search

chromiumembedded / cef

Chromium Embedded Framework (CEF). A simple framework for embedding Chromium-based browsers in other applications.
https://bitbucket.org/chromiumembedded/cef/
Other
3.38k stars 467 forks source link

Crash when allow_os_execution is set to true in CefResourceRequestHandler::OnProtocolExecution #3821

Closed naoki-tk closed 2 weeks ago

naoki-tk commented 3 weeks ago

My application set allow_os_execution to true at CefResourceRequestHandler::OnProtocolExecution. However, this implementation crashes when opening zoom address. Skype link crashes as well.

To Reproduce It can also be reproduced with cefclient by changing ClientHandler::OnProtocolExecution. Set allow_os_execution to true when the scheme is "zoommtg:" (For Skype, use "skype:")

Expected behavior If zoom application is installed, it will be launched.

Versions

It was fine up to CEF 127, but crashes after 128. I cannot reproduce the phenomenon with Google Chrome.

CEF Forum https://www.magpcss.org/ceforum/viewtopic.php?f=6&t=20000

magreenblatt commented 2 weeks ago

Partial stack trace from the forum post:

    libcef.dll!logging::CheckError::~CheckError() 行 334   C++
    libcef.dll!base::ScopedValidateSequenceChecker::ScopedValidateSequenceChecker(const base::SequenceCheckerImpl & checker) 行 21   C++
    [インライン フレーム] libcef.dll!base::internal::WeakReference::Flag::IsValid() 行 38   C++
    libcef.dll!base::internal::WeakReference::IsValid() 行 75   C++
    [インライン フレーム] libcef.dll!base::WeakPtr<content::RenderFrameHost>::get() 行 236   C++
    [インライン フレーム] libcef.dll!content::WeakDocumentPtr::AsRenderFrameHostIfValid() 行 43   C++
    libcef.dll!`anonymous namespace'::HandleExternalProtocolHelper(ChromeContentBrowserClientCef * self, base::RepeatingCallback<content::WebContents *()> web_contents_getter, int frame_tree_node_id, content::NavigationUIData * navigation_data, bool is_primary_main_frame, bool is_in_fenced_frame_tree, network::mojom::WebSandboxFlags sandbox_flags, const network::ResourceRequest & resource_request, const std::__Cr::optional<url::Origin> & initiating_origin, content::WeakDocumentPtr initiator_document) 行 64   C++
    ...
    libcef.dll!net_service::`anonymous namespace'::InterceptedRequestHandlerWrapper::OnRequestComplete(int request_id, const network::ResourceRequest & request, const network::URLLoaderCompletionStatus & status) 行 1124   C++
    libcef.dll!net_service::InterceptedRequest::OnDestroy() 行 1162   C++

Looks like the WeakDocumentPtr is being accessed on the wrong thread. InterceptedRequestHandlerWrapper::OnRequestComplete (the caller) is running on the IO thread, but HandleExternalProtocolHelper should be called on the UI thread.