[Bug]: URL passed into additionalArguments crashes renderer

[samuelmaddock]

Preflight Checklist

• I have read the Contributing Guidelines for this project.
• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for a feature request that matches the one I want to file, without success.

Electron Version

14.0.1

What operating system are you using?

Windows

Operating System Version

Windows 10 21H1

What arch are you using?

x64

Last Known Working Electron version

13.5.0

Expected Behavior

Passing a URL into additionalArguments does not crash renderers.

const mainWindow = new BrowserWindow({
  width: 800,
  height: 600,
  webPreferences: {
    preload: path.join(__dirname, 'preload.js'),
    additionalArguments: [ 'https://foo' ]
  }
})

Actual Behavior

Passing a URL into additionalArguments does crash renderers.

Testcase Gist URL

https://gist.github.com/samuelmaddock/c05879cc1efd83d384001b60eeff3d24

Additional Information

No response

[codebytere]

Bisected to v14.0.0-beta.3...v14.0.0-beta.5

Stacktrace

[11504:0928/115315.887:FATAL:observer_list.h(272)] Check failed: false. Observers can only be added once!
Backtrace:
base::debug::CollectStackTrace [0x00007FF6B07F3A42+18] (o:\base\debug\stack_trace_win.cc:303)
base::debug::StackTrace::StackTrace [0x00007FF6B074BBB2+18] (o:\base\debug\stack_trace.cc:197)
logging::LogMessage::~LogMessage [0x00007FF6B076219E+190] (o:\base\logging.cc:590)
logging::LogMessage::~LogMessage [0x00007FF6B0763320+16] (o:\base\logging.cc:583)
base::ObserverList<electron::BrowserObserver,0,1,base::internal::CheckedObserverAdapter>::AddObserver [0x00007FF6AD153403+173] (o:\base\observer_list.h:272)
content::RenderProcessHostImpl::Init [0x00007FF6AFCC1F4F+319] (o:\content\browser\renderer_host\render_process_host_impl.cc:1951)
content::RenderFrameHostManager::CreateSpeculativeRenderFrameHost [0x00007FF6AFCB4DC3+185] (o:\content\browser\renderer_host\render_frame_host_manager.cc:2684)
content::RenderFrameHostManager::GetFrameHostForNavigation [0x00007FF6AFCB4063+1309] (o:\content\browser\renderer_host\render_frame_host_manager.cc:1065)
content::NavigationRequest::OnResponseStarted [0x00007FF6AFC58AE5+3653] (o:\content\browser\renderer_host\navigation_request.cc:3126)
content::NavigationURLLoaderImpl::NotifyResponseStarted [0x00007FF6AFAFF659+521] (o:\content\browser\loader\navigation_url_loader_impl.cc:1360)
base::internal::FunctorTraits<void (content::NavigationURLLoaderImpl::*)(mojo::StructPtr<network::mojom::URLResponseHead>, mojo::StructPtr<network::mojom::URLLoaderClientEndpoints>, mojo::ScopedHandleBase<mojo::DataPipeConsumerHandle>, const content::Glob [0x00007FF6AFB02534+146] (o:\base\bind_internal.h:509)
base::internal::Invoker<base::internal::BindState<void (content::NavigationURLLoaderImpl::*)(mojo::StructPtr<network::mojom::URLResponseHead>, mojo::StructPtr<network::mojom::URLLoaderClientEndpoints>, mojo::ScopedHandleBase<mojo::DataPipeConsumerHandle>, [0x00007FF6AFB0248C+108] (o:\base\bind_internal.h:694)
base::internal::Invoker<base::internal::BindState<`lambda at ../../content/browser/loader/navigation_url_loader_impl.cc:1126:17',base::OnceCallback<void ()>,network::mojom::URLResponseHead *>,void (mojo::StructPtr<network::mojom::ParsedHeaders>)>::RunOnce [0x00007FF6AFB03919+105] (o:\base\bind_internal.h:690)
base::OnceCallback<void (mojo::StructPtr<network::mojom::ParsedHeaders>)>::Run [0x00007FF6AD4DB105+59] (o:\base\callback.h:100)
