chrome: Crash using some WebUI pages in Alloy-style browser

Question

chrome: Crash using some WebUI pages in Alloy-style browser

Closed this issue 5 months ago · 5 comments

WizardCM commented 5 months ago

Describe the bug

Rather than opening a new tab/window, the entire application crashes.

To Reproduce
Steps to reproduce the behavior:

Launch with Chrome Runtime and Alloy Style (see cefclient flags below)
Navigate to chrome://settings
Click on 'Autofill and passwords'
Click 'Password Manager'
Crash
Repeat steps 1 and 2
Click 'About Chromium'
Click 'Get help with Chromium'

Expected behavior

Either a new window should open, or nothing should happen.

Password Manager does work fine if opened directly chrome://password-manager

Screenshots

Versions (please complete the following information):

OS: Windows 10
CEF Version: 127.0

Additional context
Does the problem reproduce with the cefclient or cefsimple sample application at the same version?

Yes.

cefclient.exe --enable-chrome-runtime --use-alloy-style

Does the problem reproduce with Google Chrome at the same version?

No.

Add any other context about the problem here.

The same crash does not occur if a Chrome UI window is opened and then chrome://settings is used from there.

If preferred, I can split these two crashes into separate bug reports.

Answer 1 · 2024-08-06T20:32:56.000Z

Here's the error in the password manager case:

[61616:61612:0806/163110.874:FATAL:password_manager_handler.cc(42)] Check failed: current_broswer.

From PasswordManagerHandler::HandleShowPasswordManager.

Answer 2 · 2024-08-06T20:34:59.000Z

In the "Get help with Chromium" case |browser| is nullptr in AboutHandler::HandleOpenHelpPage.

Answer 3 · 2024-08-06T20:36:32.000Z

The solution in both cases is to just exit early after chrome::FindBrowserWithTab returns nullptr.

Answer 4 · 2024-08-07T16:58:33.000Z

The solution in both cases is to just exit early after chrome::FindBrowserWithTab returns nullptr.

We'll need to audit the callers of chrome::FindBrowserWithTab. Many check that |browser| is non-nullptr, but some don't.

In some cases it might be better to create a new Chrome-style browser to contain the command. For example, showing the password manager in a new window instead of simply ignoring the link click.

Alternately, we could force chrome://settings (and possibly other WebUI pages) to open in a Chrome-style browser in the first place.

Answer 5 · 2024-08-07T17:09:24.000Z

we could force chrome://settings (and possibly other WebUI pages) to open in a Chrome-style browser in the first place.

This is likely the best option, similar to the WebUI allowlist that we had with Alloy bootstrap.