindingState() + 21 (binding_state.h:103)
30 org.chromium.ContentShell.framework 0x0000000112d99865 mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >::~Binding() + 21 (binding.h:91)
31 org.chromium.ContentShell.framework 0x0000000112d99845 mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >::~Binding() + 21 (binding.h:91)
32 org.chromium.ContentShell.framework 0x0000000112d99825 mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry::~Entry() + 21 (binding_set.h:201)
33 org.chromium.ContentShell.framework 0x0000000112d99805 mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry::~Entry() + 21 (binding_set.h:201)
34 org.chromium.ContentShell.framework 0x0000000112d997a8 std::__1::pair<unsigned long const, std::__1::unique_ptr<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry, std::__1::default_delete<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry> > >::~pair() + 184 (utility:312)
35 org.chromium.ContentShell.framework 0x0000000112d996e5 std::__1::pair<unsigned long const, std::__1::unique_ptr<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry, std::__1::default_delete<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry> > >::~pair() + 21 (utility:312)
36 org.chromium.ContentShell.framework 0x0000000112d99655 std::__1::__tree<std::__1::__value_type<unsigned long, std::__1::unique_ptr<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry, std::__1::default_delete<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry> > >, std::__1::__map_value_compare<unsigned long, std::__1::__value_type<unsigned long, std::__1::unique_ptr<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry, std::__1::default_delete<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry> > >, std::__1::less<unsigned long>, true>, std::__1::allocator<std::__1::__value_type<unsigned long, std::__1::unique_ptr<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry, std::__1::default_delete<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry> > > > >::destroy(std::__1::__tree_node<std::__1::__value_type<unsigned long, std::__1::unique_ptr<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry, std::__1::default_delete<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry> > >, void*>*) + 213 (__tree:1834)
37 org.chromium.ContentShell.framework 0x0000000112d995e8 std::__1::__tree<std::__1::__value_type<unsigned long, std::__1::unique_ptr<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry, std::__1::default_delete<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry> > >, std::__1::__map_value_compare<unsigned long, std::__1::__value_type<unsigned long, std::__1::unique_ptr<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry, std::__1::default_delete<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry> > >, std::__1::less<unsigned long>, true>, std::__1::allocator<std::__1::__value_type<unsigned long, std::__1::unique_ptr<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry, std::__1::default_delete<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry> > > > >::destroy(std::__1::__tree_node<std::__1::__value_type<unsigned long, std::__1::unique_ptr<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry, std::__1::default_delete<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry> > >, void*>*) + 104 (__tree:1831)
38 org.chromium.ContentShell.framework 0x0000000112d9a386 std::__1::__tree<std::__1::__value_type<unsigned long, std::__1::unique_ptr<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry, std::__1::default_delete<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry> > >, std::__1::__map_value_compare<unsigned long, std::__1::__value_type<unsigned long, std::__1::unique_ptr<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry, std::__1::default_delete<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry> > >, std::__1::less<unsigned long>, true>, std::__1::allocator<std::__1::__value_type<unsigned long, std::__1::unique_ptr<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry, std::__1::default_delete<mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::Entry> > > > >::clear() + 102 (__tree:1870)