network::mojom::NetworkService_ParseHeaders_ForwardToCallback::Accept [0x00007FF6AD4DB06E+174] (o:\fake\prefix\gen\services\network\public\mojom\network_service.mojom.cc:2377)
mojo::InterfaceEndpointClient::HandleValidatedMessage [0x00007FF6B09AA521+1127] (o:\mojo\public\cpp\bindings\lib\interface_endpoint_client.cc:893)
mojo::MessageDispatcher::Accept [0x00007FF6B142D444+244] (o:\mojo\public\cpp\bindings\lib\message_dispatcher.cc:43)
mojo::InterfaceEndpointClient::HandleIncomingMessage [0x00007FF6B09AB899+97] (o:\mojo\public\cpp\bindings\lib\interface_endpoint_client.cc:655)
mojo::internal::MultiplexRouter::ProcessIncomingMessage [0x00007FF6B09B25FE+754] (o:\mojo\public\cpp\bindings\lib\multiplex_router.cc:1098)
mojo::internal::MultiplexRouter::Accept [0x00007FF6B09B2022+386] (o:\mojo\public\cpp\bindings\lib\multiplex_router.cc:722)
mojo::MessageDispatcher::Accept [0x00007FF6B142D444+244] (o:\mojo\public\cpp\bindings\lib\message_dispatcher.cc:43)
mojo::Connector::DispatchMessageW [0x00007FF6B09A8B03+475] (o:\mojo\public\cpp\bindings\lib\connector.cc:545)
mojo::Connector::ReadAllAvailableMessages [0x00007FF6B09A9421+257] (o:\mojo\public\cpp\bindings\lib\connector.cc:604)
mojo::Connector::OnHandleReadyInternal [0x00007FF6B09A9209+67] (o:\mojo\public\cpp\bindings\lib\connector.cc:439)
mojo::SimpleWatcher::OnHandleReady [0x00007FF6B09C5CBF+239] (o:\mojo\public\cpp\system\simple_watcher.cc:279)
base::TaskAnnotator::RunTask [0x00007FF6B07BB039+457] (o:\base\task\common\task_annotator.cc:178)
base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl [0x00007FF6B1313FD3+963] (o:\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc:361)
base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork [0x00007FF6B13136E9+137] (o:\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc:266)
base::MessagePumpForUI::DoRunLoop [0x00007FF6B07FD078+216] (o:\base\message_loop\message_pump_win.cc:221)
base::MessagePumpWin::Run [0x00007FF6B07FC63A+106] (o:\base\message_loop\message_pump_win.cc:79)
base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run [0x00007FF6B1314D5A+682] (o:\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc:470)
base::RunLoop::Run [0x00007FF6B079BBDA+842] (o:\base\run_loop.cc:136)
content::BrowserMainLoop::RunMainMessageLoop [0x00007FF6AF8E48FC+208] (o:\content\browser\browser_main_loop.cc:990)
content::BrowserMainRunnerImpl::Run [0x00007FF6AF8E655F+143] (o:\content\browser\browser_main_runner_impl.cc:153)
content::BrowserMain [0x00007FF6AF8E1E41+257] (o:\content\browser\browser_main.cc:49)
content::RunBrowserProcessMain [0x00007FF6AE447E68+112] (o:\content\app\content_main_runner_impl.cc:608)
content::ContentMainRunnerImpl::RunBrowser [0x00007FF6AE448E44+1220] (o:\content\app\content_main_runner_impl.cc:1104)
content::ContentMainRunnerImpl::Run [0x00007FF6AE448919+393] (o:\content\app\content_main_runner_impl.cc:971)
content::RunContentProcess [0x00007FF6AE44750D+733] (o:\content\app\content_main.cc:394)
content::ContentMain [0x00007FF6AE447B31+54] (o:\content\app\content_main.cc:422)
wWinMain [0x00007FF6AD141535+889] (o:\electron\shell\app\electron_main.cc:291)
__scrt_common_main_seh [0x00007FF6B542E542+262] (d:\A01\_work\6\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288)
BaseThreadInitThunk [0x00007FFACB5F7034+20]
RtlUserThreadStart [0x00007FFACD1C2651+33]
Task trace:
Backtrace:
mojo::SimpleWatcher::Context::Notify [0x00007FF6B09C5FE2+348] (o:\mojo\public\cpp\system\simple_watcher.cc:99)

