Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash when adding overlay view since CEF 125 due to invalid static_cast #3784

Closed
Taronyu opened this issue Sep 4, 2024 · 3 comments
Closed

Crash when adding overlay view since CEF 125 due to invalid static_cast #3784

Taronyu opened this issue Sep 4, 2024 · 3 comments
Labels
bug Bug report

Comments

@Taronyu
Copy link

Taronyu commented Sep 4, 2024

Describe the bug
Since CEF 125, when adding an overlay view the code will crash due to an illegal memory access. I did some debugging with a modified cefclient application. I think it comes down to an invalid static_cast.

When the overlay view is added, eventually CefBrowserView::AddedToWidget is called. This will call CefWidget::GetForWidget on the supplied widget and there is a check if the view is using Alloy style or Chrome style. In my case the widget is cast to ChromeBrowserFrame but according to the debugger the widget is of type ThemeCopyingWidget. The cast result in an invalid _vfptr pointer, which is then dereferenced by the caller, causing the crash.

To Reproduce
Steps to reproduce the behavior:

  1. Apply my provided patch file cefclient_testcode.patch. This will add an overlay view to the cefclient application.
  2. Launch the modified cefclient with the following args --use-views --hide-frame --hide-controls
  3. cefclient.exe will crash in CefBrowserViewImpl::AddedToWidget

Expected behavior
Application must not crash.

Screenshots
Exception:
Note that cef_widget is a valid pointer but its _vfptr is null.
code1

Invalid type cast:
Note that widget is of type ThemeCopyingWidget and cast to ChromeBrowserFrame
code2

Versions (please complete the following information):

  • OS: Windows 11
  • CEF Version: 128.4.8+g88b5034, master

Additional context
cefclient_testcode.patch
@Taronyu Taronyu added the bug Bug report label Sep 4, 2024
magreenblatt pushed a commit that referenced this issue Sep 17, 2024
@nik-sp @magreenblatt
Account for overlay host Widget in CefWidget::GetForWidget (fixes #3784)
c06c743
magreenblatt pushed a commit that referenced this issue Sep 17, 2024
@nik-sp @magreenblatt
Account for overlay host Widget in CefWidget::GetForWidget (fixes #3784)
4deb487
@Taronyu
Copy link
Author

Taronyu commented Sep 18, 2024
edited
Loading

Thanks for the quick fix. While the cefclient example doesn't crash anymore, I have now the issue that the overlay browser is not created. Is this a new issue or am I using it wrong? As far as I see, there is no browser instance created. According to the documentation, the browser instance is created when the overlay view is added to the views hierarchy, which I assumed whould happen when adding the view to the window. See code below (taken from the provided patch file)

// Browser view
CefBrowserSettings settings = {};
browser_view_ = CefBrowserView::CreateBrowserView(
    nullptr, "https://bitbucket.org/chromiumembedded/cef/", settings, nullptr,
    nullptr, nullptr);
browser_view_controller_ =
    window->AddOverlayView(browser_view_, CEF_DOCKING_MODE_CUSTOM, true);

I can create a new issue with the same patch file if it's a new one.

@magreenblatt
Copy link
Collaborator

I have now the issue that the overlay browser is not created.

We don't currently test the usage of browser views in overlays. Please add a new issue.

@Taronyu Taronyu mentioned this issue Sep 18, 2024
Open
@Taronyu
Copy link
Author

Taronyu commented Sep 18, 2024

Ok, I created #3790

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Bug report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@magreenblatt @Taronyu