Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crashes when opening a downloaded pdf #3750

Closed
MichelFionfray opened this issue Jul 19, 2024 · 3 comments
Closed

Crashes when opening a downloaded pdf #3750

MichelFionfray opened this issue Jul 19, 2024 · 3 comments
Labels
bug Bug report

Comments

@MichelFionfray
Copy link

Describe the bug
Downloading then opening a pdf file makes CEF crash. We get the following entry in debug.log:
[0719/154357.911:ERROR:crashpad_client_win.cc(868)] not connected

To Reproduce
Steps to reproduce the behavior with either cefclient or cefsimple:

  1. Go to an online pdf generator, for example https://www.ilovepdf.com/jpg_to_pdf
  2. Download the file and open it from either the top-right popup appearing after download is complete, or from the "recent download history" panel accessible if you're running cefclient (both methods are equivalent)
  3. The browser crashes and shuts down

Expected behavior
Expected behavior is to open the file in the pdf reader

Versions (please complete the following information):

  • OS: Windows 10
  • CEF Version: 126.2.18 (also 126.2.0)

Additional context
The problem occurs with both cefclient and cefsimple, in debug and release.
@MichelFionfray MichelFionfray added the bug Bug report label Jul 19, 2024
@magreenblatt
Copy link
Collaborator

Looks like another example of #3720.

[2797:259:0719/114135.570207:ERROR:file_dialog_manager.cc(402)] Multiple simultaneous dialogs are not supported; canceling the file dialog
[2797:259:0719/114136.381325:ERROR:partition_alloc_support.cc(687)] Detected dangling raw_ptr with id=0x00000110055d7c58:
[DanglingSignature]	CefSelectFileDialogListener::~CefSelectFileDialogListener()	FileSelectHelper::GetFileTypesInThreadPool(mojo::StructPtr<blink::mojom::FileChooserParams>)	void	FileSelectHelper::GetFileTypesInThreadPool(mojo::StructPtr<blink::mojom::FileChooserParams>)

