bcarrella/cef
1
0
Fork 0
mirror of https://bitbucket.org/chromiumembedded/cef synced 2025-06-05 21:39:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

bootstrap: Initialize crash reporting (see #3935)

Browse Source 
This adds a runtime dependency on chrome_elf.dll and makes all
runtime errors LOG(FATAL) to generate a crash report. Don't wait
for libcef to load before running as the crashpad-handler process.
This commit is contained in:
Marshall Greenblatt
2025-05-25 15:19:43 -04:00
parent 1e8093a910
commit 66457acccc
5 changed files with 259 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

236
libcef_dll/bootstrap/bootstrap_win.cc
View File

@@ -8,6 +8,9 @@
#include "base/command_line.h"
#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "base/logging.h"
#include "base/process/memory.h"
#include "base/process/process_info.h"
#include "base/strings/string_number_conversions.h"
#include "base/strings/string_util.h"
@@ -16,12 +19,37 @@
#include "cef/include/internal/cef_types.h"
#include "cef/include/wrapper/cef_certificate_util_win.h"
#include "cef/include/wrapper/cef_util_win.h"
#include "cef/libcef/browser/crashpad_runner.h"
#include "cef/libcef/browser/preferred_stack_size_win.inc"
#include "cef/libcef_dll/bootstrap/bootstrap_util_win.h"
#include "cef/libcef_dll/bootstrap/win/resource.h"
#include "chrome/app/delay_load_failure_hook_win.h"
#include "chrome/chrome_elf/chrome_elf_main.h"
#include "chrome/install_static/initialize_from_primary_module.h"
namespace {
// Sets the current working directory for the process to the directory holding
// the executable if this is the browser process. This avoids leaking a handle
// to an arbitrary directory to child processes (e.g., the crashpad handler
// process).
void SetCwdForBrowserProcess() {
if (!::IsBrowserProcess()) {
return;
}
std::array<wchar_t, MAX_PATH + 1> buffer;
buffer[0] = L'\0';
DWORD length = ::GetModuleFileName(nullptr, &buffer[0], buffer.size());
if (!length || length >= buffer.size()) {
return;
}
base::SetCurrentDirectory(
base::FilePath(base::FilePath::StringViewType(&buffer[0], length))
.DirName());
}
// Load a string from the string table in bootstrap.rc.
std::wstring LoadString(int string_id) {
const int kMaxSize = 100;
@@ -53,6 +81,39 @@ void ShowError(const std::wstring& error) {
#endif
}
std::wstring NormalizeError(const std::wstring& err) {
std::wstring str = err;
// Replace newlines.
std::replace(str.begin(), str.end(), L'\n', L' ');
return str;
}
// Verify DLL code signing requirements.
void CheckDllCodeSigning(
const base::FilePath& dll_path,
const cef_certificate_util::ThumbprintsInfo& exe_thumbprints) {
cef_certificate_util::ThumbprintsInfo dll_thumbprints;
cef_certificate_util::GetClientThumbprints(
dll_path.value(), /*verify_binary=*/true, dll_thumbprints);
// The DLL and EXE must either both be unsigned or both have all valid
// signatures and the same primary thumbprint.
if (!dll_thumbprints.IsSame(exe_thumbprints, /*allow_unsigned=*/true)) {
// Some part of the certificate validation process failed.
const auto subst = std::to_array<std::u16string>(
{base::WideToUTF16(dll_path.BaseName().value()),
base::WideToUTF16(dll_thumbprints.errors)});
ShowError(FormatErrorString(IDS_ERROR_INVALID_CERT, subst));
if (dll_thumbprints.errors.empty()) {
LOG(FATAL) << "Failed " << dll_path.value()
<< " certificate requirements";
} else {
LOG(FATAL) << "Failed " << dll_path.value() << " certificate checks: "
<< NormalizeError(dll_thumbprints.errors);
}
}
}
} // namespace
#if defined(CEF_BUILD_BOOTSTRAP_CONSOLE)
@@ -87,17 +148,37 @@ int APIENTRY wWinMain(HINSTANCE hInstance,
}
#endif
SetCwdForBrowserProcess();
install_static::InitializeFromPrimaryModule();
SignalInitializeCrashReporting();
if (IsBrowserProcess()) {
chrome::DisableDelayLoadFailureHooksForMainExecutable();
}
// Done here to ensure that OOMs that happen early in process initialization
// are correctly signaled to the OS.
base::EnableTerminationOnOutOfMemory();
logging::RegisterAbslAbortHook();
// Parse command-line arguments.
