[Bug]: Crash when loading iframe with custom protocol from file://

[jogibear9988]

Preflight Checklist

• I have read the Contributing Guidelines for this project.
• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for a feature request that matches the one I want to file, without success.

Electron Version

12.0.2
"electron-packager": "^15.2.0",

What operating system are you using?

Windows

Operating System Version

Windows 10 20H2

What arch are you using?

x64

Last Known Working Electron version

No response

Expected Behavior

Electron should not crash

Actual Behavior

Electron crashes when adding iframe

Testcase Gist URL

No response

app.zip

I've the following component wich crashes electron:

export class SimpleReportViewer extends HTMLElement {
	constructor() {
		super();
		this.attachShadow({ mode: 'open' });
		this.container = document.createElement('div');
		this.shadowRoot.appendChild(this.container);
	}
	loadIframe() {
		if (this.isConnected) {
			this._iframe = document.createElement("iframe");
			this._iframe.style.width = "100%";
			this._iframe.style.height = "100%";
			this._iframe.src = '/iframe.html';
			this.container.appendChild(this._iframe);
		}
	}
	connectedCallback() {
		this.loadIframe();
	}
}
customElements.define('simple-report-viewer', SimpleReportViewer);

[jogibear9988]

I've added a sample.zip
Cause we use imports we created a index.js wich can directly load imports from the js files

[jogibear9988]

I've simplified the sample app little bit.

After 5 seconds it crashes, cause the iframe is added to the dom after 5 seconds.

app.zip

In the app.zip is the content of the 'resources\app' folder of the electron build

[ckerr]

$ yarn list | wc --lines
4879
$ yarn build
yarn run v1.22.10
$ webpack --mode development
/bin/sh: 1: webpack: not found
error Command failed with exit code 127.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

Thanks for reporting this and helping to make Electron better!

Because of time constraints, triaging code with third-party dependencies is usually not feasible for a small team like Electron's.

Would it be possible for you to make a standalone testcase with only the code necessary to reproduce the issue? For example, Electron Fiddle is a great tool for making small test cases and makes it easy to publish your test case to a gist that Electron maintainers can use.

Stand-alone test cases make fixing issues go more smoothly: it ensure everyone's looking at the same issue, it removes all unnecessary variables from the equation, and it can also provide the basis for automated regression tests.

I'm adding the blocked/need-repro label for this reason. After you make a test case, please link to it in a followup comment.

Thanks in advance! Your help is appreciated.

[jogibear9988]

app.zip

there are no 3rd party dependecies. look at the app.zip.
The last one had a few in the package.json, but they were not used.

Here a fiddle:
https://gist.github.com/1677c0f3c568558a2d8afaea6d956414

[jogibear9988]

In the Fiddle the Iframe refreces to "index.html" cause I don't know how to add additional files to the fiddle. But the crash is the same.

@ckerr
do you need more info?

[jogibear9988]

It crashes after 5 seconds, cause then I add the iframe to the DOM

[jogibear9988]

@ckerr could I help with some more?

[nornagon]

I can reproduce with the fiddle on macOS. Here's the stack trace:

Operating system: Mac OS X
                  10.15.7 19H524
CPU: amd64
     family 6 model 158 stepping 9
     8 CPUs

GPU: UNKNOWN

Crash reason:  EXC_BREAKPOINT / EXC_I386_BPT
Crash address: 0x10c3f95a8
Process uptime: 6 seconds

