Crash when allow_os_execution is set to true in CefResourceRequestHandler::OnProtocolExecution

Question

Crash when allow_os_execution is set to true in CefResourceRequestHandler::OnProtocolExecution

Closed this issue 2 months ago · 1 comments

My application set allow_os_execution to true at CefResourceRequestHandler::OnProtocolExecution.
However, this implementation crashes when opening zoom address.
Skype link crashes as well.

To Reproduce
It can also be reproduced with cefclient by changing ClientHandler::OnProtocolExecution.
Set allow_os_execution to true when the scheme is "zoommtg:"
(For Skype, use "skype:")

Expected behavior
If zoom application is installed, it will be launched.

Versions

OS: Windows 11 Pro 23H2 (Japanese)
CEF Version: cef_binary_129.0.11+g57354b8+chromium-129.0.6668.90_windows32
Visual Studio 2022 Version 17.11.5
Win SDK 10.0.22621.3233

It was fine up to CEF 127, but crashes after 128.
I cannot reproduce the phenomenon with Google Chrome.

CEF Forum
https://www.magpcss.org/ceforum/viewtopic.php?f=6&t=20000

Answer 1 · 2024-11-04T14:40:37.000Z

Partial stack trace from the forum post:

    libcef.dll!logging::CheckError::~CheckError() 行 334   C++
    libcef.dll!base::ScopedValidateSequenceChecker::ScopedValidateSequenceChecker(const base::SequenceCheckerImpl & checker) 行 21   C++
    [インライン フレーム] libcef.dll!base::internal::WeakReference::Flag::IsValid() 行 38   C++
    libcef.dll!base::internal::WeakReference::IsValid() 行 75   C++
    [インライン フレーム] libcef.dll!base::WeakPtr<content::RenderFrameHost>::get() 行 236   C++
    [インライン フレーム] libcef.dll!content::WeakDocumentPtr::AsRenderFrameHostIfValid() 行 43   C++
    libcef.dll!`anonymous namespace'::HandleExternalProtocolHelper(ChromeContentBrowserClientCef * self, base::RepeatingCallback<content::WebContents *()> web_contents_getter, int frame_tree_node_id, content::NavigationUIData * navigation_data, bool is_primary_main_frame, bool is_in_fenced_frame_tree, network::mojom::WebSandboxFlags sandbox_flags, const network::ResourceRequest & resource_request, const std::__Cr::optional<url::Origin> & initiating_origin, content::WeakDocumentPtr initiator_document) 行 64   C++
    ...
    libcef.dll!net_service::`anonymous namespace'::InterceptedRequestHandlerWrapper::OnRequestComplete(int request_id, const network::ResourceRequest & request, const network::URLLoaderCompletionStatus & status) 行 1124   C++
    libcef.dll!net_service::InterceptedRequest::OnDestroy() 行 1162   C++

Looks like the WeakDocumentPtr is being accessed on the wrong thread. InterceptedRequestHandlerWrapper::OnRequestComplete (the caller) is running on the IO thread, but HandleExternalProtocolHelper should be called on the UI thread.