The memory was freed at:
0   Chromium Embedded Framework         0x00000003d48d2b68 base::debug::CollectStackTrace(void const**, unsigned long) + 48
1   Chromium Embedded Framework         0x00000003d48a08c0 base::debug::StackTrace::StackTrace(unsigned long) + 112
2   Chromium Embedded Framework         0x00000003d48a0968 base::debug::StackTrace::StackTrace(unsigned long) + 36
3   Chromium Embedded Framework         0x00000003d48e17b0 base::allocator::(anonymous namespace)::DanglingRawPtrDetected(unsigned long) + 516
4   Chromium Embedded Framework         0x00000003bfb2f644 partition_alloc::internal::InSlotMetadata::CheckDanglingPointersOnFree(unsigned long long) + 116
5   Chromium Embedded Framework         0x00000003bfb30918 partition_alloc::internal::InSlotMetadata::ReleaseFromAllocator() + 152
6   Chromium Embedded Framework         0x00000003bfb2db80 partition_alloc::PartitionRoot::FreeNoHooksImmediate(void*, partition_alloc::internal::SlotSpanMetadata*, unsigned long) + 652
7   Chromium Embedded Framework         0x00000003d49f12bc void partition_alloc::PartitionRoot::FreeInline<(partition_alloc::internal::FreeFlags)2>(void*) + 408
8   Chromium Embedded Framework         0x00000003d9dfa3f0 gwp_asan::internal::(anonymous namespace)::FreeFn(allocator_shim::AllocatorDispatch const*, void*, void*) + 100
9   Chromium Embedded Framework         0x00000003d3da18fc base::allocator::dispatcher::internal::DispatcherImpl<base::PoissonAllocationSampler>::FreeFn(allocator_shim::AllocatorDispatch const*, void*, void*) + 64
10  Chromium Embedded Framework         0x00000003bfb72714 CefSelectFileDialogListener::~CefSelectFileDialogListener() + 36
11  Chromium Embedded Framework         0x00000003bfb728a8 CefSelectFileDialogListener::Destroy() + 60
12  Chromium Embedded Framework         0x00000003bfb6b91c CefSelectFileDialogListener::Cancel(bool) + 64
13  Chromium Embedded Framework         0x00000003bfb684e0 CefFileDialogManager::SelectFileDoneByListenerCallback(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, bool) + 736
14  Chromium Embedded Framework         0x00000003bfb6acdc CefFileDialogManager::SelectFileListenerDestroyed(ui::SelectFileDialog::Listener*) + 312
15  Chromium Embedded Framework         0x00000003bfaa72b8 CefBrowserHostBase::SelectFileListenerDestroyed(ui::SelectFileDialog::Listener*) + 64
16  Chromium Embedded Framework         0x00000003bfb7b5ec (anonymous namespace)::CefSelectFileDialog::ListenerDestroyed() + 80
17  Chromium Embedded Framework         0x00000003da969fd0 FileSelectHelper::RunFileChooserEnd() + 172
18  Chromium Embedded Framework         0x00000003da96a44c FileSelectHelper::FileSelectionCanceled(void*) + 28
19  Chromium Embedded Framework         0x00000003bfb6a624 CefFileDialogManager::SelectFileDoneByDelegateCallback(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 340
20  Chromium Embedded Framework         0x00000003bfb700d0 void base::internal::DecayedFunctorTraits<void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>&&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*>::Invoke<void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager> const&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&>(void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager> const&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>&&, void*&&, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 208
21  Chromium Embedded Framework         0x00000003bfb6ff54 void base::internal::InvokeHelper<true, base::internal::FunctorTraits<void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>&&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*>, void, 0ul, 1ul, 2ul>::MakeItSo<void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), std::__Cr::tuple<base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&>(void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), std::__Cr::tuple<base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>&&, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 204
22  Chromium Embedded Framework         0x00000003bfb6fe7c void base::internal::Invoker<base::internal::FunctorTraits<void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>&&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*>, base::internal::BindState<true, true, false, void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>, void (std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&)>::RunImpl<void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), std::__Cr::tuple<base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>, 0ul, 1ul, 2ul>(void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), std::__Cr::tuple<base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>&&, std::__Cr::integer_sequence<unsigned long, 0ul, 1ul, 2ul>, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 40
23  Chromium Embedded Framework         0x00000003bfb6fde4 base::internal::Invoker<base::internal::FunctorTraits<void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>&&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*>, base::internal::BindState<true, true, false, void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>, void (std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&)>::RunOnce(base::internal::BindStateBase*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 60
24  Chromium Embedded Framework         0x00000003bfaa6f68 base::OnceCallback<void (std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&)>::Run(std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) && + 244
25  Chromium Embedded Framework         0x00000003bfb69d10 CefFileDialogManager::RunSelectFile(ui::SelectFileDialog::Listener*, std::__Cr::unique_ptr<ui::SelectFilePolicy, std::__Cr::default_delete<ui::SelectFilePolicy>>, ui::SelectFileDialog::Type, std::__Cr::basic_string<char16_t, std::__Cr::char_traits<char16_t>, std::__Cr::allocator<char16_t>> const&, base::FilePath const&, ui::SelectFileDialog::FileTypeInfo const*, int, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&, gfx::NativeWindow, void*) + 840
26  Chromium Embedded Framework         0x00000003bfaa71d8 CefBrowserHostBase::RunSelectFile(ui::SelectFileDialog::Listener*, std::__Cr::unique_ptr<ui::SelectFilePolicy, std::__Cr::default_delete<ui::SelectFilePolicy>>, ui::SelectFileDialog::Type, std::__Cr::basic_string<char16_t, std::__Cr::char_traits<char16_t>, std::__Cr::allocator<char16_t>> const&, base::FilePath const&, ui::SelectFileDialog::FileTypeInfo const*, int, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&, gfx::NativeWindow, void*) + 388
27  Chromium Embedded Framework         0x00000003bfb7bb50 (anonymous namespace)::CefSelectFileDialog::SelectFileImpl(ui::SelectFileDialog::Type, std::__Cr::basic_string<char16_t, std::__Cr::char_traits<char16_t>, std::__Cr::allocator<char16_t>> const&, base::FilePath const&, ui::SelectFileDialog::FileTypeInfo const*, int, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&, gfx::NativeWindow, void*, GURL const*) + 1256
28  Chromium Embedded Framework         0x00000003d9d71fe4 ui::SelectFileDialog::SelectFile(ui::SelectFileDialog::Type, std::__Cr::basic_string<char16_t, std::__Cr::char_traits<char16_t>, std::__Cr::allocator<char16_t>> const&, base::FilePath const&, ui::SelectFileDialog::FileTypeInfo const*, int, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&, gfx::NativeWindow, void*, GURL const*) + 500
29  Chromium Embedded Framework         0x00000003da96de6c FileSelectHelper::RunFileChooserOnUIThread(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>) + 1012
30  Chromium Embedded Framework         0x00000003da96e068 FileSelectHelper::ProceedWithSafeBrowsingVerdict(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool) + 120
31  Chromium Embedded Framework         0x00000003da975434 void base::internal::DecayedFunctorTraits<void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), FileSelectHelper*&&, base::FilePath&&, mojo::StructPtr<blink::mojom::FileChooserParams>&&>::Invoke<void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), scoped_refptr<FileSelectHelper>, base::FilePath, mojo::StructPtr<blink::mojom::FileChooserParams>, bool>(void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), scoped_refptr<FileSelectHelper>&&, base::FilePath&&, mojo::StructPtr<blink::mojom::FileChooserParams>&&, bool&&) + 220

