Visiting brave://wallet from a guest window causes crash

[emerick]

On latest master:

1. Use hamburger menu to open guest window
2. Enter brave://wallet into address bar and press return
3. Crashes without a stack dump

Max managed to get the following stack trace:

mojo_public_cpp_bindings.dll!mojo::ReceiverSetState::Add(std::Cr::unique_ptr<mojo::ReceiverSetState::ReceiverState,std::Cr::default_delete<mojo::ReceiverSetState::ReceiverState>> receiver, std::Cr::unique_ptr<mojo::MessageFilter,std::Cr::default_delete<mojo::MessageFilter>> filter) Line 106
	at C:\bb3\brave-browser\src\mojo\public\cpp\bindings\receiver_set.cc(106)
chrome.dll!mojo::ReceiverSetBase<mojo::Receiver<brave_wallet::mojom::BraveWalletService,mojo::RawPtrImplRefTraits<brave_wallet::mojom::BraveWalletService>>,void>::AddImpl(brave_wallet::mojom::BraveWalletService * impl, mojo::PendingReceiver<brave_wallet::mojom::BraveWalletService> receiver, bool context, scoped_refptr<base::SequencedTaskRunner> task_runner, std::Cr::unique_ptr<mojo::MessageFilter,std::Cr::default_delete<mojo::MessageFilter>> filter) Line 442
	at C:\bb3\brave-browser\src\mojo\public\cpp\bindings\receiver_set.h(442)
chrome.dll!mojo::ReceiverSetBase<mojo::Receiver<brave_wallet::mojom::BraveWalletService,mojo::RawPtrImplRefTraits<brave_wallet::mojom::BraveWalletService>>,void>::Add(brave_wallet::mojom::BraveWalletService * impl, mojo::PendingReceiver<brave_wallet::mojom::BraveWalletService> receiver, scoped_refptr<base::SequencedTaskRunner> task_runner) Line 227
	at C:\bb3\brave-browser\src\mojo\public\cpp\bindings\receiver_set.h(227)
chrome.dll!brave_wallet::BraveWalletService::Bind(mojo::PendingReceiver<brave_wallet::mojom::BraveWalletService> receiver) Line 268
	at C:\bb3\brave-browser\src\brave\components\brave_wallet\browser\brave_wallet_service.cc(268)
chrome.dll!WalletPageUI::CreatePageHandler(mojo::PendingRemote<brave_wallet::mojom::Page> page, mojo::PendingReceiver<brave_wallet::mojom::PageHandler> page_receiver, mojo::PendingReceiver<brave_wallet::mojom::WalletHandler> wallet_receiver, mojo::PendingReceiver<brave_wallet::mojom::JsonRpcService> json_rpc_service_receiver, mojo::PendingReceiver<brave_wallet::mojom::SwapService> swap_service_receiver, mojo::PendingReceiver<brave_wallet::mojom::AssetRatioService> asset_ratio_service_receiver, mojo::PendingReceiver<brave_wallet::mojom::KeyringService> keyring_service_receiver, mojo::PendingReceiver<brave_wallet::mojom::BlockchainRegistry> blockchain_registry_receiver, mojo::PendingReceiver<brave_wallet::mojom::TxService> tx_service_receiver, mojo::PendingReceiver<brave_wallet::mojom::EthTxManagerProxy> eth_tx_manager_proxy_receiver, mojo::PendingReceiver<brave_wallet::mojom::SolanaTxManagerProxy> solana_tx_manager_proxy_receiver, mojo::PendingReceiver<brave_wallet::mojom::FilTxManagerProxy> filecoin_tx_manager_proxy_receiver, mojo::PendingReceiver<brave_wallet::mojom::BraveWalletService> brave_wallet_service_receiver, mojo::PendingReceiver<brave_wallet::mojom::BraveWalletP3A> brave_wallet_p3a_receiver, mojo::PendingReceiver<brave_wallet::mojom::WalletPinService> brave_wallet_pin_service_receiver, mojo::PendingReceiver<brave_wallet::mojom::WalletAutoPinService> brave_wallet_auto_pin_service_receiver, mojo::PendingReceiver<brave_wallet::mojom::IpfsService> ipfs_service_receiver) Line 155
	at C:\bb3\brave-browser\src\brave\browser\ui\webui\brave_wallet\wallet_page_ui.cc(155)
chrome.dll!brave_wallet::mojom::PageHandlerFactoryStubDispatch::Accept(brave_wallet::mojom::PageHandlerFactory * impl, mojo::Message * message) Line 13170