Received fatal exception EXCEPTION_BREAKPOINT
Backtrace:
base::debug::BreakDebugger [0x00007FF6B07F2EBD+13] (o:\base\debug\debugger_win.cc:31)
logging::LogMessage::~LogMessage [0x00007FF6B07625A8+1224] (o:\base\logging.cc:895)
logging::LogMessage::~LogMessage [0x00007FF6B0763320+16] (o:\base\logging.cc:583)
base::ObserverList<electron::BrowserObserver,0,1,base::internal::CheckedObserverAdapter>::AddObserver [0x00007FF6AD153403+173] (o:\base\observer_list.h:272)
content::RenderProcessHostImpl::Init [0x00007FF6AFCC1F4F+319] (o:\content\browser\renderer_host\render_process_host_impl.cc:1951)
content::RenderFrameHostManager::CreateSpeculativeRenderFrameHost [0x00007FF6AFCB4DC3+185] (o:\content\browser\renderer_host\render_frame_host_manager.cc:2684)
content::RenderFrameHostManager::GetFrameHostForNavigation [0x00007FF6AFCB4063+1309] (o:\content\browser\renderer_host\render_frame_host_manager.cc:1065)
content::NavigationRequest::OnResponseStarted [0x00007FF6AFC58AE5+3653] (o:\content\browser\renderer_host\navigation_request.cc:3126)
content::NavigationURLLoaderImpl::NotifyResponseStarted [0x00007FF6AFAFF659+521] (o:\content\browser\loader\navigation_url_loader_impl.cc:1360)
base::internal::FunctorTraits<void (content::NavigationURLLoaderImpl::*)(mojo::StructPtr<network::mojom::URLResponseHead>, mojo::StructPtr<network::mojom::URLLoaderClientEndpoints>, mojo::ScopedHandleBase<mojo::DataPipeConsumerHandle>, const content::Glob [0x00007FF6AFB02534+146] (o:\base\bind_internal.h:509)
base::internal::Invoker<base::internal::BindState<void (content::NavigationURLLoaderImpl::*)(mojo::StructPtr<network::mojom::URLResponseHead>, mojo::StructPtr<network::mojom::URLLoaderClientEndpoints>, mojo::ScopedHandleBase<mojo::DataPipeConsumerHandle>, [0x00007FF6AFB0248C+108] (o:\base\bind_internal.h:694)
base::internal::Invoker<base::internal::BindState<`lambda at ../../content/browser/loader/navigation_url_loader_impl.cc:1126:17',base::OnceCallback<void ()>,network::mojom::URLResponseHead *>,void (mojo::StructPtr<network::mojom::ParsedHeaders>)>::RunOnce [0x00007FF6AFB03919+105] (o:\base\bind_internal.h:690)
base::OnceCallback<void (mojo::StructPtr<network::mojom::ParsedHeaders>)>::Run [0x00007FF6AD4DB105+59] (o:\base\callback.h:100)
network::mojom::NetworkService_ParseHeaders_ForwardToCallback::Accept [0x00007FF6AD4DB06E+174] (o:\fake\prefix\gen\services\network\public\mojom\network_service.mojom.cc:2377)
mojo::InterfaceEndpointClient::HandleValidatedMessage [0x00007FF6B09AA521+1127] (o:\mojo\public\cpp\bindings\lib\interface_endpoint_client.cc:893)
mojo::MessageDispatcher::Accept [0x00007FF6B142D444+244] (o:\mojo\public\cpp\bindings\lib\message_dispatcher.cc:43)
mojo::InterfaceEndpointClient::HandleIncomingMessage [0x00007FF6B09AB899+97] (o:\mojo\public\cpp\bindings\lib\interface_endpoint_client.cc:655)
mojo::internal::MultiplexRouter::ProcessIncomingMessage [0x00007FF6B09B25FE+754] (o:\mojo\public\cpp\bindings\lib\multiplex_router.cc:1098)
mojo::internal::MultiplexRouter::Accept [0x00007FF6B09B2022+386] (o:\mojo\public\cpp\bindings\lib\multiplex_router.cc:722)
mojo::MessageDispatcher::Accept [0x00007FF6B142D444+244] (o:\mojo\public\cpp\bindings\lib\message_dispatcher.cc:43)
mojo::Connector::DispatchMessageW [0x00007FF6B09A8B03+475] (o:\mojo\public\cpp\bindings\lib\connector.cc:545)
mojo::Connector::ReadAllAvailableMessages [0x00007FF6B09A9421+257] (o:\mojo\public\cpp\bindings\lib\connector.cc:604)
mojo::Connector::OnHandleReadyInternal [0x00007FF6B09A9209+67] (o:\mojo\public\cpp\bindings\lib\connector.cc:439)
mojo::SimpleWatcher::OnHandleReady [0x00007FF6B09C5CBF+239] (o:\mojo\public\cpp\system\simple_watcher.cc:279)
base::TaskAnnotator::RunTask [0x00007FF6B07BB039+457] (o:\base\task\common\task_annotator.cc:178)
base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl [0x00007FF6B1313FD3+963] (o:\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc:361)
base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork [0x00007FF6B13136E9+137] (o:\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc:266)
base::MessagePumpForUI::DoRunLoop [0x00007FF6B07FD078+216] (o:\base\message_loop\message_pump_win.cc:221)
base::MessagePumpWin::Run [0x00007FF6B07FC63A+106] (o:\base\message_loop\message_pump_win.cc:79)
base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run [0x00007FF6B1314D5A+682] (o:\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc:470)
base::RunLoop::Run [0x00007FF6B079BBDA+842] (o:\base\run_loop.cc:136)
content::BrowserMainLoop::RunMainMessageLoop [0x00007FF6AF8E48FC+208] (o:\content\browser\browser_main_loop.cc:990)
content::BrowserMainRunnerImpl::Run [0x00007FF6AF8E655F+143] (o:\content\browser\browser_main_runner_impl.cc:153)
content::BrowserMain [0x00007FF6AF8E1E41+257] (o:\content\browser\browser_main.cc:49)
content::RunBrowserProcessMain [0x00007FF6AE447E68+112] (o:\content\app\content_main_runner_impl.cc:608)
content::ContentMainRunnerImpl::RunBrowser [0x00007FF6AE448E44+1220] (o:\content\app\content_main_runner_impl.cc:1104)
content::ContentMainRunnerImpl::Run [0x00007FF6AE448919+393] (o:\content\app\content_main_runner_impl.cc:971)
content::RunContentProcess [0x00007FF6AE44750D+733] (o:\content\app\content_main.cc:394)
content::ContentMain [0x00007FF6AE447B31+54] (o:\content\app\content_main.cc:422)
wWinMain [0x00007FF6AD141535+889] (o:\electron\shell\app\electron_main.cc:291)
__scrt_common_main_seh [0x00007FF6B542E542+262] (d:\A01\_work\6\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288)
BaseThreadInitThunk [0x00007FFACB5F7034+20]
RtlUserThreadStart [0x00007FFACD1C2651+33]