Task trace:
0   Chromium Embedded Framework         0x00000003da96d348 FileSelectHelper::GetFileTypesInThreadPool(mojo::StructPtr<blink::mojom::FileChooserParams>) + 236
1   Chromium Embedded Framework         0x00000003da96cd8c FileSelectHelper::RunFileChooser(content::RenderFrameHost*, scoped_refptr<content::FileSelectListener>, mojo::StructPtr<blink::mojom::FileChooserParams>) + 1044
2   Chromium Embedded Framework         0x00000003bfb6139c (anonymous namespace)::CefBeforeDownloadCallbackImpl::GenerateFilename(base::WeakPtr<content::DownloadManager>, unsigned int, base::FilePath const&, base::FilePath const&, bool, base::OnceCallback<void (download::DownloadTargetInfo)>) + 528
3   Chromium Embedded Framework         0x00000003bfb60e6c (anonymous namespace)::CefBeforeDownloadCallbackImpl::Continue(CefStringBase<CefStringTraitsUTF16> const&, bool) + 184
4   Chromium Embedded Framework         0x00000003c9126d7c download::DownloadFileImpl::Initialize(base::RepeatingCallback<void (download::DownloadInterruptReason, long long)>, base::RepeatingCallback<void (long long)>, std::__Cr::vector<download::DownloadItem::ReceivedSlice, std::__Cr::allocator<download::DownloadItem::ReceivedSlice>> const&) + 988
Task trace buffer limit hit, update PendingTask::kTaskBacktraceLength to increase.