	at C:\bb3\brave-browser\src\out\Debug\gen\brave\components\brave_wallet\common\brave_wallet.mojom.cc(13170)
chrome.dll!brave_wallet::mojom::PageHandlerFactoryStub<mojo::RawPtrImplRefTraits<brave_wallet::mojom::PageHandlerFactory>>::Accept(mojo::Message * message) Line 4677
	at C:\bb3\brave-browser\src\out\Debug\gen\brave\components\brave_wallet\common\brave_wallet.mojom.h(4677)
mojo_public_cpp_bindings.dll!mojo::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message * message) Line 1014
	at C:\bb3\brave-browser\src\mojo\public\cpp\bindings\lib\interface_endpoint_client.cc(1014)
mojo_public_cpp_bindings.dll!mojo::InterfaceEndpointClient::HandleIncomingMessageThunk::Accept(mojo::Message * message) Line 358
	at C:\bb3\brave-browser\src\mojo\public\cpp\bindings\lib\interface_endpoint_client.cc(358)
mojo_public_cpp_bindings.dll!mojo::MessageDispatcher::Accept(mojo::Message * message) Line 43
	at C:\bb3\brave-browser\src\mojo\public\cpp\bindings\lib\message_dispatcher.cc(43)
mojo_public_cpp_bindings.dll!mojo::InterfaceEndpointClient::HandleIncomingMessage(mojo::Message * message) Line 695
	at C:\bb3\brave-browser\src\mojo\public\cpp\bindings\lib\interface_endpoint_client.cc(695)
mojo_public_cpp_bindings.dll!mojo::internal::MultiplexRouter::ProcessIncomingMessage(mojo::internal::MultiplexRouter::MessageWrapper * message_wrapper, mojo::internal::MultiplexRouter::ClientCallBehavior client_call_behavior, base::SequencedTaskRunner * current_task_runner) Line 1095
	at C:\bb3\brave-browser\src\mojo\public\cpp\bindings\lib\multiplex_router.cc(1095)
mojo_public_cpp_bindings.dll!mojo::internal::MultiplexRouter::Accept(mojo::Message * message) Line 708
	at C:\bb3\brave-browser\src\mojo\public\cpp\bindings\lib\multiplex_router.cc(708)
mojo_public_cpp_bindings.dll!mojo::MessageDispatcher::Accept(mojo::Message * message) Line 43
	at C:\bb3\brave-browser\src\mojo\public\cpp\bindings\lib\message_dispatcher.cc(43)
mojo_public_cpp_bindings.dll!mojo::Connector::DispatchMessageW(mojo::ScopedHandleBase<mojo::MessageHandle> handle) Line 549
	at C:\bb3\brave-browser\src\mojo\public\cpp\bindings\lib\connector.cc(549)
mojo_public_cpp_bindings.dll!mojo::Connector::ReadAllAvailableMessages() Line 607
	at C:\bb3\brave-browser\src\mojo\public\cpp\bindings\lib\connector.cc(607)
mojo_public_cpp_bindings.dll!mojo::Connector::OnHandleReadyInternal(unsigned int result) Line 442
	at C:\bb3\brave-browser\src\mojo\public\cpp\bindings\lib\connector.cc(442)
mojo_public_cpp_bindings.dll!mojo::Connector::OnWatcherHandleReady(unsigned int result) Line 412
	at C:\bb3\brave-browser\src\mojo\public\cpp\bindings\lib\connector.cc(412)
mojo_public_cpp_bindings.dll!base::internal::FunctorTraits<void (mojo::Connector::*)(unsigned int),void>::Invoke<void (mojo::Connector::*)(unsigned int),mojo::Connector *,unsigned int>(void(mojo::Connector::*)(unsigned int) method, mojo::Connector * && receiver_ptr, unsigned int && args) Line 746
	at C:\bb3\brave-browser\src\base\functional\bind_internal.h(746)
mojo_public_cpp_bindings.dll!base::internal::InvokeHelper<0,void,0>::MakeItSo<void (mojo::Connector::*const &)(unsigned int),const std::Cr::tuple<base::internal::UnretainedWrapper<mojo::Connector,base::unretained_traits::MayNotDangle,0>> &,unsigned int>(void(mojo::Connector::*)(unsigned int) & functor, const std::Cr::tuple<base::internal::UnretainedWrapper<mojo::Connector,base::unretained_traits::MayNotDangle,0>> & bound, unsigned int && args) Line 925
	at C:\bb3\brave-browser\src\base\functional\bind_internal.h(925)
