cef icon indicating copy to clipboard operation
cef copied to clipboard
verified publisher icon chromiumembedded

Windows: crash on switching modes between tablet and desktop

Open bjdupuis opened this issue 6 months ago • 1 comments

Describe the bug When switching modes on a touchscreen-capable device between tablet and desktop, cefclient crashes when using native windows and chrome style.

To Reproduce Steps to reproduce the behavior:

  1. On a touchscreen-enabled device on Windows 10 use cefclient --use-native from CEF 137.0.8 sample client download.
  2. Open Windows command center and click on "Tablet Mode".
  3. cefclient will crash

Expected behavior cefclient doesn't crash

Screenshots If applicable, add screenshots to help explain your problem.

Versions (please complete the following information):

  • OS: [e.g. Windows 10, MacOS 13.2, Ubuntu 22.10]
  • CEF Version: [e.g. 111.2.2]

Additional context Does the problem reproduce with the cefclient or cefsimple sample application at the same version?

Does the problem reproduce with Google Chrome at the same version?

Add any other context about the problem here.

Exception info

COMMENT:  
*** "C:\Users\Admin\Downloads\Procdump\procdump.exe" -accepteula -ma -j "c:\dumps" 4520 516 000002AD892E0000
*** Just-In-Time debugger. PID: 4520 Event Handle: 516 JIT Context: .jdinfo 0x2ad892e0000

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

CONTEXT:  (.ecxr)
rax=0000ac95af028380 rbx=000002ad84818b00 rcx=0000000000000000
rdx=00007fff0dcbcd00 rsi=000021a4002fc780 rdi=000021a400219900
rip=00007ffe65ed331a rsp=000000cd021ff240 rbp=000000cd021ff740
 r8=000021a400200000  r9=000000007ffe6000 r10=00000fffcd4e73be
r11=4004010010010040 r12=000021a0000196a0 r13=0000000000000001
r14=00007ffe6fee6598 r15=000021a400a33760
iopl=0         nv up ei pl nz na pe nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
libcef!views::View::InvalidateLayout+0x2a:
00007ffe`65ed331a 80b9ea01000000  cmp     byte ptr [rcx+1EAh],0 ds:00000000`000001ea=??
Resetting default scope

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ffe65ed331a (libcef!views::View::InvalidateLayout+0x000000000000002a)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 00000000000001ea
Attempt to read from address 00000000000001ea

PROCESS_NAME:  cefclient.exe

READ_ADDRESS:  00000000000001ea 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  00000000000001ea