39 org.chromium.ContentShell.framework 0x0000000112d983b1 mojo::BindingSetBase<ui::mojom::Gpu, mojo::Binding<ui::mojom::Gpu, mojo::RawPtrImplRefTraits<ui::mojom::Gpu> >, void>::CloseAllBindings() + 33 (binding_set.h:126)
40 org.chromium.ContentShell.framework 0x0000000112d98351 content::GpuClient::~GpuClient() + 49 (gpu_client.cc:25)
41 org.chromium.ContentShell.framework 0x0000000112d98415 content::GpuClient::~GpuClient() + 21 (gpu_client.cc:26)
42 org.chromium.ContentShell.framework 0x0000000112d98439 content::GpuClient::~GpuClient() + 25 (gpu_client.cc:23)
43 org.chromium.ContentShell.framework 0x000000011355af8b base::DeleteHelper<content::GpuClient>::DoDelete(void const*) + 43 (sequenced_task_runner_helpers.h:25)
44 org.chromium.ContentShell.framework 0x00000001160d7e05 void base::internal::FunctorTraits<void (*)(void const*), void>::Invoke<void const*>(void (*)(void const*), void const*&&) + 37 (bind_internal.h:164)
45 org.chromium.ContentShell.framework 0x00000001160d7da0 void base::internal::InvokeHelper<false, void>::MakeItSo<void (*)(void const*), void const*>(void (*&&)(void const*), void const*&&) + 48 (bind_internal.h:275)
46 org.chromium.ContentShell.framework 0x00000001160d7d60 void base::internal::Invoker<base::internal::BindState<void (*)(void const*), void const*>, void ()>::RunImpl<void (*)(void const*), std::__1::tuple<void const*>, 0ul>(void (*&&)(void const*), std::__1::tuple<void const*>&&, base::IndexSequence<0ul>) + 80 (bind_internal.h:351)
47 org.chromium.ContentShell.framework 0x00000001160d7cb9 base::internal::Invoker<base::internal::BindState<void (*)(void const*), void const*>, void ()>::RunOnce(base::internal::BindStateBase*) + 57 (bind_internal.h:316)
48 org.chromium.ContentShell.framework 0x00000001108640bf base::Callback<void (), (base::internal::CopyMode)0, (base::internal::RepeatMode)0>::Run() + 95 (callback.h:91)
49 org.chromium.ContentShell.framework 0x0000000115f1c3f0 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) + 1040 (task_annotator.cc:59)
50 org.chromium.ContentShell.framework 0x0000000115fe790e base::MessageLoop::RunTask(base::PendingTask*) + 894 (message_loop.cc:425)
51 org.chromium.ContentShell.framework 0x0000000115fe7e17 base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) + 71 (message_loop.cc:439)
52 org.chromium.ContentShell.framework 0x0000000115fe8cfb base::MessageLoop::DoWork() + 715 (message_loop.cc:543)
53 org.chromium.ContentShell.framework 0x0000000115ffac8f base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) + 271 (message_pump_libevent.cc:220)
54 org.chromium.ContentShell.framework 0x0000000115fe71cb base::MessageLoop::Run() + 299 (message_loop.cc:372)
55 org.chromium.ContentShell.framework 0x00000001160cce3e base::RunLoop::Run() + 286 (run_loop.cc:111)
56 org.chromium.ContentShell.framework 0x00000001161c0a35 base::Thread::Run(base::RunLoop*) + 405 (thread.cc:255)
57 org.chromium.ContentShell.framework 0x00000001126cd607 content::BrowserThreadImpl::IOThreadRun(base::RunLoop*) + 71 (browser_thread_impl.cc:278)
58 org.chromium.ContentShell.framework 0x00000001126cd90c content::BrowserThreadImpl::Run(base::RunLoop*) + 588 (browser_thread_impl.cc:313)
59 org.chromium.ContentShell.framework 0x00000001161c16f3 base::Thread::ThreadMain() + 2403 (thread.cc:338)
60 org.chromium.ContentShell.framework 0x000000011619b188 base::(anonymous namespace)::ThreadFunc(void*) + 632 (platform_thread_posix.cc:73)
61 libsystem_pthread.dylib 0x00007fffe202c93b _pthread_body + 180
62 libsystem_pthread.dylib 0x00007fffe202c887 _pthread_start + 286
63 libsystem_pthread.dylib 0x00007fffe202c08d thread_start + 13
amit99531
Newbie
 