Thread 0 (crashed)
 0  Electron Framework!content::NavigationRequest::GetOriginForURLLoaderFactory() [navigation_request.cc : 4633 + 0x0]
    rax = 0x0000000000000000   rdx = 0x00000000000be2c0
    rcx = 0x0000000000000000   rbx = 0x0000000000000007
    rsi = 0x00007fbc3b100000   rdi = 0x00007ffee57988b0
    rbp = 0x00007ffee5798ab0   rsp = 0x00007ffee57989f0
     r8 = 0x0000000000004334    r9 = 0x0000000000000003
    r10 = 0x00007fbc3b100000   r11 = 0x0000000000000000
    r12 = 0x00007fbc36189800   r13 = 0x00007fbc36189800
    r14 = 0x00007ffee5798d30   r15 = 0x00007fbc36190a00
    rip = 0x000000010c3f95a8
    Found by: given as instruction pointer in context
 1  Electron Framework!content::NavigationRequest::CommitNavigation() [navigation_request.cc : 3307 + 0xb]
    rbp = 0x00007ffee5798e30   rsp = 0x00007ffee5798ac0
    rip = 0x000000010c3f3571
    Found by: previous frame's frame pointer
 2  Electron Framework!content::NavigationRequest::OnWillProcessResponseProcessed(content::NavigationThrottle::ThrottleCheckResult) [navigation_request.cc : 4070 + 0xb]
    rbp = 0x00007ffee5798ee0   rsp = 0x00007ffee5798e40
    rip = 0x000000010c3f9c6d
    Found by: previous frame's frame pointer
 3  Electron Framework!content::NavigationRequest::OnNavigationEventProcessed(content::NavigationThrottleRunner::Event, content::NavigationThrottle::ThrottleCheckResult) [navigation_request.cc : 3962 + 0xb]
    rbp = 0x00007ffee5798fa0   rsp = 0x00007ffee5798ef0
    rip = 0x000000010c3f99a1
    Found by: previous frame's frame pointer
 4  Electron Framework!content::NavigationThrottleRunner::ProcessInternal() [navigation_throttle_runner.cc : 214 + 0xe]
    rbp = 0x00007ffee5799070   rsp = 0x00007ffee5798fb0
    rip = 0x000000010c401410
    Found by: previous frame's frame pointer
 5  Electron Framework!content::protocol::TargetHandler::Throttle::Clear() [target_handler.cc : 561 + 0x9]
    rbp = 0x00007ffee57990a0   rsp = 0x00007ffee5799080
    rip = 0x000000010ee27f16
    Found by: previous frame's frame pointer
 6  Electron Framework!content::DevToolsSession::DispatchProtocolMessageInternal(crdtp::Dispatchable, base::span<unsigned char const, 18446744073709551615ul>) [callback.h : 101 + 0x3]
    rbp = 0x00007ffee5799170   rsp = 0x00007ffee57990b0
    rip = 0x000000010c31a42f
    Found by: previous frame's frame pointer
 7  Electron Framework!content::DevToolsSession::DispatchProtocolMessage(base::span<unsigned char const, 18446744073709551615ul>) [devtools_session.cc : 292 + 0x4c]
    rbp = 0x00007ffee57993f0   rsp = 0x00007ffee5799180
    rip = 0x000000010c31a1ec
    Found by: previous frame's frame pointer
 8  Electron Framework!bool (anonymous namespace)::ParseAndHandle<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&>(base::RepeatingCallback<void (std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)> const&, base::OnceCallback<void (base::Value const*)>, base::ListValue const&) [callback.h : 168 + 0x3]
    rbp = 0x00007ffee5799450   rsp = 0x00007ffee5799400
    rip = 0x0000000111e447a4
    Found by: previous frame's frame pointer
 9  Electron Framework!base::internal::Invoker<base::internal::BindState<bool (*)(base::RepeatingCallback<void (std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)> const&, base::OnceCallback<void (base::Value const*)>, base::ListValue const&), base::RepeatingCallback<void (std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)> >, bool (base::OnceCallback<void (base::Value const*)>, base::ListValue const&)>::Run(base::internal::BindStateBase*, base::OnceCallback<void (base::Value const*)>&&, base::ListValue const&) [bind_internal.h : 393 + 0x5]
    rbp = 0x00007ffee5799480   rsp = 0x00007ffee5799460
    rip = 0x0000000111e447f9
    Found by: previous frame's frame pointer
10  Electron Framework!DispatcherImpl::Dispatch(base::OnceCallback<void (base::Value const*)>, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, base::ListValue const*) [callback.h : 168 + 0x9]
    rbp = 0x00007ffee57994c0   rsp = 0x00007ffee5799490
    rip = 0x0000000111e43f6c
    Found by: previous frame's frame pointer
11  Electron Framework!electron::InspectableWebContents::HandleMessageFromDevToolsFrontend(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) [inspectable_web_contents.cc : 895 + 0x11]
    rbp = 0x00007ffee57996a0   rsp = 0x00007ffee57994d0
    rip = 0x000000010b593b40
    Found by: previous frame's frame pointer
12  Electron Framework!blink::mojom::DevToolsFrontendHostStubDispatch::Accept(blink::mojom::DevToolsFrontendHost*, mojo::Message*) [devtools_frontend.mojom.cc : 370 + 0x10]
    rbp = 0x00007ffee5799760   rsp = 0x00007ffee57996b0
    rip = 0x000000010e4361c0
    Found by: previous frame's frame pointer
13  Electron Framework!mojo::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message*) [interface_endpoint_client.cc : 554 + 0x9]
    rbp = 0x00007ffee57997f0   rsp = 0x00007ffee5799770
    rip = 0x000000010c7f79ba
    Found by: previous frame's frame pointer
14  Electron Framework!IPC::(anonymous namespace)::ChannelAssociatedGroupController::AcceptOnProxyThread(mojo::Message) [ipc_mojo_bootstrap.cc : 945 + 0xb]
    rbp = 0x00007ffee5799880   rsp = 0x00007ffee5799800
    rip = 0x000000010c936e1f
    Found by: previous frame's frame pointer
15  Electron Framework!base::internal::Invoker<base::internal::BindState<void (IPC::(anonymous namespace)::ChannelAssociatedGroupController::*)(mojo::Message), scoped_refptr<IPC::(anonymous namespace)::ChannelAssociatedGroupController>, mojo::Message>, void ()>::RunOnce(base::internal::BindStateBase*) [bind_internal.h : 498 + 0x9]
    rbp = 0x00007ffee5799920   rsp = 0x00007ffee5799890
    rip = 0x000000010c93518f
    Found by: previous frame's frame pointer
[...]