STACK_TEXT:  
000000cd`021ff240 00007ffe`6a739e10     : 0000ac95`af028390 000002ad`84818b00 000021a4`002198c0 00007ffe`6fee6580 : libcef!views::View::InvalidateLayout+0x2a
000000cd`021ff320 00007ffe`63361f76     : 000021a4`00db5790 00000000`0000001a 80000000`00000020 00000000`970f5138 : libcef!BrowserFrame::OnTouchUiChanged+0x20
(Inline Function) --------`--------     : --------`-------- --------`-------- --------`-------- --------`-------- : libcef!base::RepeatingCallback<void ()>::Run+0x33
(Inline Function) --------`--------     : --------`-------- --------`-------- --------`-------- --------`-------- : libcef!base::RepeatingCallbackList<void ()>::RunCallback+0x33
000000cd`021ff350 00007ffe`69cd207d     : 00000000`00000000 000000cd`021ff3e8 000000cd`021ff418 00007ffe`65db5c60 : libcef!base::internal::CallbackListBase<base::RepeatingCallbackList<void ()> >::Notify<>+0x76
000000cd`021ff3a0 00007ffe`652c3f2d     : 00007ffe`63c697ad 00000000`00000000 00000000`00000000 00000000`00000000 : libcef!ui::TouchUiController::TouchUiChanged+0x6d
(Inline Function) --------`--------     : --------`-------- --------`-------- --------`-------- --------`-------- : libcef!base::OnceCallback<void (bool)>::Run+0x29
(Inline Function) --------`--------     : --------`-------- --------`-------- --------`-------- --------`-------- : libcef!base::internal::DecayedFunctorTraits<base::OnceCallback<void (bool)>,bool &&>::Invoke+0x29
(Inline Function) --------`--------     : --------`-------- --------`-------- --------`-------- --------`-------- : libcef!base::internal::InvokeHelper<0,base::internal::FunctorTraits<base::OnceCallback<void (bool)> &&,bool &&>,void,0>::MakeItSo+0x29
(Inline Function) --------`--------     : --------`-------- --------`-------- --------`-------- --------`-------- : libcef!base::internal::Invoker<base::internal::FunctorTraits<base::OnceCallback<void (bool)> &&,bool &&>,base::internal::BindState<0,1,1,base::OnceCallback<void (bool)>,bool>,void ()>::RunImpl+0x29
000000cd`021ff3f0 00007ffe`65dbd61d     : 000021a0`000196a0 00007ffe`65f108a5 00000000`0000182e 00000000`00000000 : libcef!base::internal::Invoker<base::internal::FunctorTraits<base::OnceCallback<void (bool)> &&,bool &&>,base::internal::BindState<0,1,1,base::OnceCallback<void (bool)>,bool>,void ()>::RunOnce+0x3d
(Inline Function) --------`--------     : --------`-------- --------`-------- --------`-------- --------`-------- : libcef!base::OnceCallback<void ()>::Run+0x27
000000cd`021ff430 00007ffe`65f0ed83     : 000000cd`021ff578 00007ffe`65dbef27 00000000`00000058 00000000`00000000 : libcef!base::TaskAnnotator::RunTaskImpl+0x12d
(Inline Function) --------`--------     : --------`-------- --------`-------- --------`-------- --------`-------- : libcef!base::TaskAnnotator::RunTask+0x1bd
(Inline Function) --------`--------     : --------`-------- --------`-------- --------`-------- --------`-------- : libcef!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl+0x440
000000cd`021ff4d0 00007ffe`65daf4ed     : 00007ffe`6fed89c0 00007ffe`63a77f62 00000000`00000010 00000000`00000000 : libcef!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork+0x4e3
000000cd`021ff700 00007ffe`63a1d3bd     : 000000cd`021ff850 00000000`00000000 000000cd`021ff8e0 00000001`00aaaaaa : libcef!base::MessagePumpForUI::DoRunLoop+0x6d
000000cd`021ff7b0 00007ffe`640c83ee     : 00000000`00000038 000000cd`021ff918 000000cd`021ff920 00007ffe`6649558f : libcef!base::MessagePumpWin::Run+0xad
000000cd`021ff820 00007ffe`63a46f1f     : 00005550`000f4000 00007ffe`65da2639 000000cd`021ff8e0 000000cd`021ff9e0 : libcef!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run+0xfe
000000cd`021ff8b0 00007ffe`626f0ecb     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : libcef!base::RunLoop::Run+0xbf
000000cd`021ff980 00007ffe`626d6e13     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : libcef!CefMainRunner::RunMessageLoop+0x12b
(Inline Function) --------`--------     : --------`-------- --------`-------- --------`-------- --------`-------- : libcef!CefContext::RunMessageLoop+0xc
000000cd`021ffa30 00007ff6`ae01ebc9     : 000024a7`7413193d 00005550`000482c0 00005550`0004c230 00000000`00000000 : libcef!CefRunMessageLoop+0x53
000000cd`021ffa80 00007ff6`ae089f2e     : 006b0073`00690064 0075006c`006f0056 005c0033`0065006d 00720065`00730055 : cefclient+0x1ebc9
000000cd`021ffab0 00007ff6`ae1e0232     : 00007ff6`ae25a1b0 00007ff6`ae1e02a9 00000000`00000000 00000000`00000000 : cefclient+0x89f2e
000000cd`021ffd20 00007fff`0db37374     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : cefclient!GetHandleVerifier+0x84942
000000cd`021ffd60 00007fff`0dc7cc91     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14
000000cd`021ffd90 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21


STACK_COMMAND: ~0s; .ecxr ; kb

FAULTING_SOURCE_LINE:  Y:\work\CEF3_git\chromium\src\ui\views\view.cc

FAULTING_SOURCE_FILE:  Y:\work\CEF3_git\chromium\src\ui\views\view.cc

FAULTING_SOURCE_LINE_NUMBER:  952

FAULTING_SOURCE_CODE:  
No source found for 'Y:\work\CEF3_git\chromium\src\ui\views\view.cc'


