Crash on resource load from extension in webview

[alexgor1]

NWJS Version : 0.26.5, 0.26.6, 0.27.3
Operating System : Linux, OSX

Expected behavior

It has to allow or deny resource loading from extension's content script in webview with chrome-extension: protocol instead of crash. The same as it handled for main page.

Actual behavior

• resource with chrome-extension: protocol is loaded successful from background script
• resource with chrome-extension: protocol is loaded successful from content script in main page
• but crashes on load resource with chrome-extension: protocol from content script in webview

How to reproduce

• set extension in chromium-args
• call nw.Window.open with URL to HTML

<html><body>
<webview src="about:blank" partition="persist:trusted"></webview>
</body></html>

• sample extension loads own resource in content script with XMLHttpRequest or SCRIPT tag with URL received from chrome.runtime.getURL call (URL will be in the form of chrome-extension://extensionID/resourcePath)
• extension manifest has "match_about_blank": true because of webview's src is set to blank
• extension loads own external resource with chrome-extension: protocol from content script on main page
• extension loads own external resource with chrome-extension: protocol from background script (removed from min sample attached for simplicity)
• nwjs crashes when content script in webview loads own external resource with chrome-extension: protocol

attached min sample: nw-crash.zip

notes:

• don't forget to replace path to extension in provided sample in app/package.json -> chromium-args -> load-extension to unzipped extension folder
• crash appeared first on 0.24.0 version and probably relates to fix nw version 23.5 -load-extension :ERR_BLOCKED_BY_CLIENT #6004: enable extensions in webview
  crash dump for osx sdk version 0.26.5: 663502ad-6a6b-4a53-aae7-79fb9727ab68.dmp.zip
• it can crash on some sites in src attribute of webview and doesn't crash on others, but i attached min sample where it crashes
• moreover it looks like it crashes sometime even on loading from main page without strict reproducing. It appeared several times when there was no network connection. Main ui was loaded from localhost (crash dump for this special case for linux sdk version 0.26.6:
  7edf956e-6f61-4b1c-611307a1-2107e402.dmp.zip

top of crash dump 663502ad-6a6b-4a53-aae7-79fb9727ab68 is:

Operating system: Mac OS X
                  10.11.6 15G31
CPU: amd64
     family 6 model 60 stepping 3
     4 CPUs

GPU: UNKNOWN

Crash reason:  EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Crash address: 0x188
Process uptime: 3 seconds

Thread 26 (crashed)
 0  nwjs Framework!extensions::Extension::is_nwjs_app() const [memory : 2519 + 0x0]
    rax = 0x0000000000000003   rdx = 0x0000000000000020
    rcx = 0x0000000000000000   rbx = 0x00007f8b9e0a96c0
    rsi = 0x0000000111c74f92   rdi = 0x0000000000000000
    rbp = 0x0000700008cdd820   rsp = 0x0000700008cdd820
     r8 = 0x0000000000000000    r9 = 0x0000000000000060
    r10 = 0xffffffffffffffc0   r11 = 0xfffff0746ab60280
    r12 = 0x0000000000000000   r13 = 0x0000700008cdda7f
    r14 = 0x0000700008cdd9b0   r15 = 0x0000700008cdd9e0
    rip = 0x000000010f51dd04
    Found by: given as instruction pointer in context
 1  nwjs Framework!extensions::url_request_util::AllowCrossRendererResourceLoadHelper(bool, extensions::Extension const*, extensions::Extension const*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, ui::PageTransition, bool*) [url_request_util.cc : 175 + 0x8]
    rbp = 0x0000700008cdd860   rsp = 0x0000700008cdd830
    rip = 0x000000010cc88fc3
    Found by: previous frame's frame pointer
 2  nwjs Framework!extensions::url_request_util::AllowCrossRendererResourceLoad(net::URLRequest*, bool, extensions::Extension const*, extensions::InfoMap*, bool*) [url_request_util.cc : 51 + 0x20]
    rbp = 0x0000700008cdda30   rsp = 0x0000700008cdd870
    rip = 0x000000010cc88cab
    Found by: previous frame's frame pointer
 3  nwjs Framework!extensions::chrome_url_request_util::AllowCrossRendererResourceLoad(net::URLRequest*, bool, extensions::Extension const*, extensions::InfoMap*, bool*) [chrome_url_request_util.cc : 131 + 0x9]
    rbp = 0x0000700008cdda60   rsp = 0x0000700008cdda40
    rip = 0x000000010fb6dba9
    Found by: previous frame's frame pointer
 4  nwjs Framework!extensions::ChromeExtensionsBrowserClient::AllowCrossRendererResourceLoad(net::URLRequest*, bool, extensions::Extension const*, extensions::InfoMap*) [chrome_extensions_browser_client.cc : 181 + 0x1a]
    rbp = 0x0000700008cdda80   rsp = 0x0000700008cdda70
    rip = 0x000000010fb6c5e6
    Found by: previous frame's frame pointer
 5  nwjs Framework!extensions::(anonymous namespace)::ExtensionProtocolHandler::MaybeCreateJob(net::URLRequest*, net::NetworkDelegate*) const [extension_protocols.cc : 433 + 0x18]
    rbp = 0x0000700008cddcc0   rsp = 0x0000700008cdda90
    rip = 0x000000010cc4da2a
    Found by: previous frame's frame pointer

[rogerwang]

Thanks for reporting. This is fixed in git and will be available in the next build.