[nornagon]

It also crashes without devtools open, so it's not exclusively a devtools-related issue:

Crash reason:  EXC_BREAKPOINT / EXC_I386_BPT
Crash address: 0x107aa75a8
Process uptime: 5 seconds

Thread 0 (crashed)
 0  Electron Framework!content::NavigationRequest::GetOriginForURLLoaderFactory() [navigation_request.cc : 4633 + 0x0]
    rax = 0x0000000000000000   rdx = 0x0000000000011fc0
    rcx = 0x0000000000000000   rbx = 0x0000000000000005
    rsi = 0x00007fadb3700000   rdi = 0x00007ffee9145470
    rbp = 0x00007ffee9145670   rsp = 0x00007ffee91455b0
     r8 = 0x000000000000e5de    r9 = 0x0000000000000006
    r10 = 0x00007fadb3700000   r11 = 0x0000000000000000
    r12 = 0x00007fadb488d800   r13 = 0x00007fadb488d800
    r14 = 0x00007ffee91458f0   r15 = 0x00007fadb4906800
    rip = 0x0000000107aa75a8
    Found by: given as instruction pointer in context
 1  Electron Framework!content::NavigationRequest::CommitNavigation() [navigation_request.cc : 3307 + 0xb]
    rbp = 0x00007ffee91459f0   rsp = 0x00007ffee9145680
    rip = 0x0000000107aa1571
    Found by: previous frame's frame pointer
 2  Electron Framework!content::NavigationRequest::OnWillProcessResponseProcessed(content::NavigationThrottle::ThrottleCheckResult) [navigation_request.cc : 4070 + 0xb]
    rbp = 0x00007ffee9145aa0   rsp = 0x00007ffee9145a00
    rip = 0x0000000107aa7c6d
    Found by: previous frame's frame pointer
 3  Electron Framework!content::NavigationRequest::OnNavigationEventProcessed(content::NavigationThrottleRunner::Event, content::NavigationThrottle::ThrottleCheckResult) [navigation_request.cc : 3962 + 0xb]
    rbp = 0x00007ffee9145b60   rsp = 0x00007ffee9145ab0
    rip = 0x0000000107aa79a1
    Found by: previous frame's frame pointer
 4  Electron Framework!content::NavigationThrottleRunner::ProcessInternal() [navigation_throttle_runner.cc : 214 + 0xe]
    rbp = 0x00007ffee9145c30   rsp = 0x00007ffee9145b70
    rip = 0x0000000107aaf410
    Found by: previous frame's frame pointer
 5  Electron Framework!content::NavigationRequest::OnResponseStarted(mojo::StructPtr<network::mojom::URLLoaderClientEndpoints>, mojo::StructPtr<network::mojom::URLResponseHead>, mojo::ScopedHandleBase<mojo::DataPipeConsumerHandle>, content::GlobalRequestID, bool, content::NavigationDownloadPolicy, net::NetworkIsolationKey, base::Optional<content::SubresourceLoaderParams>) [navigation_request.cc : 4242 + 0xa]
    rbp = 0x00007ffee9145f60   rsp = 0x00007ffee9145c40
    rip = 0x0000000107aa4020
    Found by: previous frame's frame pointer
 6  Electron Framework!content::NavigationURLLoaderImpl::NotifyResponseStarted(mojo::StructPtr<network::mojom::URLResponseHead>, mojo::StructPtr<network::mojom::URLLoaderClientEndpoints>, mojo::ScopedHandleBase<mojo::DataPipeConsumerHandle>, content::GlobalRequestID const&, bool) [navigation_url_loader_impl.cc : 1258 + 0x2d]
    rbp = 0x00007ffee9146130   rsp = 0x00007ffee9145f70
    rip = 0x0000000107a2f5fa
    Found by: previous frame's frame pointer
