Issue metadata
Sign in to add a comment
|
Windows: Crash in aura::Window::GetRootWindow due to RenderWidgetHostViewAura constructor calling GetWebkitPreferences |
||||||||||||||||||||||
Issue descriptionChrome Version: 60.0.3112.113 OS: Windows 10 64-bit Version 10.0.15063 What steps will reproduce the problem? (1) Create an application using the Content API. (2) Handle the WM_WINDOWPOSCHANGING message sent to the top-level window by calling views::DesktopWindowTreeHostWin::HandleMove() for the child browser window. What is the expected result? The application should not crash. What happens instead? The application crashes with the below call stack. The RenderWidgetHostViewAura constructor calls RenderViewHostImpl::GetWebkitPreferences which calls base::win::IsWindows10TabletMode. IsWindows10TabletMode calls IUIViewSettingsInterop::GetForWindow which results in a WM_WINDOWPOSCHANGING message with SWP_FRAMECHANGED being sent to the foreground window. If handling of this message results in a call to views::DesktopWindowTreeHostWin::HandleMove() then the application crashes. This is because RenderWidgetHostViewAura::CreateAuraWindow has not yet been called so |window_| is NULL when it is accessed from RenderWidgetHostViewAura::GetBoundsInRootWindow. RenderViewHostImpl::GetWebkitPreferences should probably not be called from the RenderWidgetHostViewAura constructor. Maybe move this call to RenderWidgetHostViewAura::CreateAuraWindow? 0 libcef.dll aura::Window::GetRootWindow() y:\work\cef3_git\chromium\src\ui\aura\window.cc:200 1 libcef.dll aura::Window::GetBoundsInRootWindow() y:\work\cef3_git\chromium\src\ui\aura\window.cc:239 2 libcef.dll aura::Window::GetBoundsInScreen() y:\work\cef3_git\chromium\src\ui\aura\window.cc:247 3 libcef.dll content::RenderWidgetHostViewAura::GetBoundsInRootWindow() y:\work\cef3_git\chromium\src\content\browser\renderer_host\render_widget_host_view_aura.cc:977 4 libcef.dll content::WebContentsImpl::SendScreenRects() y:\work\cef3_git\chromium\src\content\browser\web_contents\web_contents_impl.cc:2721 5 libcef.dll content::WebContentsViewAura::WindowObserver::OnHostMovedInPixels(aura::WindowTreeHost const*, gfx::Point const&) y:\work\cef3_git\chromium\src\content\browser\web_contents\web_contents_view_aura.cc:506 6 libcef.dll aura::WindowTreeHost::OnHostMovedInPixels(gfx::Point const&) y:\work\cef3_git\chromium\src\ui\aura\window_tree_host.cc:293 7 libcef.dll views::DesktopWindowTreeHostWin::HandleMove() y:\work\cef3_git\chromium\src\ui\views\widget\desktop_aura\desktop_window_tree_host_win.cc:804 8 libcef.dll CefBrowserHostImpl::NotifyMoveOrResizeStarted() y:\work\cef3_git\chromium\src\cef\libcef\browser\browser_host_impl.cc:1162 9 libcef.dll CefBrowserPlatformDelegateNativeWin::WndProc(HWND__*, unsigned int, unsigned int, long) y:\work\cef3_git\chromium\src\cef\libcef\browser\native\browser_platform_delegate_native_win.cc:625 10 user32.dll _InternalCallWinProc 11 user32.dll UserCallWinProcCheckWow 12 user32.dll SendMessageWorker 13 user32.dll RealDefWindowProcWorker 14 user32.dll RealDefWindowProcW 15 uxtheme.dll _ThemeDefWindowProc(HWND__*, unsigned int, unsigned int, long, int) 16 uxtheme.dll ThemeDefWindowProcW 17 user32.dll DefWindowProcW 18 libcef.dll CefBrowserPlatformDelegateNativeWin::WndProc(HWND__*, unsigned int, unsigned int, long) y:\work\cef3_git\chromium\src\cef\libcef\browser\native\browser_platform_delegate_native_win.cc:637 19 user32.dll _InternalCallWinProc 20 user32.dll UserCallWinProcCheckWow 21 user32.dll DispatchClientMessage 22 user32.dll __fnINLPWINDOWPOS 23 ntdll.dll KiUserCallbackDispatcher 24 ntdll.dll KiUserApcDispatcher (25..27 client application receives WM_WINDOWPOSCHANGING and calls MoveWindow on the browser hwnd) 28 user32.dll _InternalCallWinProc 29 user32.dll UserCallWinProcCheckWow 30 user32.dll DispatchClientMessage 31 user32.dll __fnINOUTLPWINDOWPOS 32 ntdll.dll KiUserCallbackDispatcher 33 ntdll.dll KiUserApcDispatcher 34 uxtheme.dll ThemePostWndProc(HWND__*, unsigned