The dangling raw_ptr was released at:
0   Chromium Embedded Framework         0x00000003d48d2b68 base::debug::CollectStackTrace(void const**, unsigned long) + 48
1   Chromium Embedded Framework         0x00000003d48a08c0 base::debug::StackTrace::StackTrace(unsigned long) + 112
2   Chromium Embedded Framework         0x00000003d48a0968 base::debug::StackTrace::StackTrace(unsigned long) + 36
3   Chromium Embedded Framework         0x00000003d48e1bf4 void base::allocator::(anonymous namespace)::DanglingRawPtrReleased<(base::features::DanglingPtrMode)0, (base::features::DanglingPtrType)0>(unsigned long) + 80
4   Chromium Embedded Framework         0x00000003d49e8c68 base::internal::RawPtrBackupRefImpl<false, false>::ReleaseInternal(unsigned long) + 448
5   Chromium Embedded Framework         0x00000003bfb6ed0c void base::internal::RawPtrBackupRefImpl<false, false>::ReleaseWrappedPtr<ui::SelectFileDialog::Listener>(ui::SelectFileDialog::Listener*) + 212
6   Chromium Embedded Framework         0x00000003bfb72c10 base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)0>::operator=(std::nullptr_t) + 36
7   Chromium Embedded Framework         0x00000003d9d761cc ui::SelectFileDialogImpl::ListenerDestroyed() + 32
8   Chromium Embedded Framework         0x00000003bfb684f8 CefFileDialogManager::SelectFileDoneByListenerCallback(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, bool) + 760
9   Chromium Embedded Framework         0x00000003bfb6acdc CefFileDialogManager::SelectFileListenerDestroyed(ui::SelectFileDialog::Listener*) + 312
10  Chromium Embedded Framework         0x00000003bfaa72b8 CefBrowserHostBase::SelectFileListenerDestroyed(ui::SelectFileDialog::Listener*) + 64
11  Chromium Embedded Framework         0x00000003bfb7b5ec (anonymous namespace)::CefSelectFileDialog::ListenerDestroyed() + 80
12  Chromium Embedded Framework         0x00000003da969fd0 FileSelectHelper::RunFileChooserEnd() + 172
13  Chromium Embedded Framework         0x00000003da96a44c FileSelectHelper::FileSelectionCanceled(void*) + 28
14  Chromium Embedded Framework         0x00000003bfb6a624 CefFileDialogManager::SelectFileDoneByDelegateCallback(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 340
15  Chromium Embedded Framework         0x00000003bfb700d0 void base::internal::DecayedFunctorTraits<void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>&&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*>::Invoke<void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager> const&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&>(void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager> const&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>&&, void*&&, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 208
16  Chromium Embedded Framework         0x00000003bfb6ff54 void base::internal::InvokeHelper<true, base::internal::FunctorTraits<void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>&&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*>, void, 0ul, 1ul, 2ul>::MakeItSo<void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), std::__Cr::tuple<base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&>(void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), std::__Cr::tuple<base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>&&, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 204
17  Chromium Embedded Framework         0x00000003bfb6fe7c void base::internal::Invoker<base::internal::FunctorTraits<void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>&&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*>, base::internal::BindState<true, true, false, void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>, void (std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&)>::RunImpl<void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), std::__Cr::tuple<base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>, 0ul, 1ul, 2ul>(void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), std::__Cr::tuple<base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>&&, std::__Cr::integer_sequence<unsigned long, 0ul, 1ul, 2ul>, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 40
18  Chromium Embedded Framework         0x00000003bfb6fde4 base::internal::Invoker<base::internal::FunctorTraits<void (CefFileDialogManager::*&&)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>&&, base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*>, base::internal::BindState<true, true, false, void (CefFileDialogManager::*)(base::raw_ptr<ui::SelectFileDialog::Listener, (partition_alloc::internal::RawPtrTraits)1>, void*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&), base::WeakPtr<CefFileDialogManager>, base::internal::UnretainedWrapper<ui::SelectFileDialog::Listener, base::unretained_traits::MayDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<void, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>>, void (std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&)>::RunOnce(base::internal::BindStateBase*, std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) + 60
19  Chromium Embedded Framework         0x00000003bfaa6f68 base::OnceCallback<void (std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&)>::Run(std::__Cr::vector<base::FilePath, std::__Cr::allocator<base::FilePath>> const&) && + 244
20  Chromium Embedded Framework         0x00000003bfb69d10 CefFileDialogManager::RunSelectFile(ui::SelectFileDialog::Listener*, std::__Cr::unique_ptr<ui::SelectFilePolicy, std::__Cr::default_delete<ui::SelectFilePolicy>>, ui::SelectFileDialog::Type, std::__Cr::basic_string<char16_t, std::__Cr::char_traits<char16_t>, std::__Cr::allocator<char16_t>> const&, base::FilePath const&, ui::SelectFileDialog::FileTypeInfo const*, int, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&, gfx::NativeWindow, void*) + 840
21  Chromium Embedded Framework         0x00000003bfaa71d8 CefBrowserHostBase::RunSelectFile(ui::SelectFileDialog::Listener*, std::__Cr::unique_ptr<ui::SelectFilePolicy, std::__Cr::default_delete<ui::SelectFilePolicy>>, ui::SelectFileDialog::Type, std::__Cr::basic_string<char16_t, std::__Cr::char_traits<char16_t>, std::__Cr::allocator<char16_t>> const&, base::FilePath const&, ui::SelectFileDialog::FileTypeInfo const*, int, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&, gfx::NativeWindow, void*) + 388
22  Chromium Embedded Framework         0x00000003bfb7bb50 (anonymous namespace)::CefSelectFileDialog::SelectFileImpl(ui::SelectFileDialog::Type, std::__Cr::basic_string<char16_t, std::__Cr::char_traits<char16_t>, std::__Cr::allocator<char16_t>> const&, base::FilePath const&, ui::SelectFileDialog::FileTypeInfo const*, int, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&, gfx::NativeWindow, void*, GURL const*) + 1256
23  Chromium Embedded Framework         0x00000003d9d71fe4 ui::SelectFileDialog::SelectFile(ui::SelectFileDialog::Type, std::__Cr::basic_string<char16_t, std::__Cr::char_traits<char16_t>, std::__Cr::allocator<char16_t>> const&, base::FilePath const&, ui::SelectFileDialog::FileTypeInfo const*, int, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&, gfx::NativeWindow, void*, GURL const*) + 500
24  Chromium Embedded Framework         0x00000003da96de6c FileSelectHelper::RunFileChooserOnUIThread(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>) + 1012
25  Chromium Embedded Framework         0x00000003da96e068 FileSelectHelper::ProceedWithSafeBrowsingVerdict(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool) + 120
26  Chromium Embedded Framework         0x00000003da975434 void base::internal::DecayedFunctorTraits<void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), FileSelectHelper*&&, base::FilePath&&, mojo::StructPtr<blink::mojom::FileChooserParams>&&>::Invoke<void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), scoped_refptr<FileSelectHelper>, base::FilePath, mojo::StructPtr<blink::mojom::FileChooserParams>, bool>(void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), scoped_refptr<FileSelectHelper>&&, base::FilePath&&, mojo::StructPtr<blink::mojom::FileChooserParams>&&, bool&&) + 220
27  Chromium Embedded Framework         0x00000003da975340 void base::internal::InvokeHelper<false, base::internal::FunctorTraits<void (FileSelectHelper::*&&)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), FileSelectHelper*&&, base::FilePath&&, mojo::StructPtr<blink::mojom::FileChooserParams>&&>, void, 0ul, 1ul, 2ul>::MakeItSo<void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), std::__Cr::tuple<scoped_refptr<FileSelectHelper>, base::FilePath, mojo::StructPtr<blink::mojom::FileChooserParams>>, bool>(void (FileSelectHelper::*&&)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), std::__Cr::tuple<scoped_refptr<FileSelectHelper>, base::FilePath, mojo::StructPtr<blink::mojom::FileChooserParams>>&&, bool&&) + 136
28  Chromium Embedded Framework         0x00000003da9752ac void base::internal::Invoker<base::internal::FunctorTraits<void (FileSelectHelper::*&&)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), FileSelectHelper*&&, base::FilePath&&, mojo::StructPtr<blink::mojom::FileChooserParams>&&>, base::internal::BindState<true, true, false, void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), scoped_refptr<FileSelectHelper>, base::FilePath, mojo::StructPtr<blink::mojom::FileChooserParams>>, void (bool)>::RunImpl<void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), std::__Cr::tuple<scoped_refptr<FileSelectHelper>, base::FilePath, mojo::StructPtr<blink::mojom::FileChooserParams>>, 0ul, 1ul, 2ul>(void (FileSelectHelper::*&&)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), std::__Cr::tuple<scoped_refptr<FileSelectHelper>, base::FilePath, mojo::StructPtr<blink::mojom::FileChooserParams>>&&, std::__Cr::integer_sequence<unsigned long, 0ul, 1ul, 2ul>, bool&&) + 40
29  Chromium Embedded Framework         0x00000003da9751f4 base::internal::Invoker<base::internal::FunctorTraits<void (FileSelectHelper::*&&)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), FileSelectHelper*&&, base::FilePath&&, mojo::StructPtr<blink::mojom::FileChooserParams>&&>, base::internal::BindState<true, true, false, void (FileSelectHelper::*)(base::FilePath const&, mojo::StructPtr<blink::mojom::FileChooserParams>, bool), scoped_refptr<FileSelectHelper>, base::FilePath, mojo::StructPtr<blink::mojom::FileChooserParams>>, void (bool)>::RunOnce(base::internal::BindStateBase*, bool) + 76
30  Chromium Embedded Framework         0x00000003bfa73cac base::OnceCallback<void (bool)>::Run(bool) && + 248
31  Chromium Embedded Framework         0x00000003da96df78 (anonymous namespace)::InterpretSafeBrowsingVerdict(base::OnceCallback<void (bool)>, safe_browsing::DownloadCheckResult) + 64