 7  Electron Framework!void base::internal::FunctorTraits<void (content::NavigationURLLoaderImpl::*)(mojo::StructPtr<network::mojom::URLResponseHead>, mojo::StructPtr<network::mojom::URLLoaderClientEndpoints>, mojo::ScopedHandleBase<mojo::DataPipeConsumerHandle>, content::GlobalRequestID const&, bool), void>::Invoke<void (content::NavigationURLLoaderImpl::*)(mojo::StructPtr<network::mojom::URLResponseHead>, mojo::StructPtr<network::mojom::URLLoaderClientEndpoints>, mojo::ScopedHandleBase<mojo::DataPipeConsumerHandle>, content::GlobalRequestID const&, bool), base::WeakPtr<content::NavigationURLLoaderImpl>, mojo::StructPtr<network::mojom::URLResponseHead>, mojo::StructPtr<network::mojom::URLLoaderClientEndpoints>, mojo::ScopedHandleBase<mojo::DataPipeConsumerHandle>, content::GlobalRequestID, bool>(void (content::NavigationURLLoaderImpl::*)(mojo::StructPtr<network::mojom::URLResponseHead>, mojo::StructPtr<network::mojom::URLLoaderClientEndpoints>, mojo::ScopedHandleBase<mojo::DataPipeConsumerHandle>, content::GlobalRequestID const&, bool), base::WeakPtr<content::NavigationURLLoaderImpl>&&, mojo::StructPtr<network::mojom::URLResponseHead>&&, mojo::StructPtr<network::mojom::URLLoaderClientEndpoints>&&, mojo::ScopedHandleBase<mojo::DataPipeConsumerHandle>&&, content::GlobalRequestID&&, bool&&) [bind_internal.h : 498 + 0x6]
    rbp = 0x00007ffee9146190   rsp = 0x00007ffee9146140
    rip = 0x0000000107a31893
    Found by: previous frame's frame pointer
 8  Electron Framework!base::internal::Invoker<base::internal::BindState<void (content::NavigationURLLoaderImpl::*)(mojo::StructPtr<network::mojom::URLResponseHead>, mojo::StructPtr<network::mojom::URLLoaderClientEndpoints>, mojo::ScopedHandleBase<mojo::DataPipeConsumerHandle>, content::GlobalRequestID const&, bool), base::WeakPtr<content::NavigationURLLoaderImpl>, mojo::StructPtr<network::mojom::URLResponseHead>, mojo::StructPtr<network::mojom::URLLoaderClientEndpoints>, mojo::ScopedHandleBase<mojo::DataPipeConsumerHandle>, content::GlobalRequestID, bool>, void ()>::RunOnce(base::internal::BindStateBase*) [bind_internal.h : 657 + 0xb]
    rbp = 0x00007ffee91461c0   rsp = 0x00007ffee91461a0
    rip = 0x0000000107a317e8
    Found by: previous frame's frame pointer
 9  Electron Framework!base::internal::Invoker<base::internal::BindState<content::NavigationURLLoaderImpl::ParseHeaders(GURL const&, network::mojom::URLResponseHead*, base::OnceCallback<void ()>)::$_1, base::OnceCallback<void ()>, network::mojom::URLResponseHead*>, void (mojo::StructPtr<network::mojom::ParsedHeaders>)>::RunOnce(base::internal::BindStateBase*, mojo::StructPtr<network::mojom::ParsedHeaders>&&) [callback.h : 101 + 0x7]
    rbp = 0x00007ffee9146210   rsp = 0x00007ffee91461d0
    rip = 0x000000010a59fc20
    Found by: previous frame's frame pointer
10  Electron Framework!network::mojom::NetworkContext_ParseHeaders_ForwardToCallback::Accept(mojo::Message*) [callback.h : 101 + 0x6]
    rbp = 0x00007ffee91462b0   rsp = 0x00007ffee9146220
    rip = 0x000000010958800a
    Found by: previous frame's frame pointer
11  Electron Framework!mojo::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message*) [interface_endpoint_client.cc : 549 + 0xd]
    rbp = 0x00007ffee9146340   rsp = 0x00007ffee91462c0
    rip = 0x0000000107ea5bdc
    Found by: previous frame's frame pointer
[...]

