CEF 80: crash on window.open in OSR mode with new client

Issue #2894 resolved
Vladislav created an issue

Setting windowless mode and a new client in the OnBeforePopup causes a crash.

Environment: Windows 10 x64, CEF 80.0.4, CEF (master)

Reproduction:

  1. Add the attached unit test to the navigation_unittest.cc file.
  2. Run ceftests.exe --gtest_filter=NavigationTest.OsrPopupJSOtherClient

Stack trace:

[0304/223218.799:FATAL:render_widget_host_view_osr.cc(1458)] Check failed: browser.
Backtrace:
        base::debug::CollectStackTrace [0x00007FF8C856DC82+18] (c:\code\chromium_git\chromium\src\base\debug\stack_trace_win.cc:284)
        logging::LogMessage::~LogMessage [0x00007FF8C84C08A8+184] (c:\code\chromium_git\chromium\src\base\logging.cc:628)
        CefRenderWidgetHostViewOSR::SetFrameRate [0x00007FF8CB955ADC+140] (c:\code\chromium_git\chromium\src\cef\libcef\browser\osr\render_widget_host_view_osr.cc:1458)
        CefRenderWidgetHostViewOSR::UpdateFrameRate [0x00007FF8CB953C92+24] (c:\code\chromium_git\chromium\src\cef\libcef\browser\osr\render_widget_host_view_osr.cc:1390)
        CefRenderWidgetHostViewOSR::Show [0x00007FF8CB953AF5+367] (c:\code\chromium_git\chromium\src\cef\libcef\browser\osr\render_widget_host_view_osr.cc:369)
        content::WebContentsImpl::CreateNewWindow [0x00007FF8C725E248+1096] (c:\code\chromium_git\chromium\src\content\browser\web_contents\web_contents_impl.cc:2928)
        content::RenderFrameHostImpl::CreateNewWindow [0x00007FF8C701642D+1035] (c:\code\chromium_git\chromium\src\content\browser\frame_host\render_frame_host_impl.cc:4434)
        content::mojom::FrameHostStubDispatch::AcceptWithResponder [0x00007FF8C692A59A+316] (c:\code\chromium_git\chromium\src\out\Release_GN_x64\gen\content\common\frame.mojom.cc:5857)
        content::mojom::FrameHostStub<mojo::RawPtrImplRefTraits<content::mojom::FrameHost> >::AcceptWithResponder [0x00007FF8C706490C+58] (c:\code\chromium_git\chromium\src\out\Release_GN_x64\gen\content\common\frame.mojom.h:876)
        mojo::InterfaceEndpointClient::HandleValidatedMessage [0x00007FF8C85C32A1+527] (c:\code\chromium_git\chromium\src\mojo\public\cpp\bindings\lib\interface_endpoint_client.cc:528)
        mojo::MessageDispatcher::Accept [0x00007FF8C9751315+101] (c:\code\chromium_git\chromium\src\mojo\public\cpp\bindings\lib\message_dispatcher.cc:46)
        IPC::`anonymous namespace'::ChannelAssociatedGroupController::AcceptSyncMessage [0x00007FF8C980EE7B+331] (c:\code\chromium_git\chromium\src\ipc\ipc_mojo_bootstrap.cc:965)
        base::TaskAnnotator::RunTask [0x00007FF8C850E811+289] (c:\code\chromium_git\chromium\src\base\task\common\task_annotator.cc:142)
        base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl [0x00007FF8C851FD19+313] (c:\code\chromium_git\chromium\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc:366)
        base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoSomeWork [0x00007FF8C851FA1C+92] (c:\code\chromium_git\chromium\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc:221)
        base::MessagePumpForUI::DoRunLoop [0x00007FF8C8573A04+196] (c:\code\chromium_git\chromium\src\base\message_loop\message_pump_win.cc:219)
        base::MessagePumpWin::Run [0x00007FF8C857317E+78] (c:\code\chromium_git\chromium\src\base\message_loop\message_pump_win.cc:77)
        base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run [0x00007FF8C85205C6+134] (c:\code\chromium_git\chromium\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc:463)
        base::RunLoop::Run [0x00007FF8C84F4A4E+430] (c:\code\chromium_git\chromium\src\base\run_loop.cc:158)
        CefRunMessageLoop [0x00007FF8C84767DE+76] (c:\code\chromium_git\chromium\src\cef\libcef\browser\context.cc:308)
        client::MainMessageLoopStd::Run [0x00007FF7693B2EB9+9] (c:\code\chromium_git\chromium\src\cef\tests\shared\browser\main_message_loop_std.cc:15)
        main [0x00007FF7695847AD+933] (c:\code\chromium_git\chromium\src\cef\tests\ceftests\run_all_unittests.cc:219)
        __scrt_common_main_seh [0x00007FF7697E30C8+268] (d:\agent\_work\5\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288)
        BaseThreadInitThunk [0x00007FF946057BD4+20]
        RtlUserThreadStart [0x00007FF947ECCED1+33]
Task trace:
Backtrace:
        IPC::`anonymous namespace'::ChannelAssociatedGroupController::Accept [0x00007FF8C980CD94+986] (c:\code\chromium_git\chromium\src\ipc\ipc_mojo_bootstrap.cc:881)
        mojo::SimpleWatcher::Context::Notify [0x00007FF8C85D1DFE+288] (c:\code\chromium_git\chromium\src\mojo\public\cpp\system\simple_watcher.cc:120)
IPC message handler context: 0xFC2B8563

No problem with --disable-gpu-compositing

Comments (7)

  1. Log in to comment