const base::CommandLine command_line =
base::CommandLine::FromString(::GetCommandLineW());
constexpr char kProcessType[] = "type";
const bool is_subprocess = command_line.HasSwitch(kProcessType);
if (is_subprocess && command_line.GetSwitchValueASCII(kProcessType).empty()) {
const std::string& process_type =
command_line.GetSwitchValueASCII(kProcessType);
if (is_subprocess && process_type.empty()) {
// Early exit on invalid process type.
return CEF_RESULT_CODE_BAD_PROCESS_TYPE;
}
// Run the crashpad handler now instead of waiting for libcef to load.
constexpr char kCrashpadHandler[] = "crashpad-handler";
if (process_type == kCrashpadHandler) {
return crashpad_runner::RunAsCrashpadHandler(command_line);
}
// True if this is a sandboxed sub-process. Uses similar logic to
// Sandbox::IsProcessSandboxed.
const bool is_sandboxed =
@@ -133,7 +214,7 @@ int APIENTRY wWinMain(HINSTANCE hInstance,
if (bootstrap_util::IsDefaultExeName(dll_name)) {
ShowError(LoadString(IDS_ERROR_NO_MODULE_NAME));
return CEF_RESULT_CODE_KILLED;
LOG(FATAL) << "Missing module name";
}
cef_certificate_util::GetClientThumbprints(
@@ -146,14 +227,67 @@ int APIENTRY wWinMain(HINSTANCE hInstance,
{base::WideToUTF16(exe_path.BaseName().value()),
base::WideToUTF16(exe_thumbprints.errors)});
ShowError(FormatErrorString(IDS_ERROR_INVALID_CERT, subst));
return CEF_RESULT_CODE_KILLED;
if (exe_thumbprints.errors.empty()) {
LOG(FATAL) << "Failed " << exe_path.value()
<< " certificate requirements";
} else {
LOG(FATAL) << "Failed " << exe_path.value() << " certificate checks: "
<< NormalizeError(exe_thumbprints.errors);
}
}
}
// Manage the life span of the sandbox information object. This is necessary
// for sandbox support on Windows. See cef_sandbox_win.h for complete details.
CefScopedSandboxInfo scoped_sandbox;
void* sandbox_info = scoped_sandbox.sandbox_info();
if (!is_sandboxed) {
// Check chrome_elf.dll which should be preloaded to support crash
// reporting.
if (HMODULE hModule = ::LoadLibrary(L"chrome_elf")) {
const auto& dll_path = bootstrap_util::GetModulePath(hModule);
// Must be in the same directory as the EXE.
if (dll_path.DirName() != exe_path.DirName()) {
const auto subst = std::to_array<std::u16string>({u"chrome_elf"});
ShowError(FormatErrorString(IDS_ERROR_INVALID_LOCATION, subst));
LOG(FATAL) << "Invalid location: " << dll_path.value();
}
CheckDllCodeSigning(dll_path, exe_thumbprints);
FreeLibrary(hModule);
} else {
LOG(FATAL) << "Failed to load chrome_elf.dll with error "
<< ::GetLastError();
}
// Load the client DLL as untrusted (e.g. without executing DllMain or
// loading additional modules) so that we can first check requirements.
// LoadLibrary's "default search order" is tricky and we don't want to
// guess about what DLL it will load. DONT_RESOLVE_DLL_REFERENCES is the
// only option that doesn't execute DllMain while still allowing us
// retrieve the path using GetModuleFileName. No execution of the DLL
// should be attempted while loaded in this mode.
if (HMODULE hModule = ::LoadLibraryEx(dll_name.c_str(), nullptr,
DONT_RESOLVE_DLL_REFERENCES)) {
const auto& dll_path = bootstrap_util::GetModulePath(hModule);
if (!bootstrap_util::IsModulePathAllowed(dll_path, exe_path)) {
const auto subst =
std::to_array<std::u16string>({base::WideToUTF16(dll_name)});
ShowError(FormatErrorString(IDS_ERROR_INVALID_LOCATION, subst));
LOG(FATAL) << "Invalid location: " << dll_path.value();
}
CheckDllCodeSigning(dll_path, exe_thumbprints);
FreeLibrary(hModule);
} else {
const auto subst = std::to_array<std::u16string>(
{base::WideToUTF16(dll_name),
base::WideToUTF16(cef_util::GetLastErrorAsString())});
ShowError(FormatErrorString(IDS_ERROR_LOAD_FAILED, subst));
LOG(FATAL) << "Failed to load " << dll_name << ".dll with error "
<< ::GetLastError();
}
}
#if defined(CEF_BUILD_BOOTSTRAP_CONSOLE)
constexpr char kProcName[] = "RunConsoleMain";
@@ -163,81 +297,49 @@ int APIENTRY wWinMain(HINSTANCE hInstance,
using kProcType = decltype(&RunWinMain);
#endif
std::wstring error;
int result_code;
if (!is_sandboxed) {
// Load the client DLL as untrusted (e.g. without executing DllMain or
// loading additional modules) so that we can first check requirements.