[nornagon]

Given that the crash signal is EXC_BREAKPOINT, it's probably a CHECK, and I'd suspect it's this one: https://source.chromium.org/chromium/chromium/src/+/refs/tags/89.0.4389.69:content/browser/renderer_host/navigation_request.cc;l=4618;drc=b909f91ee6ea438f301722c5160dede14729b5ae

  CHECK(policy->CanAccessDataForOrigin(process_id, origin));

here are some relevant crash keys from the dump:

"can_access_data_failure_reason": "[BI=2]lock_mismatch:url "
"expected_process_lock": "{ file:/// }"
"killed_process_origin_lock": "{ app: }"
"navigation_request_initiator": "file:// [internally: file://]"
"navigation_request_url": "app://./index.html"
"requested_origin": "null [internally: (F19BCCD12217F40A1C1F608739EB0A90) derived from file://]"

these are set here: https://source.chromium.org/chromium/chromium/src/+/master:content/browser/child_process_security_policy_impl.cc;l=162-169;drc=3b8eb3bbb3a272c0bbc92311edff4caa7194e258

[jogibear9988]

@nornagon is there any fix I can use in my index.js ?

[nornagon]

@jogibear9988 try loading the main frame from the app:// protocol instead of file://.

[jogibear9988]

Okay, this will fix the crash & it works:

     win.loadURL('app://./index.html');

[mahnunchik]

@codebytere it is related not only for file protocol, even http/s pages with link to custom protocol crashes the app.

[kwyntes]

Are there any updates on this? Any workarounds? I need to render a local PDF using an iframe and the same crash occurs.

[george-thomas-hill]

I tried loading my index.html file from the "app://" protocol, and I got the following error message: "Could not find any application or handler for app://..."

[mblouka]

Can also confirm this crashes, even with registering a HTTP protocol. This is actively debilitating the development of my open-source project.

[JoeyIsAPanda]

I'm also encountering this crash when using any custom protocol, but only when the callback is called. Easiest way to replicate is to clone the electron quick start repo, register a protocol in the main.ts, call the callback function in the handler and add a link in the index.html that references that protocol. Then remove the callback function and it won't crash.

[george-thomas-hill]

Thank you!

[george-thomas-hill]

@ckerr @nornagon @codebytere :

Update:

I'm still finding (in Electron 21.2.0) that loading a PDF in an iFrame fails to display the PDF, and loading a PDF in a webview crashes Electron.

Here's an Electron Fiddle gist that demonstrates this:

https://gist.github.com/george-thomas-hill/c3179e6eddeb1a2715201a20dbf95015

Could you please re-open this bug and take another look?

Thank you so much!

[nornagon]

@george-thomas-hill looks like this is tracked in #33907, so no need to reopen this.

[george-thomas-hill]

@nornagon OK. Thank you!