Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: crash when invoking login callback synchronously #30068

Merged
merged 1 commit into from Jul 12, 2021
Merged

Conversation

@nornagon
Copy link
Member

@nornagon nornagon commented Jul 9, 2021

Description of Change

Closes #30065.

This is because somehow the LoginHandler is deleted while calling Emit(), so
accessing the auth_required_callback_ member variable after that is a
segmentation fault.

It looks like calling cb() from JS ultimately ends up deleting the
LoginHandler:
https://source.chromium.org/chromium/chromium/src/+/main:content/browser/storage_partition_impl.cc;l=523;drc=ded7717f5252a0c9d9de56bc22483b195d1801e0.

So this crashes:

if (!default_prevented && auth_required_callback_) {
because this has been deleted.

We can work around that by taking a weak ptr before the Emit call and checking it afterwards, to guard against deletion. In that situation, auth_required_callback_ would have been null anyway, so there shouldn't be any behavior change.

Checklist

Release Notes

Notes: Fixed a crash when calling the webContents.on('login') callback synchronously.

@nornagon
Copy link
Member Author

@nornagon nornagon commented Jul 12, 2021

test failures are unrelated; merging.

@nornagon nornagon merged commit e26901a into main Jul 12, 2021
14 of 18 checks passed
@nornagon nornagon deleted the fix-proxy-crash branch Jul 12, 2021
@release-clerk
Copy link

@release-clerk release-clerk bot commented Jul 12, 2021

Release Notes Persisted

Fixed a crash when calling the webContents.on('login') callback synchronously.

@trop
Copy link
Contributor

@trop trop bot commented Jul 12, 2021

I was unable to backport this PR to "13-x-y" cleanly;
you will need to perform this backport manually.

@trop trop bot removed the target/13-x-y label Jul 12, 2021
@trop
Copy link
Contributor

@trop trop bot commented Jul 12, 2021

I was unable to backport this PR to "12-x-y" cleanly;
you will need to perform this backport manually.

@trop
Copy link
Contributor

@trop trop bot commented Jul 12, 2021

I have automatically backported this PR to "14-x-y", please check out #30090

@trop
Copy link
Contributor

@trop trop bot commented Jul 12, 2021

@nornagon has manually backported this PR to "13-x-y", please check out #30091

@trop
Copy link
Contributor

@trop trop bot commented Jul 12, 2021

@nornagon has manually backported this PR to "12-x-y", please check out #30092

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

2 participants