Posts: 3
Joined: Fri Aug 17, 2018 3:35 am
Top

Re: CEF crashing while closing CEF application

Postby magreenblatt » Fri Aug 17, 2018 11:13 am

What OS and CEF version? Does the crash reproduce with the CEF sample applications? Are you calling CefShutdown before exiting your application? See the samples for correct shutdown handling.
magreenblatt
Site Admin
 
Posts: 12409
Joined: Fri May 29, 2009 6:57 pm
Top

Re: CEF crashing while closing CEF application

Postby amit99531 » Tue Oct 09, 2018 12:46 am

sorry for replying late, I am using mac 10.12.6 and cef version 3.0.3163. I am trying to reproduce it with cefclient sample app. I am calling cefshutdown in the main function just before it exit. I suspect that it might be crashing because parent window of the cef process is being closed before the process is killed. I am trying to validate this hypothesis.
amit99531
Newbie
 
Posts: 3
Joined: Fri Aug 17, 2018 3:35 am
Top

Re: CEF crashing while closing CEF application

Postby magreenblatt » Tue Oct 09, 2018 2:37 am

3163 is quite old. I suggest using a supported version: https://bitbucket.org/chromiumembedded/ ... -supported
magreenblatt
Site Admin
 
Posts: 12409
Joined: Fri May 29, 2009 6:57 pm
Top

Re: CEF crashing while closing CEF application

Postby amit99531 » Thu Oct 11, 2018 5:09 am

I can not update it to the latest version now. It will be helpful if you can point me in a direction to solve this bug. Earlier you were saying that we might not be using cefshutdown properly, but I am also observingthis issue while calling cefshutdown itself. Following are stack trace

Crashed Thread: 0 CrBrowserMain Dispatch queue: com.apple.main-thread

Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY

Application Specific Information:
abort() called
*** error for object 0x7fbce7ca88c8: incorrect checksum for freed object - object was probably modified after being freed.


Thread 0 Crashed:: CrBrowserMain Dispatch queue: com.apple.main-thread
0 libsystem_kernel.dylib 0x00007fff58483b6e __pthread_kill + 10
1 libsystem_pthread.dylib 0x00007fff5864e080 pthread_kill + 333
2 libsystem_c.dylib 0x00007fff583df24d __abort + 144
3 libsystem_c.dylib 0x00007fff583df1bd abort + 142
4 libsystem_malloc.dylib 0x00007fff584e8ad4 szone_error + 596
5 libsystem_malloc.dylib 0x00007fff584de721 tiny_free_list_remove_ptr + 298
6 libsystem_malloc.dylib 0x00007fff584f3692 tiny_free_no_lock + 370
7 libsystem_malloc.dylib 0x00007fff584f4256 free_tiny + 628
8 org.chromium.ContentShell.framework 0x000000011a38f74e base::allocator::(anonymous namespace)::FreeDefiniteSizeImpl(base::allocator::AllocatorDispatch const*, void*, unsigned long, void*) + 62
9 org.chromium.ContentShell.framework 0x000000011a38ef27 ShimFreeDefiniteSize + 55
10 org.chromium.ContentShell.framework 0x000000011a38eedc base::allocator::MallocZoneFunctionsToReplaceDefault()::$_9::operator()(_malloc_zone_t*, void*, unsigned long) const + 44
11 org.chromium.ContentShell.framework 0x000000011a38eea8 base::allocator::MallocZoneFunctionsToReplaceDefault()::$_9::__invoke(_malloc_zone_t*, void*, unsigned long) + 40
12 org.chromium.ContentShell.framework 0x000000011a38f74e base::allocator::(anonymous namespace)::FreeDefiniteSizeImpl(base::allocator::AllocatorDispatch const*, void*, unsigned long, void*) + 62
13 org.chromium.ContentShell.framework 0x000000011a38ef27 ShimFreeDefiniteSize + 55
14 org.chromium.ContentShell.framework 0x000000011a38eedc base::allocator::MallocZoneFunctionsToReplaceDefault()::$_9::operator()(_malloc_zone_t*, void*, unsigned long) const + 44
15 org.chromium.ContentShell.framework 0x000000011a38eea8 base::allocator::MallocZoneFunctionsToReplaceDefault()::$_9::__invoke(_malloc_zone_t*, void*, unsigned long) + 40
16 org.chromium.ContentShell.framework 0x0000000119b6bc22 CefSSLHostStateDelegate::~CefSSLHostStateDelegate() + 34
17 org.chromium.ContentShell.framework 0x0000000119994240 CefBrowserContextImpl::~CefBrowserContextImpl() + 2080
18 org.chromium.ContentShell.framework 0x0000000119995a15 CefBrowserContextImpl::~CefBrowserContextImpl() + 21
19 org.chromium.ContentShell.framework 0x0000000119995a59 CefBrowserContextImpl::~CefBrowserContextImpl() + 25
20 org.chromium.ContentShell.framework 0x0000000119997adb CefBrowserContextImpl::RemoveCefRequestContext(CefRequestContextImpl*) + 379
21 org.chromium.ContentShell.framework 0x0000000119b5a5d2 CefRequestContextImpl::~CefRequestContextImpl() + 370
22 org.chromium.ContentShell.framework 0x0000000119b5a710 CefRequestContextImpl::~CefRequestContextImpl() + 32
23 org.chromium.ContentShell.framework 0x0000000119b5a769 CefRequestContextImpl::~CefRequestContextImpl() + 25
24 org.chromium.ContentShell.framework 0x0000000119b60d4f void content::BrowserThread::DeleteOnThread<(content::BrowserThread::ID)0>::Destruct<CefRequestContextImpl>(CefRequestContextImpl const*) + 79
25 org.chromium.ContentShell.framework 0x0000000119b5fd8b CefRequestContextImpl::Release() const + 59
26 org.chromium.ContentShell.framework 0x00000001199cc836 scoped_refptr<CefRequestContextImpl>::Release(CefRequestContextImpl*) + 22
27 org.chromium.ContentShell.framework 0x0000000119a34902 scoped_refptr<CefRequestContextImpl>::operator=(CefRequestContextImpl*) + 82
28 org.chromium.ContentShell.framework 0x00000001199febaa CefBrowserMainParts::PostMainMessageLoopRun() + 42
29 org.chromium.ContentShell.framework 0x000000011673e010 content::BrowserMainLoop::ShutdownThreadsAndCleanUp() + 896
30 org.chromium.ContentShell.framework 0x00000001167489c5 content::BrowserMainRunnerImpl::Shutdown() + 2389
31 org.chromium.ContentShell.framework 0x0000000119bc021e CefMainDelegate::ShutdownBrowser() + 158
32 org.chromium.ContentShell.framework 0x0000000119a28e98 CefContext::FinalizeShutdown() + 120
33 org.chromium.ContentShell.framework 0x0000000119a27bde CefContext::Shutdown() + 510
34 org.chromium.ContentShell.framework 0x0000000119a278f2 CefShutdown() + 354
35 org.chromium.ContentShell.framework 0x00000001137b98ae cef_shutdown + 30
36 com.adobe.cep.CEPHtmlEngine 0x000000010488c62e CefShutdown() + 30
37 com.adobe.cep.CEPHtmlEngine 0x00000001043abd8c main + 9708
38 libdyld.dylib 0x00007fff58333015 start + 1
amit99531
Newbie
 
