Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OnProtocolExecution: crash when using CefBrowser->StopLoad() with allow_os_execution = true #3851

Open
HashidaTKS opened this issue Dec 2, 2024 · 2 comments
Open

OnProtocolExecution: crash when using CefBrowser->StopLoad() with allow_os_execution = true #3851

HashidaTKS opened this issue Dec 2, 2024 · 2 comments
Labels
bug Bug report

Comments

@HashidaTKS
Copy link
Contributor

HashidaTKS commented Dec 2, 2024
edited
Loading

Describe the bug

This is similar to #3821.

My application implements the OnProtocolExecution handler like below.

void ClientHandler::OnProtocolExecution(CefRefPtr<CefBrowser> browser, CefRefPtr<CefFrame> frame, CefRefPtr<CefRequest> request, bool& allow_os_execution)
{
	allow_os_execution = true;
	browser->StopLoad();
}

This implementation crashes when opening zoom addresses.
This implementation works fine on CEF 127, but crashes on CEF128+.

This implementation crashes even on 131.2.7+g9a14dc9+chromium-131.0.6778.86, while it seems that the fix for #3821, I mean 0860ec2, is already applied to that version.

To Reproduce

  • Implement OnProtocolExecution like Describe the bug.
  • Open a zoom address.

Expected behavior

A pop-up asking if we want to open the installed zoom appears.

Screenshots
If applicable, add screenshots to help explain your problem.

Versions (please complete the following information):

  • OS: Windows11 24H2
  • CEF Version: 131.2.7+g9a14dc9+chromium-131.0.6778.86

Additional context

  • Does the problem reproduce with the cefclient or cefsimple sample application at the same version?

    • No, I guess they don't use browser->StopLoad(); and allow_os_execution = true; in OnProtocolExecution.

  • Does the problem reproduce with Google Chrome at the same version?

    • No

  • Add any other context about the problem here.

Here is a stack trace when crashing.

