Details
-
Bug
-
Resolution: Out of scope
-
P2: Important
-
None
-
5.14.1, 5.15.2, 5.15.7
-
None
Description
When you add a new HDD to Windows, you have two options: assign it a letter (DOS-style) or mount it in an empty NTFS folder (Unix-style). Both are done via Control Panel -> Computer Management -> Disk Management.
When a second method is used to mount a drive in an empty NTFS folder, QWebEngine/chromium is built with OFFICIAL_BUILD macro not defined (debug build), and deployed on such a mounted drive, it crashes on any attempt to use QWebEngine. UPD: This crash is reproducible with the official binary build of Qt 5.15.2, which is the latest build with web engine at the moment.
This happens because:
src\qtwebengine\src\3rdparty\chromium\services\service_manager\sandbox\win\sandbox_win.cc:
// Add the policy for read-only PDB file access for stack traces.
#if !defined(OFFICIAL_BUILD)
base::FilePath exe;
if (!base::PathService::Get(base::FILE_EXE, &exe))
return sandbox::SBOX_ERROR_GENERIC;
base::FilePath pdb_path = exe.DirName().Append(L"*.pdb");
result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
sandbox::TargetPolicy::FILES_ALLOW_READONLY,
pdb_path.value().c_str());
if (result != sandbox::SBOX_ALL_OK)
return result;
#endif
From there it goes (via a few intermediate methods) to:
src\qtwebengine\src\3rdparty\chromium\sandbox\win\src\filesystem_policy.cc
FileSystemPolicy::GenerateRules(<path on a mounted drive*.pdb>)
->
FileSystemPolicy::PreProcessName(<path on a mounted drive*.pdb>)
->
src\qtwebengine\src\3rdparty\chromium\sandbox\win\src\win_utils.cc
IsReparsePoint(<path on a mounted drive*.pdb>)
The last function calls ::GetFileAttributes for every component of the path and checks FILE_ATTRIBUTE_REPARSE_POINT attribute. This attribute is set for the directory where a drive is mounted, which is correct. Therefore IsReparsePoint returns ERROR_SUCCESS.
This causes StartSandboxesProcess to fail and the application to crash in the LogMessage destructor:
#if defined(OFFICIAL_BUILD) && defined(NDEBUG)
IMMEDIATE_CRASH();
#else
base::debug::BreakDebugger();
#endif