diff --git a/libcef/common/main_delegate.cc b/libcef/common/main_delegate.cc index b2bff392e..3b6682a37 100644 --- a/libcef/common/main_delegate.cc +++ b/libcef/common/main_delegate.cc @@ -13,6 +13,7 @@ #include "libcef/renderer/content_renderer_client.h" #include "libcef/utility/content_utility_client.h" +#include "base/at_exit.h" #include "base/base_switches.h" #include "base/command_line.h" #include "base/files/file_path.h" @@ -267,6 +268,14 @@ class CefUIThread : public base::Thread { browser_runner_->Shutdown(); browser_runner_.reset(NULL); + // Release MessagePump resources registered with the AtExitManager. + base::MessageLoop* ml = const_cast(message_loop()); + base::MessageLoopCurrent::UnbindFromCurrentThreadInternal(ml); + ml->ReleasePump(); + + // Run exit callbacks on the UI thread to avoid sequence check failures. + base::AtExitManager::ProcessCallbacksNow(); + #if defined(OS_WIN) // Closes the COM library on the current thread. CoInitialize must // be balanced by a corresponding call to CoUninitialize. @@ -642,13 +651,14 @@ void CefMainDelegate::ShutdownBrowser() { browser_runner_->Shutdown(); browser_runner_.reset(NULL); } + + message_loop_.reset(); + if (ui_thread_.get()) { // Blocks until the thread has stopped. ui_thread_->Stop(); ui_thread_.reset(); } - - message_loop_.reset(); } void CefMainDelegate::InitializeResourceBundle() { diff --git a/patch/patch.cfg b/patch/patch.cfg index d40fb1a50..9624c62f1 100644 --- a/patch/patch.cfg +++ b/patch/patch.cfg @@ -52,6 +52,10 @@ patches = [ # # Revert change that removes MessageLoopForUI constructor. # https://chromium-review.googlesource.com/751322 + # + # Add MessageLoop::ReleasePump to fix crashes during shutdown with multi- + # threaded message loop mode. + # https://bitbucket.org/chromiumembedded/cef/issues/2362 'name': 'message_loop', }, { diff --git a/patch/patches/message_loop.patch b/patch/patches/message_loop.patch index 4c42e0768..b91eda0fc 100644 --- a/patch/patches/message_loop.patch +++ b/patch/patches/message_loop.patch @@ -13,10 +13,20 @@ index 3723960a5c0c..fa924f020f4e 100644 MessageLoopCurrentForUI MessageLoopForUI::current() { return MessageLoopCurrentForUI::Get(); diff --git base/message_loop/message_loop.h base/message_loop/message_loop.h -index 7c31a128b53d..8d9dfdbc2a68 100644 +index 7c31a128b53d..7549d388cccb 100644 --- base/message_loop/message_loop.h +++ base/message_loop/message_loop.h -@@ -351,6 +351,7 @@ class BASE_EXPORT MessageLoop : public MessagePump::Delegate, +@@ -195,6 +195,9 @@ class BASE_EXPORT MessageLoop : public MessagePump::Delegate, + // Runs the specified PendingTask. + void RunTask(PendingTask* pending_task); + ++ // Called from Thread::CleanUp() to release resources. ++ void ReleasePump() { pump_ = nullptr; } ++ + //---------------------------------------------------------------------------- + protected: + std::unique_ptr pump_; +@@ -351,6 +354,7 @@ class BASE_EXPORT MessageLoop : public MessagePump::Delegate, class BASE_EXPORT MessageLoopForUI : public MessageLoop { public: explicit MessageLoopForUI(Type type = TYPE_UI); @@ -24,6 +34,19 @@ index 7c31a128b53d..8d9dfdbc2a68 100644 // TODO(gab): Mass migrate callers to MessageLoopCurrentForUI::Get()/IsSet(). static MessageLoopCurrentForUI current(); +diff --git base/message_loop/message_loop_current.cc base/message_loop/message_loop_current.cc +index 4959b70e0676..fdffe799433f 100644 +--- base/message_loop/message_loop_current.cc ++++ base/message_loop/message_loop_current.cc +@@ -43,6 +43,8 @@ void MessageLoopCurrent::AddDestructionObserver( + + void MessageLoopCurrent::RemoveDestructionObserver( + DestructionObserver* destruction_observer) { ++ if (!current_) ++ return; + DCHECK_CALLED_ON_VALID_THREAD(current_->bound_thread_checker_); + current_->destruction_observers_.RemoveObserver(destruction_observer); + } diff --git base/message_loop/message_loop_current.h base/message_loop/message_loop_current.h index 61d1607e31e7..656b3a9c9f68 100644 --- base/message_loop/message_loop_current.h