int, unsigned int, long, long*, void**) 35 user32.dll UserCallWinProcCheckWow 36 user32.dll DispatchClientMessage 37 user32.dll __fnINSTRINGNULL 38 ntdll.dll KiUserCallbackDispatcher 39 ntdll.dll KiUserApcDispatcher 40 USER32.dll PeekMessageW 41 combase.dll CCliModalLoop::MyPeekMessage(tagMSG*, HWND__*, unsigned int, unsigned int, unsigned short) onecore\com\combase\dcomrem\callctrl.cxx:3084 42 combase.dll CCliModalLoop::PeekRPCAndDDEMessage() onecore\com\combase\dcomrem\callctrl.cxx:2787 43 combase.dll CCliModalLoop::BlockFn(void**, unsigned long, unsigned long*) onecore\com\combase\dcomrem\callctrl.cxx:2297 44 combase.dll ModalLoop(CSyncClientCall*) onecore\com\combase\dcomrem\chancont.cxx:169 45 combase.dll ClassicSTAThreadWaitForCall(CSyncClientCall*, WaitForCallReason, unsigned long) onecore\com\combase\dcomrem\threadtypespecific.cpp:191 46 combase.dll ThreadSendReceive(tagRPCOLEMESSAGE*, CSyncClientCall*, _GUID const&) onecore\com\combase\dcomrem\channelb.cxx:7416 47 combase.dll CSyncClientCall::SendReceive2(tagRPCOLEMESSAGE*, unsigned long*) onecore\com\combase\dcomrem\channelb.cxx:5764 48 combase.dll ClassicSTAThreadSendReceive(CSyncClientCall*, tagRPCOLEMESSAGE*, unsigned long*) onecore\com\combase\dcomrem\callctrl.cxx:614 49 combase.dll CSyncClientCall::SendReceive(tagRPCOLEMESSAGE*, unsigned long*) onecore\com\combase\dcomrem\ctxchnl.cxx:823 50 combase.dll NdrExtpProxySendReceive(void*, _MIDL_STUB_MESSAGE*) onecore\com\combase\ndr\ndrole\proxy.cxx:1965 51 RPCRT4.dll NdrClientCall2 52 combase.dll ObjectStublessClient onecore\com\combase\ndr\ndrole\i386\stblsclt.cxx:217 53 combase.dll ObjectStubless d:\rs2\onecore\com\combase\ndr\ndrole\i386\stubless.asm:159 54 combase.dll CStdMarshal::RemoteAddRef(tagIPIDEntry*, OXIDEntry*, unsigned long, unsigned long, int) onecore\com\combase\dcomrem\marshal.cxx:7925 55 combase.dll CStdMarshal::MakeCliIPIDEntry(_GUID const&, tagSTDOBJREF*, OXIDEntry*, tagIPIDEntry**) onecore\com\combase\dcomrem\marshal.cxx:2812 56 combase.dll CStdMarshal::UnmarshalIPID(_GUID const&, tagSTDOBJREF*, OXIDEntry*, void**) onecore\com\combase\dcomrem\marshal.cxx:2340 57 combase.dll CStdMarshal::UnmarshalObjRef(tagOBJREF&, void**) onecore\com\combase\dcomrem\marshal.cxx:2208 58 combase.dll UnmarshalSwitch(void*) onecore\com\combase\dcomrem\marshal.cxx:1842 59 combase.dll UnmarshalObjRef(tagOBJREF&, EffectiveUnmarshalingPolicy, void**, int, CStdMarshal**) onecore\com\combase\dcomrem\marshal.cxx:1985 60 combase.dll _CoUnmarshalInterface(IStream*, bool, _GUID const&, void**) onecore\com\combase\dcomrem\coapi.cxx:1730 61 combase.dll CoUnmarshalInterface onecore\com\combase\dcomrem\coapi.cxx:1768 62 twinapi.appcore.dll _GetServiceForWindow 63 twinapi.appcore.dll `anonymous namespace'::UIViewSettingsStatics::EnsureForWindow 64 twinapi.appcore.dll `anonymous namespace'::UIViewSettingsStatics::GetForWindow 65 libcef.dll base::win::IsWindows10TabletMode(HWND__*) y:\work\cef3_git\chromium\src\base\win\win_util.cc:142 66 libcef.dll base::win::IsTabletDevice(std::basic_string<char, std::char_traits<char>, std::allocator<char> >*) y:\work\cef3_git\chromium\src\base\win\win_util.cc:435 67 libcef.dll ui::GetAvailableHoverTypes() y:\work\cef3_git\chromium\src\ui\base\touch\touch_device_win.cc:56 68 libcef.dll ui::GetAvailablePointerAndHoverTypes() y:\work\cef3_git\chromium\src\ui\base\touch\touch_device_util.cc:27 69 libcef.dll content::RenderViewHostImpl::ComputeWebkitPrefs() y:\work\cef3_git\chromium\src\content\browser\renderer_host\render_view_host_impl.cc:483 70 libcef.dll content::RenderViewHostImpl::OnWebkitPreferencesChanged() y:\work\cef3_git\chromium\src\content\browser\renderer_host\render_view_host_impl.cc:917 71 libcef.dll content::RenderViewHostImpl::GetWebkitPreferences() y:\work\cef3_git\chromium\src\content\browser\renderer_host\render_view_host_impl.cc:900 72 libcef.dll content::RenderWidgetHostViewAura::RenderWidgetHostViewAura(content::RenderWidgetHost*, bool) y:\work\cef3_git\chromium\src\content\browser\renderer_host\render_widget_host_view_aura.cc:427 