Task trace:
0   Chromium Embedded Framework         0x00000003da96d348 FileSelectHelper::GetFileTypesInThreadPool(mojo::StructPtr<blink::mojom::FileChooserParams>) + 236
1   Chromium Embedded Framework         0x00000003da96cd8c FileSelectHelper::RunFileChooser(content::RenderFrameHost*, scoped_refptr<content::FileSelectListener>, mojo::StructPtr<blink::mojom::FileChooserParams>) + 1044
2   Chromium Embedded Framework         0x00000003bfb6139c (anonymous namespace)::CefBeforeDownloadCallbackImpl::GenerateFilename(base::WeakPtr<content::DownloadManager>, unsigned int, base::FilePath const&, base::FilePath const&, bool, base::OnceCallback<void (download::DownloadTargetInfo)>) + 528
3   Chromium Embedded Framework         0x00000003bfb60e6c (anonymous namespace)::CefBeforeDownloadCallbackImpl::Continue(CefStringBase<CefStringTraitsUTF16> const&, bool) + 184
4   Chromium Embedded Framework         0x00000003c9126d7c download::DownloadFileImpl::Initialize(base::RepeatingCallback<void (download::DownloadInterruptReason, long long)>, base::RepeatingCallback<void (long long)>, std::__Cr::vector<download::DownloadItem::ReceivedSlice, std::__Cr::allocator<download::DownloadItem::ReceivedSlice>> const&) + 988
Task trace buffer limit hit, update PendingTask::kTaskBacktraceLength to increase.