Posts: 3
Joined: Fri Aug 17, 2018 3:35 am
Top

Re: CEF crashing while closing CEF application

Postby magreenblatt » Thu Oct 11, 2018 5:16 am

amit99531 wrote:incorrect checksum for freed object - object was probably modified after being freed.

That sounds like a possible use after free. I don't recognize the crash so unfortunately I can't point you to a possible solution. You're using an old/unsupported version and will need to debug the problem yourself.
magreenblatt
Site Admin
 
Posts: 12409
Joined: Fri May 29, 2009 6:57 pm
Top

Re: CEF crashing while closing CEF application

Postby ndesktop » Thu Oct 11, 2018 6:19 am

Start from CefSSLHostStateDelegate destructor. Looks like UAF or double free to me as well.
ndesktop
Master
 
Posts: 756
Joined: Thu Dec 03, 2015 10:10 am
Top

Re: CEF crashing while closing CEF application

Postby Panneerselvam » Thu Jul 18, 2019 10:15 am

I too encounter the same issue with branch 3163, was there a fix available for this issue? If yes, please share the fix, it would be a great help, Thanks!!!
Panneerselvam
Techie
 
Posts: 15
Joined: Thu May 29, 2014 3:36 am
Top
Post a reply

Return to Support Forum

Who is online

Users browsing this forum: No registered users and 91 guests

Powered by phpBB® Forum Software © phpBB Group