73 libcef.dll content::WebContentsViewAura::CreateViewForWidget(content::RenderWidgetHost*, content::RenderWidgetHost*) y:\work\cef3_git\chromium\src\content\browser\web_contents\web_contents_view_aura.cc:864 74 libcef.dll content::WebContentsImpl::CreateRenderWidgetHostViewForRenderManager(content::RenderViewHost*) y:\work\cef3_git\chromium\src\content\browser\web_contents\web_contents_impl.cc:5229 75 libcef.dll content::WebContentsImpl::CreateRenderViewForRenderManager(content::RenderViewHost*, int, int, content::FrameReplicationState const&) y:\work\cef3_git\chromium\src\content\browser\web_contents\web_contents_impl.cc:5245 76 libcef.dll content::RenderFrameHostManager::InitRenderView(content::RenderViewHostImpl*, content::RenderFrameProxyHost*) y:\work\cef3_git\chromium\src\content\browser\frame_host\render_frame_host_manager.cc:1991 77 libcef.dll content::RenderFrameHostManager::ReinitializeRenderFrame(content::RenderFrameHostImpl*) y:\work\cef3_git\chromium\src\content\browser\frame_host\render_frame_host_manager.cc:2133 78 libcef.dll content::RenderFrameHostManager::Navigate(GURL const&, content::FrameNavigationEntry const&, content::NavigationEntryImpl const&, bool) y:\work\cef3_git\chromium\src\content\browser\frame_host\render_frame_host_manager.cc:230 79 libcef.dll content::NavigatorImpl::NavigateToEntry(content::FrameTreeNode*, content::FrameNavigationEntry const&, content::NavigationEntryImpl const&, content::ReloadType, bool, bool, bool, scoped_refptr<content::ResourceRequestBodyImpl> const&) y:\work\cef3_git\chromium\src\content\browser\frame_host\navigator_impl.cc:397 80 libcef.dll content::NavigatorImpl::NavigateToPendingEntry(content::FrameTreeNode*, content::FrameNavigationEntry const&, content::ReloadType, bool) y:\work\cef3_git\chromium\src\content\browser\frame_host\navigator_impl.cc:497 81 libcef.dll content::NavigationControllerImpl::NavigateToPendingEntryInternal(content::ReloadType) y:\work\cef3_git\chromium\src\content\browser\frame_host\navigation_controller_impl.cc:2007 82 libcef.dll content::NavigationControllerImpl::NavigateToPendingEntry(content::ReloadType) y:\work\cef3_git\chromium\src\content\browser\frame_host\navigation_controller_impl.cc:1964 83 libcef.dll content::NavigationControllerImpl::LoadEntry(std::unique_ptr<content::NavigationEntryImpl, std::default_delete<content::NavigationEntryImpl> >) y:\work\cef3_git\chromium\src\content\browser\frame_host\navigation_controller_impl.cc:483 84 libcef.dll content::NavigationControllerImpl::LoadURLWithParams(content::NavigationController::LoadURLParams const&) y:\work\cef3_git\chromium\src\content\browser\frame_host\navigation_controller_impl.cc:820 85 libcef.dll content::NavigationControllerImpl::LoadURL(GURL const&, content::Referrer const&, ui::PageTransition, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) y:\work\cef3_git\chromium\src\content\browser\frame_host\navigation_controller_impl.cc:693
,
Sep 5 2017
For similar reentrancy crashes we've added early outs (for example, https://chromium.googlesource.com/chromium/src/+/master/chrome/browser/ui/views/frame/browser_view.cc#1808 ). It would be nice if we could handle these at a higher level so that client code doesn't need to deal with this, but that proves tricky.
,
Sep 13
Archiving old bugs that haven't been actively assigned in over 180 days. If you feel this issue should still be addressed, feel free to reopen it or to file a new issue. Thanks!
,
Sep 13
Archiving old bugs that haven't been actively assigned in over 180 days. If you feel this issue should still be addressed, feel free to reopen it or to file a new issue. Thanks!
,
Sep 13
Archiving old bugs that haven't been actively assigned in over 180 days. If you feel this issue should still be addressed, feel free to reopen it or to file a new issue. Thanks! |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by marshall@chromium.org
, Sep 1 2017