[Bug]: Crash when Using mpv.js on Latest Version of Electron

Preflight Checklist

Electron Version

12.0.1

What operating system are you using?

Windows

Operating System Version

Windows 10 Pro 2020

What arch are you using?

x64

Last Known Working Electron version

11.3.0

Expected Behavior

The app works perfectly fine with an embedded video player.

Actual Behavior

The app crashes when creating an element with an embedded video player.

Testcase Gist URL

https://github.com/pavladan/mpv.js-on-react

Change the version of electron to 12.0.1 to see the crash, 11.3.0 works perfectly fine.

Note: In order to see the crash on 12.0.1, adjustments to the settings must be made

const win = new BrowserWindow({
    width: 1280,
    height: 574,
    autoHideMenuBar: true,
    useContentSize: process.platform !== "linux",
    title: "mpv.js example player",
    webPreferences: {
      nodeIntegration: true,
      plugins: true,
      enableRemoteModule: true,
      nodeIntegrationInSubFrames: true,
      contextIsolation: false,
      worldSafeExecuteJavaScript: false
    },
  });

1 possible answer(s) on “[Bug]: Crash when Using mpv.js on Latest Version of Electron

  1. Thanks for that crash dump @NADESHIKON, that gives me everything I need to solve this issue 🙂

    Here’s the symbolicated stack trace:

    Crash reason:  EXCEPTION_BREAKPOINT
    Crash address: 0x7ff6d42e9bff
    Process uptime: 1 seconds
    
    Thread 9 (crashed)
     0  electron.exe!content::PluginServiceImpl::FindOrStartPpapiPluginProcess(int,url::Origin const &,base::FilePath const &,base::FilePath const &,base::Optional<url::Origin> const &) [plugin_service_impl.cc : 202 + 0x0]
        rax = 0x00000000000000ff   rdx = 0x00000001053fe720
        rcx = 0x00002254001a0000   rbx = 0x00000001053fe720
        rsi = 0x00000001053fe770   rdi = 0x000022540006e800
        rbp = 0x0000000000000004   rsp = 0x00000001053fe3d0
         r8 = 0x00002254000f8788    r9 = 0x0000000000000004
        r10 = 0x00002254000bb2d0   r11 = 0x00002254000b4e70
        r12 = 0x00000001053fe788   r13 = 0x00000001053fe770
        r14 = 0x00000001053fe788   r15 = 0x00002254000f8788
        rip = 0x00007ff6d42e9bff
        Found by: given as instruction pointer in context
     1  electron.exe!content::PluginServiceImpl::OpenChannelToPpapiPlugin(int,url::Origin const &,base::FilePath const &,base::FilePath const &,base::Optional<url::Origin> const &,content::PpapiPluginProcessHost::PluginClient *) [plugin_service_impl.cc : 245 + 0xa]
        rbx = 0x00000001053fe720   rbp = 0x0000000000000004
        rsp = 0x00000001053fe5e0   r12 = 0x00000001053fe788
        r13 = 0x00000001053fe770   r14 = 0x00000001053fe788
        r15 = 0x00002254000f8788   rip = 0x00007ff6d6e7406f
        Found by: call frame info
     2  electron.exe!content::RenderFrameMessageFilter::OnOpenChannelToPepperPlugin(url::Origin const &,base::FilePath const &,base::Optional<url::Origin> const &,IPC::Message *) [render_frame_message_filter.cc : 173 + 0x27]
        rbx = 0x00000001053fe720   rbp = 0x0000000000000004
        rsp = 0x00000001053fe640   r12 = 0x00000001053fe788
        r13 = 0x00000001053fe770   r14 = 0x00000001053fe788
        r15 = 0x00002254000f8788   rip = 0x00007ff6d6e930cd
        Found by: call frame info
     3  electron.exe!bool IPC::MessageT<FrameHostMsg_OpenChannelToPepperPlugin_Meta,std::tuple<url::Origin,base::FilePath,base::Optional<url::Origin> >,std::tuple<IPC::ChannelHandle,unsigned long,int> >::DispatchDelayReply<content::RenderFrameMessageFilter,void,void (content::RenderFrameMessageFilter::*)(const url::Origin &, const base::FilePath &, const base::Optional<url::Origin> &, IPC::Message *)>(const class IPC::Message *, class content::RenderFrameMessageFilter *, void *,  *) [ipc_message_templates.h : 223 + 0x1f]
        rbx = 0x00000001053fe720   rbp = 0x0000000000000004
        rsp = 0x00000001053fe6b0   r12 = 0x00000001053fe788
        r13 = 0x00000001053fe770   r14 = 0x00000001053fe788
        r15 = 0x00002254000f8788   rip = 0x00007ff6d42ebe0a
        Found by: call frame info
     4  electron.exe!content::RenderFrameMessageFilter::OnMessageReceived(IPC::Message const &) [render_frame_message_filter.cc : 121 + 0x4c]
        rbx = 0x00000001053fe720   rbp = 0x0000000000000004
        rsp = 0x00000001053fe830   r12 = 0x00000001053fe788
        r13 = 0x00000001053fe770   r14 = 0x00000001053fe788
        r15 = 0x00002254000f8788   rip = 0x00007ff6d6e92b89
        Found by: call frame info
    [...]
    

    That’s a CHECK on this line: https://source.chromium.org/chromium/chromium/src/+/refs/tags/89.0.4389.82:content/browser/plugin_service_impl.cc;l=202

    My best guess is that the actual CHECK being hit is in origin_lock.value() (optional.h:648), i.e. origin_lock is empty. This would be the case if IsOriginIsolatedPepperPlugin returned false (render_frame_impl.cc:2687), which is the case for everything except the PDF plugin. This code should only be getting hit if the plugin is requesting the PDF permission, but I think command-line plugins request all permissions.

    This change seems to have been introduced by https://source.chromium.org/chromium/chromium/src/+/37893bf803b256be100b1bd1805abcd069c33140, which states in the commit message:

    This change requires that FindOrStartPpapiPluginProcess always sees a
    non-null origin_lock – this is accomplished by isolating all
    non-NaCl plugins in IsOriginIsolatedPepperPlugin (also avoiding
    isolation in presence of the –ppapi-in-process switch used by some
    tests).

    That change also started returning true from IsOriginIsolatedPepperPlugin for almost everything. We should probably follow suit.