mojo_public_cpp_bindings.dll!base::internal::Invoker<base::internal::BindState<void (mojo::Connector::*)(unsigned int),base::internal::UnretainedWrapper<mojo::Connector,base::unretained_traits::MayNotDangle,0>>,void (unsigned int)>::RunImpl<void (mojo::Connector::*const &)(unsigned int),const std::Cr::tuple<base::internal::UnretainedWrapper<mojo::Connector,base::unretained_traits::MayNotDangle,0>> &,0>(void(mojo::Connector::*)(unsigned int) & functor, const std::Cr::tuple<base::internal::UnretainedWrapper<mojo::Connector,base::unretained_traits::MayNotDangle,0>> & bound, std::Cr::integer_sequence<unsigned long long,0> seq, unsigned int && unbound_args) Line 1020
	at C:\bb3\brave-browser\src\base\functional\bind_internal.h(1020)
mojo_public_cpp_bindings.dll!base::internal::Invoker<base::internal::BindState<void (mojo::Connector::*)(unsigned int),base::internal::UnretainedWrapper<mojo::Connector,base::unretained_traits::MayNotDangle,0>>,void (unsigned int)>::Run(base::internal::BindStateBase * base, unsigned int unbound_args) Line 984
	at C:\bb3\brave-browser\src\base\functional\bind_internal.h(984)
mojo_public_cpp_bindings.dll!base::RepeatingCallback<void (unsigned int)>::Run(unsigned int args) Line 334
	at C:\bb3\brave-browser\src\base\functional\callback.h(334)
mojo_public_cpp_bindings.dll!mojo::SimpleWatcher::DiscardReadyState(const base::RepeatingCallback<void (unsigned int)> & callback, unsigned int result, const mojo::HandleSignalsState & state) Line 193
	at C:\bb3\brave-browser\src\mojo\public\cpp\system\simple_watcher.h(193)
mojo_public_cpp_bindings.dll!base::internal::FunctorTraits<void (*)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &),void>::Invoke<void (*const &)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &),const base::RepeatingCallback<void (unsigned int)> &,unsigned int,const mojo::HandleSignalsState &>(void(*)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &) & function, const base::RepeatingCallback<void (unsigned int)> & args, unsigned int && args, const mojo::HandleSignalsState & args) Line 636
	at C:\bb3\brave-browser\src\base\functional\bind_internal.h(636)
mojo_public_cpp_bindings.dll!base::internal::InvokeHelper<0,void,0>::MakeItSo<void (*const &)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &),const std::Cr::tuple<base::RepeatingCallback<void (unsigned int)>> &,unsigned int,const mojo::HandleSignalsState &>(void(*)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &) & functor, const std::Cr::tuple<base::RepeatingCallback<void (unsigned int)>> & bound, unsigned int && args, const mojo::HandleSignalsState & args) Line 925
	at C:\bb3\brave-browser\src\base\functional\bind_internal.h(925)
mojo_public_cpp_bindings.dll!base::internal::Invoker<base::internal::BindState<void (*)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &),base::RepeatingCallback<void (unsigned int)>>,void (unsigned int, const mojo::HandleSignalsState &)>::RunImpl<void (*const &)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &),const std::Cr::tuple<base::RepeatingCallback<void (unsigned int)>> &,0>(void(*)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &) & functor, const std::Cr::tuple<base::RepeatingCallback<void (unsigned int)>> & bound, std::Cr::integer_sequence<unsigned long long,0> seq, unsigned int && unbound_args, const mojo::HandleSignalsState & unbound_args) Line 1020
	at C:\bb3\brave-browser\src\base\functional\bind_internal.h(1020)
mojo_public_cpp_bindings.dll!base::internal::Invoker<base::internal::BindState<void (*)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &),base::RepeatingCallback<void (unsigned int)>>,void (unsigned int, const mojo::HandleSignalsState &)>::Run(base::internal::BindStateBase * base, unsigned int unbound_args, const mojo::HandleSignalsState & unbound_args) Line 984