// LoadLibrary's "default search order" is tricky and we don't want to guess
// about what DLL it will load. DONT_RESOLVE_DLL_REFERENCES is the only
// option that doesn't execute DllMain while still allowing us retrieve the
// path using GetModuleFileName. No execution of the DLL should be attempted
// while loaded in this mode.
if (HMODULE hModule = ::LoadLibraryEx(dll_name.c_str(), nullptr,
DONT_RESOLVE_DLL_REFERENCES)) {
const auto& dll_path = bootstrap_util::GetModulePath(hModule);
// Load the client DLL normally.
if (HMODULE hModule = ::LoadLibrary(dll_name.c_str())) {
if (auto* pFunc = (kProcType)::GetProcAddress(hModule, kProcName)) {
// Manage the life span of the sandbox information object. This is
// necessary for sandbox support on Windows. See cef_sandbox_win.h for
// complete details.
CefScopedSandboxInfo scoped_sandbox;
void* sandbox_info = scoped_sandbox.sandbox_info();
if (!bootstrap_util::IsModulePathAllowed(dll_path, exe_path)) {
const auto subst =
std::to_array<std::u16string>({base::WideToUTF16(dll_name)});
error = FormatErrorString(IDS_ERROR_INVALID_LOCATION, subst);
}
if (error.empty()) {
cef_certificate_util::ThumbprintsInfo dll_thumbprints;
cef_certificate_util::GetClientThumbprints(
dll_path.value(), /*verify_binary=*/true, dll_thumbprints);
// The DLL and EXE must either both be unsigned or both have all valid
// signatures and the same primary thumbprint.
if (!dll_thumbprints.IsSame(exe_thumbprints, /*allow_unsigned=*/true)) {
// Some part of the certificate validation process failed.
const auto subst = std::to_array<std::u16string>(
{base::WideToUTF16(dll_name + TEXT(".dll")),
base::WideToUTF16(dll_thumbprints.errors)});
error = FormatErrorString(IDS_ERROR_INVALID_CERT, subst);
}
}
FreeLibrary(hModule);
} else {
const auto subst = std::to_array<std::u16string>(
{base::WideToUTF16(dll_name),
base::WideToUTF16(cef_util::GetLastErrorAsString())});
error = FormatErrorString(IDS_ERROR_LOAD_FAILED, subst);
}
}
if (error.empty()) {
// Load the client DLL normally.
if (HMODULE hModule = ::LoadLibrary(dll_name.c_str())) {
if (auto* pFunc = (kProcType)::GetProcAddress(hModule, kProcName)) {
#if defined(CEF_BUILD_BOOTSTRAP_CONSOLE)
return pFunc(argc, argv, sandbox_info);
result_code = pFunc(argc, argv, sandbox_info);
#else
return pFunc(hInstance, lpCmdLine, nCmdShow, sandbox_info);
result_code = pFunc(hInstance, lpCmdLine, nCmdShow, sandbox_info);
#endif
} else if (!is_sandboxed) {
} else {
if (!is_sandboxed) {
const auto subst = std::to_array<std::u16string>(
{base::WideToUTF16(dll_name),
base::WideToUTF16(cef_util::GetLastErrorAsString()),
base::ASCIIToUTF16(std::string(kProcName))});
error = FormatErrorString(IDS_ERROR_NO_PROC_EXPORT, subst);
ShowError(FormatErrorString(IDS_ERROR_NO_PROC_EXPORT, subst));
}
FreeLibrary(hModule);
} else if (!is_sandboxed) {
LOG(FATAL) << "Failed to find " << kProcName << " in " << dll_name
<< ".dll with error " << ::GetLastError();
}
FreeLibrary(hModule);
} else {
if (!is_sandboxed) {
const auto subst = std::to_array<std::u16string>(
{base::WideToUTF16(dll_name),
base::WideToUTF16(cef_util::GetLastErrorAsString())});
error = FormatErrorString(IDS_ERROR_LOAD_FAILED, subst);
ShowError(FormatErrorString(IDS_ERROR_LOAD_FAILED, subst));
}
LOG(FATAL) << "Failed to load " << dll_name << ".dll with error "
<< ::GetLastError();
}
// Don't try to show errors while sandboxed.
if (!error.empty() && !is_sandboxed) {
ShowError(error);
}
return CEF_RESULT_CODE_KILLED;
// LOG(FATAL) is [[noreturn]], so we only reach this point if everything
// succeeded.
return result_code;
}