Details
-
Bug
-
Resolution: Fixed
-
P1: Critical
-
6.2.4
-
Windows
-
2b24435c7 (dev), 99094c116 (6.5)
Description
When QWebEngineProcess is terminated somehow and the client application was just trying to run a JavaScript through the QWebEnginePage object then that may lead to crash with following ending stack
Qt6WebEngineCore.dll!content::RenderFrameHostImpl::ExecuteJavaScript(const std::wstring & javascript={...}, base::OnceCallback<void __cdecl(base::Value)> callback={...}) Line 1809 C++ > Qt6WebEngineCore.dll!QtWebEngineCore::WebContentsAdapter::runJavaScriptCallbackResult(const QString & javaScript={...}, unsigned int worldId=0) Line 1076 C++ Qt6WebEngineCore.dll!QWebEnginePage::runJavaScript(const QString & scriptSource={...}, const std::function<void __cdecl(QVariant const &)> & resultCallback={...}) Line 2017 C++
Looks like
ender_frame_host_impl.cc is not checking null pointer condition before calling JavaScriptExecuteRequest.
void RenderFrameHostImpl::ExecuteJavaScript(const base::string16& javascript, JavaScriptResultCallback callback) { DCHECK_CURRENTLY_ON(BrowserThread::UI); CHECK(CanExecuteJavaScript()); const bool wants_result = !callback.is_null(); GetMojomFrameInRenderer()->JavaScriptExecuteRequest(javascript, wants_result, std::move(callback)); }
Unfortunately there is no reproducer or definitive steps to crash but terminated QWebEngineProcess.exe and then making JavaScript run is leading to throw an exception and crash.