CEF memory leaks #2

Author: Dutchman101

Client/cefweb/CAjaxResourceHandler.cpp

@@ -18,6 +18,15 @@ CAjaxResourceHandler::CAjaxResourceHandler(std::vector<SString>& vecGet, std::ve
 {
 }
 
+CAjaxResourceHandler::~CAjaxResourceHandler()
+{
+    // Ensure callback is released if handler is destroyed before completion
+    if (m_callback)
+    {
+        m_callback = nullptr;
+    }
+}
+
 std::vector<SString>& CAjaxResourceHandler::GetGetData()
 {
     return m_vecGetData;

Client/cefweb/CAjaxResourceHandler.h

@@ -20,6 +20,7 @@ class CAjaxResourceHandler : public CefResourceHandler, public CAjaxResourceHand
 {
 public:
     CAjaxResourceHandler(std::vector<SString>& vecGet, std::vector<SString>& vecPost, const CefString& mimeType);
+    virtual ~CAjaxResourceHandler();
 
     virtual std::vector<SString>& GetGetData() override;
     virtual std::vector<SString>& GetPostData() override;

Client/cefweb/CWebCore.cpp

@@ -109,13 +109,22 @@ void CWebCore::DestroyWebView(CWebViewInterface* pWebViewInterface)
     CefRefPtr<CWebView> pWebView = dynamic_cast<CWebView*>(pWebViewInterface);
     if (pWebView)
     {
+        // Mark as being destroyed to prevent new events/tasks
+        pWebView->SetBeingDestroyed(true);
+        
         // Ensure that no attached events or tasks are in the queue
         RemoveWebViewEvents(pWebView.get());
         RemoveWebViewTasks(pWebView.get());
 
+        // Remove from list before closing to break reference cycles early
         m_WebViews.remove(pWebView);
-        // pWebView->Release(); // Do not release since other references get corrupted then
+        
+        // CloseBrowser will eventually trigger OnBeforeClose which clears m_pWebView
+        // This breaks the circular reference: CWebView -> CefBrowser -> CWebView
         pWebView->CloseBrowser();
+        
+        // Note: Do not call Release() - let CefRefPtr manage the lifecycle
+        // The circular reference is broken via OnBeforeClose setting m_pWebView = nullptr
     }
 }
 

Client/cefweb/CWebView.cpp

@@ -47,8 +47,12 @@ CWebView::~CWebView()
     // Clean up AJAX handlers to prevent accumulation
     m_AjaxHandlers.clear();
 
-    // Ensure that CefRefPtr::~CefRefPtr doesn't try to release it twice (it has already been released in CWebView::OnBeforeClose)
-    m_pWebView = nullptr;
+    // Break circular reference: ensure browser reference is cleared
+    // This is to prevent memory leaks from CWebView <-> CefBrowser cycles
+    if (m_pWebView)
+    {
+        m_pWebView = nullptr;
+    }
 
     OutputDebugLine("CWebView::~CWebView");
 }
@@ -86,6 +90,9 @@ void CWebView::CloseBrowser()
     // Make sure we don't dead lock the CEF render thread
     ResumeCefThread();
 
+    // Clear AJAX handlers early to prevent late event processing
+    m_AjaxHandlers.clear();
+
     if (m_pWebView)
         m_pWebView->GetHost()->CloseBrowser(true);
 }
@@ -503,8 +510,12 @@ bool CWebView::HasAjaxHandler(const SString& strURL)
 
 void CWebView::HandleAjaxRequest(const SString& strURL, CAjaxResourceHandler* pHandler)
 {
-    auto func = std::bind(&CWebBrowserEventsInterface::Events_OnAjaxRequest, m_pEventsInterface, pHandler, strURL);
-    g_pCore->GetWebCore()->AddEventToEventQueue(func, this, "AjaxResourceRequest");
+    // Only queue event if not being destroyed to prevent UAF
+    if (!m_bBeingDestroyed)
+    {
+        auto func = std::bind(&CWebBrowserEventsInterface::Events_OnAjaxRequest, m_pEventsInterface, pHandler, strURL);
+        g_pCore->GetWebCore()->AddEventToEventQueue(func, this, "AjaxResourceRequest");
+    }
 }
 
 bool CWebView::ToggleDevTools(bool visible)