win: Crash in autofill::ShowSaveBubble

[mattwildgoose]

Describe the bug When running a .NET 4.8 WinForms application using the CefSharp ChromiumWebBrowser control and navigating to a html page containing inputs for Street, Town and Postcode, typing any value in all these fields then submitting the form, the hosting application crashes with a fault in libcef.dll

To Reproduce I have created a sample repo at https://github.com/mattwildgoose/CefSharpIssue. This contains both a sample WinForms app and a web app with a simple html file used to reproduce the issue.

Steps to reproduce the behavior:

1. Create a simple WinForms app with a form containing a CefSharp browser control
2. Ensure you set the CefSettings.Locale value to "en-GB" (I used current culture but that's the value that's being set)
3. Navigate to a page containing inputs with Street, Town and Postcode in their names and a submit button
4. Type a dot into each field and click the submit button
5. The browser's hosting application crashes

Expected behavior The form should submit successfully and browser remain functional

Versions (please complete the following information):

• OS: Windows 11
• CEF Version: Issue started in CefSharp 126.2.180 but also tested with 128.4.90 and issue persists

Additional context Does the problem reproduce with the cefclient or cefsimple sample application at the same version? I tried to reproduce with the cefclient trying each of the following command lines but could not reproduce with any .\cefclient.exe --multi-threaded-message-loop --no-sandbox --use-alloy-style .\cefclient.exe --multi-threaded-message-loop --no-sandbox --use-alloy-style --lang=en-GB .\cefclient.exe --multi-threaded-message-loop --no-sandbox --use-alloy-style --enable-chrome-runtime --lang=en-GB

With the cefclient after submitting the form it opens the dialog asking if you want to save the address against your profile, this isn't available when using CefSharp to my knowledge.

Does the problem reproduce with Google Chrome at the same version? The problem does not reproduce in Google Chrome which opens the same dialog as cefclient asking about saving the address

Add any other context about the problem here. The problem appears to have come in with the switch from Alloy to Chrome Bootstrap and reverting to Alloy resolves the problem. Also if you don't set the CefSettings.Locale and leave as default (en-US) then you don't get the issue either.

On the CefSharp issue related to the change to the Chrome Bootstrap it requests to log related issues here, hence why I'm raising here rather than in the CefSharp repo.

The exception you get is Unhandled exception at 0x00007FFE050B86D4 (libcef.dll) in Browser.exe.43284.dmp: 0xC0000005: Access violation reading location 0x00000000000001F8.

Stack Trace: StackTrace.txt

[magreenblatt]

From the call stack (and code here) it looks like another instance of https://github.com/chromiumembedded/cef/issues/3763#issuecomment-2273914241 (the part about FindBrowserWithTab).

[magreenblatt]

You can disable autofill as described at https://www.magpcss.org/ceforum/viewtopic.php?f=6&t=19898&start=10#p55813

[magreenblatt]

@mattwildgoose Can you provide the HTML (or URL) for reproducing these steps?

Navigate to a page containing inputs with Street, Town and Postcode in their names and a submit button Type a dot into each field and click the submit button

[magreenblatt]

Can you provide the HTML (or URL) for reproducing these steps?

Thanks, found it at https://github.com/mattwildgoose/CefSharpIssue/blob/main/WebApp/wwwroot/Profile.html

[magreenblatt]

I'm also unable to reproduce this crash in cefclient (M130). The autofill bubble works as expected with --use-alloy-style [--use-native].

[magreenblatt]

Looks like the autocomplete code was substantially rewritten in https://issuetracker.google.com/issues/40281981 (~M129 timeframe), and this crashing code path is no longer triggered.

[magreenblatt]

@mattwildgoose Can you test if this issue is resolved for you in M129? Thanks.

[magreenblatt]

Closing this issue as likely fixed in M130 (and maybe M129).

[zelpnir]

I had a similar problem using M129: On my page was a Field called "IBAN" and if you enter a valid IBAN number the whole application would crash. We assume that the problem is that the chromium autofill for payments was triggered.

Starting up with the --disable-features flag did not work.

My workaround was to disable the settings in an CustomLifespanHandler.

    internal class CustomLIfeSpanHandler : CefSharp.Handler.LifeSpanHandler, ILifeSpanHandler
    {
        protected override void OnAfterCreated(IWebBrowser chromiumWebBrowser, IBrowser browser)
        {
            var context = Cef.GetGlobalRequestContext();
            string errorString = null;
            context.SetPreference("autofill.save_data", false, out errorString);
            context.SetPreference("autofill.credit_card_enabled", false, out errorString);
            context.SetPreference("autofill.profile_enabled", false, out errorString);
            context.SetPreference("autofill.save_data", false, out errorString);
            context.SetPreference("payments.can_make_payment_enabled", false, out errorString);
            context.SetPreference("search.suggest_enabled", false, out errorString);
            context.SetPreference("url_keyed_anonymized_data_collection.enabled", false, out errorString);
        }
    }

Maybe this helps someone.