 	libcef.dll!logging::LogMessage::HandleFatal(unsigned int stack_start, const std::__Cr::basic_string<char,std::__Cr::char_traits<char>,std::__Cr::allocator<char>> & str_newline) Line 1050	C++
 	[Inline Frame] libcef.dll!logging::LogMessage::Flush::<lambda_0>::operator()() Line 750	C++
 	[Inline Frame] libcef.dll!absl::cleanup_internal::Storage<`lambda at ..\..\base\logging.cc:748:40'>::InvokeCallback() Line 87	C++
 	[Inline Frame] libcef.dll!absl::Cleanup<absl::cleanup_internal::Tag,`lambda at ..\..\base\logging.cc:748:40'>::~Cleanup() Line 106	C++
 	libcef.dll!logging::LogMessage::Flush() Line 933	C++
 	libcef.dll!logging::LogMessageFatal::~LogMessageFatal() Line 1056	C++
 	libcef.dll!base::allocator::UnretainedDanglingRawPtrDetectedCrash(unsigned int id) Line 751	C++
 	[Inline Frame] libcef.dll!partition_alloc::internal::InSlotMetadata::ReportIfDangling() Line 311	C++
 	libcef.dll!base::internal::RawPtrBackupRefImpl<1,0>::ReportIfDanglingInternal(unsigned int address) Line 70	C++
 	[Inline Frame] libcef.dll!base::internal::RawPtrBackupRefImpl<1,0>::ReportIfDangling(content::NavigationUIData * wrapped_ptr) Line 430	C++
 	[Inline Frame] libcef.dll!base::raw_ptr<content::NavigationUIData,1>::ReportIfDangling() Line 1023	C++
 	[Inline Frame] libcef.dll!base::internal::UnretainedWrapper<content::NavigationUIData,base::unretained_traits::MayNotDangle,0>::GetInternal(const base::raw_ptr<content::NavigationUIData,1> & ptr) Line 172	C++
 	[Inline Frame] libcef.dll!base::internal::UnretainedWrapper<content::NavigationUIData,base::unretained_traits::MayNotDangle,0>::get() Line 154	C++
 	[Inline Frame] libcef.dll!base::BindUnwrapTraits<base::internal::UnretainedWrapper<content::NavigationUIData,base::unretained_traits::MayNotDangle,0>>::Unwrap(const base::internal::UnretainedWrapper<content::NavigationUIData,base::unretained_traits::MayNotDangle,0> & o) Line 1953	C++
 	[Inline Frame] libcef.dll!base::internal::Unwrap(const base::internal::UnretainedWrapper<content::NavigationUIData,base::unretained_traits::MayNotDangle,0> & o) Line 435	C++
 	[Inline Frame] libcef.dll!base::internal::InvokeHelper<0,base::internal::FunctorTraits<void (*const &)(ChromeContentBrowserClientCef *, base::RepeatingCallback<content::WebContents *()>, base::IdType<content::FrameTreeNodeIdTag,int,-1,1,0>, content::NavigationUIData *, bool, bool, network::mojom::WebSandboxFlags, const network::ResourceRequest &, const std::__Cr::optional<url::Origin> &, content::WeakDocumentPtr, const net::IsolationInfo &),ChromeContentBrowserClientCef *,const base::RepeatingCallback<content::WebContents *()> &,const base::IdType<content::FrameTreeNodeIdTag,int,-1,1,0> &,content::NavigationUIData *const &,const bool &,const bool &,const network::mojom::WebSandboxFlags &,const network::ResourceRequest &,const std::__Cr::optional<url::Origin> &,const content::WeakDocumentPtr &,const net::IsolationInfo &>,void,0,1,2,3,4,5,6,7,8,9,10>::MakeItSo(void(*)(ChromeContentBrowserClientCef *, base::RepeatingCallback<content::WebContents *()>, base::IdType<content::FrameTreeNodeIdTag,int,-1,1,0>, content::NavigationUIData *, bool, bool, network::mojom::WebSandboxFlags, const network::ResourceRequest &, const std::__Cr::optional<url::Origin> &, content::WeakDocumentPtr, const net::IsolationInfo &) & functor, const std::__Cr::tuple<base::internal::UnretainedWrapper<ChromeContentBrowserClientCef,base::unretained_traits::MayNotDangle,0>,base::RepeatingCallback<content::WebContents *()>,base::IdType<content::FrameTreeNodeIdTag,int,-1,1,0>,base::internal::UnretainedWrapper<content::NavigationUIData,base::unretained_traits::MayNotDangle,0>,bool,bool,network::mojom::WebSandboxFlags,network::ResourceRequest,std::__Cr::optional<url::Origin>,content::WeakDocumentPtr,net::IsolationInfo> & bound) Line 930	C++
 	[Inline Frame] libcef.dll!base::internal::Invoker<base::internal::FunctorTraits<void (*const &)(ChromeContentBrowserClientCef *, base::RepeatingCallback<content::WebContents *()>, base::IdType<content::FrameTreeNodeIdTag,int,-1,1,0>, content::NavigationUIData *, bool, bool, network::mojom::WebSandboxFlags, const network::ResourceRequest &, const std::__Cr::optional<url::Origin> &, content::WeakDocumentPtr, const net::IsolationInfo &),ChromeContentBrowserClientCef *,const base::RepeatingCallback<content::WebContents *()> &,const base::IdType<content::FrameTreeNodeIdTag,int,-1,1,0> &,content::NavigationUIData *const &,const bool &,const bool &,const network::mojom::WebSandboxFlags &,const network::ResourceRequest &,const std::__Cr::optional<url::Origin> &,const content::WeakDocumentPtr &,const net::IsolationInfo &>,base::internal::BindState<0,1,0,void (*)(ChromeContentBrowserClientCef *, base::RepeatingCallback<content::WebContents *()>, base::IdType<content::FrameTreeNodeIdTag,int,-1,1,0>, content::NavigationUIData *, bool, bool, network::mojom::WebSandboxFlags, const network::ResourceRequest &, const std::__Cr::optional<url::Origin> &, content::WeakDocumentPtr, const net::IsolationInfo &),base::internal::UnretainedWrapper<ChromeContentBrowserClientCef,base::unretained_traits::MayNotDangle,0>,base::RepeatingCallback<content::WebContents *()>,base::IdType<content::FrameTreeNodeIdTag,int,-1,1,0>,base::internal::UnretainedWrapper<content::NavigationUIData,base::unretained_traits::MayNotDangle,0>,bool,bool,network::mojom::WebSandboxFlags,network::ResourceRequest,std::__Cr::optional<url::Origin>,content::WeakDocumentPtr,net::IsolationInfo>,void ()>::RunImpl(void(*)(ChromeContentBrowserClientCef *, base::RepeatingCallback<content::WebContents *()>, base::IdType<content::FrameTreeNodeIdTag,int,-1,1,0>, content::NavigationUIData *, bool, bool, network::mojom::WebSandboxFlags, const network::ResourceRequest &, const std::__Cr::optional<url::Origin> &, content::WeakDocumentPtr, const net::IsolationInfo &) & functor, const std::__Cr::tuple<base::internal::UnretainedWrapper<ChromeContentBrowserClientCef,base::unretained_traits::MayNotDangle,0>,base::RepeatingCallback<content::WebContents *()>,base::IdType<content::FrameTreeNodeIdTag,int,-1,1,0>,base::internal::UnretainedWrapper<content::NavigationUIData,base::unretained_traits::MayNotDangle,0>,bool,bool,network::mojom::WebSandboxFlags,network::ResourceRequest,std::__Cr::optional<url::Origin>,content::WeakDocumentPtr,net::IsolationInfo> & bound, std::__Cr::integer_sequence<unsigned int,0,1,2,3,4,5,6,7,8,9,10>) Line 1067	C++
 	libcef.dll!base::internal::Invoker<base::internal::FunctorTraits<void (*const &)(ChromeContentBrowserClientCef *, base::RepeatingCallback<content::WebContents *()>, base::IdType<content::FrameTreeNodeIdTag,int,-1,1,0>, content::NavigationUIData *, bool, bool, network::mojom::WebSandboxFlags, const network::ResourceRequest &, const std::__Cr::optional<url::Origin> &, content::WeakDocumentPtr, const net::IsolationInfo &),ChromeContentBrowserClientCef *,const base::RepeatingCallback<content::WebContents *()> &,const base::IdType<content::FrameTreeNodeIdTag,int,-1,1,0> &,content::NavigationUIData *const &,const bool &,const bool &,const network::mojom::WebSandboxFlags &,const network::ResourceRequest &,const std::__Cr::optional<url::Origin> &,const content::WeakDocumentPtr &,const net::IsolationInfo &>,base::internal::BindState<0,1,0,void (*)(ChromeContentBrowserClientCef *, base::RepeatingCallback<content::WebContents *()>, base::IdType<content::FrameTreeNodeIdTag,int,-1,1,0>, content::NavigationUIData *, bool, bool, network::mojom::WebSandboxFlags, const network::ResourceRequest &, const std::__Cr::optional<url::Origin> &, content::WeakDocumentPtr, const net::IsolationInfo &),base::internal::UnretainedWrapper<ChromeContentBrowserClientCef,base::unretained_traits::MayNotDangle,0>,base::RepeatingCallback<content::WebContents *()>,base::IdType<content::FrameTreeNodeIdTag,int,-1,1,0>,base::internal::UnretainedWrapper<content::NavigationUIData,base::unretained_traits::MayNotDangle,0>,bool,bool,network::mojom::WebSandboxFlags,network::ResourceRequest,std::__Cr::optional<url::Origin>,content::WeakDocumentPtr,net::IsolationInfo>,void ()>::Run(base::internal::BindStateBase * base) Line 987	C++
 	[Inline Frame] libcef.dll!base::OnceCallback<void ()>::Run() Line 156	C++
 	libcef.dll!base::TaskAnnotator::RunTaskImpl(base::PendingTask & pending_task) Line 202	C++
 	[Inline Frame] libcef.dll!base::TaskAnnotator::RunTask(perfetto::StaticString event_name, base::PendingTask & pending_task, base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl::<lambda_4> && args) Line 98	C++
 	[Inline Frame] libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow * continuation_lazy_now) Line 471	C++
 	libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() Line 332	C++
 	[Inline Frame] libcef.dll!`anonymous namespace'::MessagePumpExternal::DirectRunWork(base::MessagePump::Delegate * delegate, base::TimeTicks * next_run_time) Line 68	C++
 	libcef.dll!`anonymous namespace'::MessagePumpExternal::Run(base::MessagePump::Delegate * delegate) Line 37	C++
 	libcef.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool application_tasks_allowed, base::TimeDelta timeout) Line 641	C++
 	libcef.dll!base::RunLoop::Run(const base::Location & location) Line 135	C++
 	libcef.dll!base::RunLoop::RunUntilIdle() Line 144	C++
 	libcef.dll!CefDoMessageLoopWork() Line 382	C++
@HashidaTKS HashidaTKS added the bug Bug report label Dec 2, 2024
@leediesel
Copy link