Electron exited with code 2147483651.

@samuelmaddock also looks like this only happens with http(s) urls? Tried with some other arbitrary args (e.g. --my-magic-arg=foo) and no issue or crash 🤔

[samuelmaddock]

@samuelmaddock also looks like this only happens with http(s) urls? Tried with some other arbitrary args (e.g. --my-magic-arg=foo) and no issue or crash 🤔

That's the same behavior I observed as well. In my application I've switched to JSON-encoded args to avoid the issue for now.

e.g.

additionalArguments: [
  JSON.stringify({ url: 'https://foo' })
]

[simo-an]

I found that the additionalArguments's item contains ' : ' , the window will crash. The url is just an exception.

Like:

additionalArguments: ['1:1', 'https://baidu.com']

My electron version is '18.1.0'

Is there any suggestions to fix this issue?

Now, I use the temporary method like use btoa to encode it.

[github-actions]

This issue has been automatically marked as stale. If this issue is still affecting you, please leave any comment (for example, "bump"), and we'll keep it open. If you have any new additional information—in particular, if this is still reproducible in the latest version of Electron or in the beta—please include it with your comment!

[github-actions]

This issue has been closed due to inactivity, and will not be monitored. If this is a bug and you can reproduce this issue on a supported version of Electron please open a new issue and include instructions for reproducing the issue.

[pushkin-]

I can still reproduce the crash in v21. @samuelmaddock