SYMBOL_NAME:  libcef!views::View::InvalidateLayout+2a

MODULE_NAME: libcef

IMAGE_NAME:  libcef.dll

FAILURE_BUCKET_ID:  INVALID_POINTER_READ_c0000005_libcef.dll!views::View::InvalidateLayout

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

IMAGE_VERSION:  137.0.8.0

FAILURE_ID_HASH:  {1ed90908-9555-23a3-72c7-5ee4a7dccda7}

---------

bjdupuis avatar Jun 02 '25 17:06 bjdupuis

Related forum thread: https://magpcss.org/ceforum/viewtopic.php?f=6&t=20174

magreenblatt avatar Jun 02 '25 20:06 magreenblatt

Hi, this crash is still unresolved. Here is a callstack from CEF 139.0.15+g87dd109.

thanks SM

> libcef.dll!views::View::InvalidateLayout() Line 950 C++ Symbols loaded. libcef.dll!BrowserFrame::OnTouchUiChanged() Line 705 C++ Symbols loaded. [Inline Frame] libcef.dll!base::RepeatingCallback<void ()>::Run() Line 344 C++ Symbols loaded. [Inline Frame] libcef.dll!base::RepeatingCallbackList<void ()>::RunCallback(std::__Cr::__list_iterator<base::RepeatingCallback<void ()>,void *> it) Line 348 C++ Symbols loaded. libcef.dll!base::internal::CallbackListBase<base::RepeatingCallbackList<void ()>>::Notify<>() Line 233 C++ Symbols loaded. libcef.dll!ui::TouchUiController::TouchUiChanged() Line 258 C++ Symbols loaded. [Inline Frame] libcef.dll!base::OnceCallback<void (bool)>::Run(bool args) Line 156 C++ Symbols loaded. libcef.dll!base::internal::ReplyAdapter<bool,bool>(base::OnceCallback<void (bool)> callback={...}, std::__Cr::unique_ptr<bool,std::__Cr::default_delete<bool>> * result) Line 31 C++ Symbols loaded. [Inline Frame] libcef.dll!base::internal::DecayedFunctorTraits<void (*)(base::OnceCallback<void (int)>, std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>> *),base::OnceCallback<void (int)> &&,std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>> *>::Invoke(void(*)(base::OnceCallback<void (int)>, std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>> *) && function, base::OnceCallback<void (int)> && args, std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>> * && args) Line 664 C++ Symbols loaded. [Inline Frame] libcef.dll!base::internal::InvokeHelper<0,base::internal::FunctorTraits<void (*&&)(base::OnceCallback<void (int)>, std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>> *),base::OnceCallback<void (int)> &&,std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>> *>,void,0,1>::MakeItSo(void(*)(base::OnceCallback<void (int)>, std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>> *) && functor, std::__Cr::tuple<base::OnceCallback<void (int)>,base::internal::OwnedWrapper<std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>>,std::__Cr::default_delete<std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>>>>> && bound) Line 923 C++ Symbols loaded. [Inline Frame] libcef.dll!base::internal::Invoker<base::internal::FunctorTraits<void (*&&)(base::OnceCallback<void (int)>, std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>> *),base::OnceCallback<void (int)> &&,std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>> *>,base::internal::BindState<0,1,0,void (*)(base::OnceCallback<void (int)>, std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>> *),base::OnceCallback<void (int)>,base::internal::OwnedWrapper<std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>>,std::__Cr::default_delete<std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>>>>>,void ()>::RunImpl(void(*)(base::OnceCallback<void (int)>, std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>> *) && functor, std::__Cr::tuple<base::OnceCallback<void (int)>,base::internal::OwnedWrapper<std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>>,std::__Cr::default_delete<std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>>>>> && bound, std::__Cr::integer_sequence<unsigned long long,0,1>) Line 1060 C++ Symbols loaded. libcef.dll!base::internal::Invoker<base::internal::FunctorTraits<void (*&&)(base::OnceCallback<void (int)>, std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>> *),base::OnceCallback<void (int)> &&,std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>> *>,base::internal::BindState<0,1,0,void (*)(base::OnceCallback<void (int)>, std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>> *),base::OnceCallback<void (int)>,base::internal::OwnedWrapper<std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>>,std::__Cr::default_delete<std::__Cr::unique_ptr<int,std::__Cr::default_delete<int>>>>>,void ()>::RunOnce(base::internal::BindStateBase * base) Line 973 C++ Symbols loaded. [Inline Frame] libcef.dll!base::OnceCallback<void ()>::Run() Line 156 C++ Symbols loaded. [Inline Frame] libcef.dll!base::internal::PostTaskAndReplyRelay::RunReply(base::internal::PostTaskAndReplyRelay relay={...}) Line 63 C++ Symbols loaded. [Inline Frame] libcef.dll!base::internal::DecayedFunctorTraits<void (*)(base::internal::PostTaskAndReplyRelay),base::internal::PostTaskAndReplyRelay &&>::Invoke(void(*)(base::internal::PostTaskAndReplyRelay) && function, base::internal::PostTaskAndReplyRelay && args) Line 664 C++ Symbols loaded. [Inline Frame] libcef.dll!base::internal::InvokeHelper<0,base::internal::FunctorTraits<void (*&&)(base::internal::PostTaskAndReplyRelay),base::internal::PostTaskAndReplyRelay &&>,void,0>::MakeItSo(void(*)(base::internal::PostTaskAndReplyRelay) && functor, std::__Cr::tuple<base::internal::PostTaskAndReplyRelay> && bound) Line 923 C++ Symbols loaded. [Inline Frame] libcef.dll!base::internal::Invoker<base::internal::FunctorTraits<void (*&&)(base::internal::PostTaskAndReplyRelay),base::internal::PostTaskAndReplyRelay &&>,base::internal::BindState<0,1,0,void (*)(base::internal::PostTaskAndReplyRelay),base::internal::PostTaskAndReplyRelay>,void ()>::RunImpl(void(*)(base::internal::PostTaskAndReplyRelay) && functor, std::__Cr::tuple<base::internal::PostTaskAndReplyRelay> && bound, std::__Cr::integer_sequence<unsigned long long,0>) Line 1060 C++ Symbols loaded. libcef.dll!base::internal::Invoker<base::internal::FunctorTraits<void (*&&)(base::internal::PostTaskAndReplyRelay),base::internal::PostTaskAndReplyRelay &&>,base::internal::BindState<0,1,0,void (*)(base::internal::PostTaskAndReplyRelay),base::internal::PostTaskAndReplyRelay>,void ()>::RunOnce(base::internal::BindStateBase * base) Line 973 C++ Symbols loaded. [Inline Frame] libcef.dll!base::OnceCallback<void ()>::Run() Line 156 C++ Symbols loaded. libcef.dll!base::TaskAnnotator::RunTaskImpl(base::PendingTask & pending_task) Line 207 C++ Symbols loaded. [Inline Frame] libcef.dll!base::TaskAnnotator::RunTask(perfetto::StaticString event_name, base::PendingTask & pending_task, base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl::<lambda_4> && args) Line 104 C++ Symbols loaded. [Inline Frame] libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow * continuation_lazy_now) Line 456 C++ Symbols loaded. libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() Line 330 C++ Symbols loaded. libcef.dll!base::MessagePumpForUI::DoRunLoop() Line 265 C++ Symbols loaded. libcef.dll!base::MessagePumpWin::Run(base::MessagePump::Delegate * delegate) Line 89 C++ Symbols loaded. libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool application_tasks_allowed, base::TimeDelta timeout) Line 632 C++ Symbols loaded. libcef.dll!base::RunLoop::Run(const base::Location & location) Line 136 C++ Symbols loaded. libcef.dll!CefMainRunner::RunMessageLoop() Line 156 C++ Symbols loaded. libcef.dll!CefUIThread::ThreadMain() Line 105 C++ Symbols loaded. libcef.dll!base::anonymous namespace'::ThreadFunc(void * params=0x000054400004c800) Line 107 C++ Symbols loaded. kernel32.dll!BaseThreadInitThunk() Unknown Symbols loaded. ntdll.dll!RtlUserThreadStart() Unknown Symbols loaded. `

nattu97 avatar Nov 24 '25 09:11 nattu97