I also confront the same issue , even I apply the patch :#3821

@mbragg12
Copy link
Contributor

Similar. The verbose logging seems a little more useful

[66776:63688:1213/154815.934:FATAL:partition_alloc_support.cc(751)] Detected dangling raw_ptr in unretained with id=0x00005c1c04f411ac:
Task trace:
	net_service::`anonymous namespace'::InterceptedRequestHandlerWrapper::OnRequestComplete [0x00007FFD54FB9466+838] (C:\cef\code\chromium_git\chromium\src\cef\libcef\browser\net_service\resource_request_handler_wrapper.cc:1119)
	mojo::SimpleWatcher::Context::CallNotify [0x00007FFD58255E84+260] (C:\cef\code\chromium_git\chromium\src\mojo\public\cpp\system\simple_watcher.cc:61)
	CefBrowserInfo::NavigationLock::~NavigationLock [0x00007FFD54F55604+116] (C:\cef\code\chromium_git\chromium\src\cef\libcef\browser\browser_info.cc:410)
	base::internal::Invoker<base::internal::FunctorTraits<`lambda at ..\..\cef\libcef\browser\browser_host_create.cc:92:7' &&,std::__Cr::unique_ptr<(anonymous namespace)::CreateBrowserHelper,std::__Cr::default_delete<(anonymous namespace)::CreateBrowserHelper [0x00007FFD54F52A9C+156] (C:\cef\code\chromium_git\chromium\src\base\functional\bind_internal.h:980)
	CefRequestContextImpl::ExecuteWhenBrowserContextInitialized [0x00007FFD54FDD276+214] (C:\cef\code\chromium_git\chromium\src\cef\libcef\browser\request_context_impl.cc:253)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Bug report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@leediesel @HashidaTKS @mbragg12