Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Asynchronous onBeforeRequest handler crashes Chromium with unretained dangling ptr error for specific websites #42149

Open
3 tasks done
mgalla10 opened this issue May 13, 2024 · 2 comments
Open
3 tasks done

[Bug]: Asynchronous onBeforeRequest handler crashes Chromium with unretained dangling ptr error for specific websites #42149

mgalla10 opened this issue May 13, 2024 · 2 comments
Labels
30-x-y 31-x-y bug 🪲 component/webRequest crash 💥 has-repro-gist Issue can be reproduced with code at https://gist.github.com/ platform/windows status/confirmed A maintainer reproduced the bug or agreed with the feature

Comments

@mgalla10
Copy link

mgalla10 commented May 13, 2024
edited

Preflight Checklist

Electron Version

30.0.3

What operating system are you using?

Windows

Operating System Version

Windows 11 version 23H2

What arch are you using?

x64

Last Known Working Electron version

v29.3.3

Expected Behavior

Providing an asynchronous handler to a window's webContents.session.webRequest.onBeforeRequest method should not result in a crash, regardless of the website being navigated to.

Actual Behavior

If there is any asynchrony in the onBeforeRequest handler (even just a setTimeout(0) delay), attempting to navigate to or within the website "https://yahoo.com" results in Chromium crashing with the fatal error "Detected dangling raw_ptr in unretained with id=0x########". Try-catch blocks are not sufficient to keep this error from tearing down the entire application.

So far, this issue seems to be specific to https://yahoo.com, but I'm not convinced there aren't other sites out there that would also manifest the same issue.

Testcase Gist URL

https://gist.github.com/0baeefc537a83dc044f4880d9eaeb5c4

Additional Information

Using the test Gist, once Yahoo has loaded, click the main "yahoo!" button to renavigate to that page again. Within anywhere from 1 to 5 clicks, the entire app will crash and the console will display information about the dangling raw_prt error.
@electron-issue-triage electron-issue-triage bot added 30-x-y has-repro-gist Issue can be reproduced with code at https://gist.github.com/ labels May 13, 2024
@clavin clavin added platform/windows crash 💥 component/webRequest status/confirmed A maintainer reproduced the bug or agreed with the feature labels May 21, 2024
@clavin
Copy link
Member

clavin commented May 21, 2024

Thanks for the report! I was able to reproduce this on a Windows device, but not on my macOS device. I was able to reproduce this on Electron 30.0.3 as well as Electron 31.0.0-beta.5.

@clavin clavin added the 31-x-y label May 21, 2024
@clavin
Copy link
Member

clavin commented May 30, 2024

After more testing, I believe this crash occurs on websites that use the Service Worker Navigation Preload feature in such a way that the network request for the navigation preload gets cancelled as soon as possible. I couldn't find any other websites that have this exact setup, nor have the time right now to create a demo, but this should hopefully narrow down the problem space a lot & give clear guidance on what to make an isolated, reproducible test case for.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
30-x-y 31-x-y bug 🪲 component/webRequest crash 💥 has-repro-gist Issue can be reproduced with code at https://gist.github.com/ platform/windows status/confirmed A maintainer reproduced the bug or agreed with the feature
Projects
30-x-y
Status: 👍 Does Not Block Stable
31-x-y
Status: 👍 Does Not Block Stable
Milestone
No milestone
Development

No branches or pull requests
2 participants
@clavin @mgalla10