This was referenced Jul 19, 2024
Closed
Closed
Closed
@magreenblatt magreenblatt changed the title Opening a downloaded pdf makes CEF crash Dangling ptr crash when opening a downloaded pdf Aug 5, 2024
@magreenblatt
Copy link
Collaborator

magreenblatt commented Aug 8, 2024
edited
Loading

I'm seeing a different crash in M128 (Windows 11), failing the DCHECK here.

>	libcef.dll!ChromeBrowserDelegate::OpenURLFromTabEx(content::WebContents * source, const content::OpenURLParams & params, base::OnceCallback<void (content::NavigationHandle &)> & navigation_handle_callback) Line 539	C++
 	libcef.dll!Browser::OpenURLFromTab(content::WebContents * source, const content::OpenURLParams & params, base::OnceCallback<void (content::NavigationHandle &)> navigation_handle_callback) Line 1842	C++
 	libcef.dll!Browser::OpenURL(const content::OpenURLParams & params, base::OnceCallback<void (content::NavigationHandle &)> navigation_handle_callback) Line 1409	C++
 	libcef.dll!ChromeDownloadManagerDelegate::OpenDownload(download::DownloadItem * download) Line 1065	C++
 	libcef.dll!content::DownloadManagerImpl::OpenDownload(download::DownloadItemImpl * download) Line 1323	C++
 	libcef.dll!download::DownloadItemImpl::OpenDownload() Line 740	C++
 	libcef.dll!DownloadItemModel::ExecuteCommand(DownloadCommands * download_commands, DownloadCommands::Command command) Line 988	C++
 	libcef.dll!DownloadCommands::ExecuteCommand(DownloadCommands::Command command) Line 167	C++
 	libcef.dll!DownloadBubbleUIController::ProcessDownloadButtonPress(base::WeakPtr<DownloadUIModel> model, DownloadCommands::Command command, bool is_main_view) Line 342	C++
 	libcef.dll!DownloadBubbleRowView::OnActionButtonPressed(DownloadCommands::Command command, const ui::Event & event) Line 852	C++

This is a new Browser (no WebContents yet) created using ScopedTabbedBrowserDisplayer in ChromeDownloadManagerDelegate::OpenDownload.

The intention of ScopedTabbedBrowserDisplayer is to create a new Browser (with TabStrip) if one does not already exist for the current Profile. CEF-hosted Browsers do not have a TabStrip and consequently don't match this logic.

In the CEF case we should probably route these calls to OnOpenURLFromTab for the source Browser, as would happen in the normal "open in new tab" flow.

@magreenblatt magreenblatt changed the title Dangling ptr crash when opening a downloaded pdf Crashes when opening a downloaded pdf Aug 8, 2024
magreenblatt added a commit that referenced this issue Aug 9, 2024
@magreenblatt
Route Download bubble file open to OnOpenURLFromTab (fixes #3750)
a5544b6 
Some downloaded file types [1] default to opening in a Browser. Open
requests for these file types originating from the Download bubble UI
should route to the source Browser (call OnOpenURLFromTab). If
OnOpenURLFromTab is unhandled proceed with the default Chrome behavior
of opening the URL in a new default Browser.

[1] PDF, html, etc. For the complete list of file types see
ChromeDownloadManagerDelegate::IsOpenInBrowserPreferredForFile.
@magreenblatt
Copy link
Collaborator

The dangling rawptr crash mentioned above appears to be fixed in M128.

magreenblatt added a commit that referenced this issue Aug 9, 2024
@magreenblatt
Route Download bubble file open to OnOpenURLFromTab (fixes #3750)
62b2b5a 
Some downloaded file types [1] default to opening in a Browser. Open
requests for these file types originating from the Download bubble UI
should route to the source Browser (call OnOpenURLFromTab). If
OnOpenURLFromTab is unhandled proceed with the default Chrome behavior
of opening the URL in a new default Browser.

[1] PDF, html, etc. For the complete list of file types see
ChromeDownloadManagerDelegate::IsOpenInBrowserPreferredForFile.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Bug report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@magreenblatt @MichelFionfray