	at C:\bb3\brave-browser\src\base\functional\bind_internal.h(984)
mojo_public_system_cpp.dll!base::RepeatingCallback<void (unsigned int, const mojo::HandleSignalsState &)>::Run(unsigned int args, const mojo::HandleSignalsState & args) Line 334
	at C:\bb3\brave-browser\src\base\functional\callback.h(334)
mojo_public_system_cpp.dll!mojo::SimpleWatcher::OnHandleReady(int watch_id, unsigned int result, const mojo::HandleSignalsState & state) Line 279
	at C:\bb3\brave-browser\src\mojo\public\cpp\system\simple_watcher.cc(279)
mojo_public_system_cpp.dll!base::internal::FunctorTraits<void (mojo::SimpleWatcher::*)(int, unsigned int, const mojo::HandleSignalsState &),void>::Invoke<void (mojo::SimpleWatcher::*)(int, unsigned int, const mojo::HandleSignalsState &),base::WeakPtr<mojo::SimpleWatcher>,int,unsigned int,mojo::HandleSignalsState>(void(mojo::SimpleWatcher::*)(int, unsigned int, const mojo::HandleSignalsState &) method, base::WeakPtr<mojo::SimpleWatcher> && receiver_ptr, int && args, unsigned int && args, mojo::HandleSignalsState && args) Line 746
	at C:\bb3\brave-browser\src\base\functional\bind_internal.h(746)
mojo_public_system_cpp.dll!base::internal::InvokeHelper<1,void,0,1,2,3>::MakeItSo<void (mojo::SimpleWatcher::*)(int, unsigned int, const mojo::HandleSignalsState &),std::Cr::tuple<base::WeakPtr<mojo::SimpleWatcher>,int,unsigned int,mojo::HandleSignalsState>>(void(mojo::SimpleWatcher::*)(int, unsigned int, const mojo::HandleSignalsState &) && functor, std::Cr::tuple<base::WeakPtr<mojo::SimpleWatcher>,int,unsigned int,mojo::HandleSignalsState> && bound) Line 952
	at C:\bb3\brave-browser\src\base\functional\bind_internal.h(952)
mojo_public_system_cpp.dll!base::internal::Invoker<base::internal::BindState<void (mojo::SimpleWatcher::*)(int, unsigned int, const mojo::HandleSignalsState &),base::WeakPtr<mojo::SimpleWatcher>,int,unsigned int,mojo::HandleSignalsState>,void ()>::RunImpl<void (mojo::SimpleWatcher::*)(int, unsigned int, const mojo::HandleSignalsState &),std::Cr::tuple<base::WeakPtr<mojo::SimpleWatcher>,int,unsigned int,mojo::HandleSignalsState>,0,1,2,3>(void(mojo::SimpleWatcher::*)(int, unsigned int, const mojo::HandleSignalsState &) && functor, std::Cr::tuple<base::WeakPtr<mojo::SimpleWatcher>,int,unsigned int,mojo::HandleSignalsState> && bound, std::Cr::integer_sequence<unsigned long long,0,1,2,3> seq) Line 1020
	at C:\bb3\brave-browser\src\base\functional\bind_internal.h(1020)
mojo_public_system_cpp.dll!base::internal::Invoker<base::internal::BindState<void (mojo::SimpleWatcher::*)(int, unsigned int, const mojo::HandleSignalsState &),base::WeakPtr<mojo::SimpleWatcher>,int,unsigned int,mojo::HandleSignalsState>,void ()>::RunOnce(base::internal::BindStateBase * base) Line 971
	at C:\bb3\brave-browser\src\base\functional\bind_internal.h(971)
base.dll!base::OnceCallback<void ()>::Run() Line 153
	at C:\bb3\brave-browser\src\base\functional\callback.h(153)
base.dll!base::TaskAnnotator::RunTaskImpl(base::PendingTask & pending_task) Line 199
	at C:\bb3\brave-browser\src\base\task\common\task_annotator.cc(199)
base.dll!base::TaskAnnotator::RunTask<`lambda at ../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:478:11'>(perfetto::StaticString event_name, base::PendingTask & pending_task, base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl::<lambda_0> && args) Line 90
	at C:\bb3\brave-browser\src\base\task\common\task_annotator.h(90)
base.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow * continuation_lazy_now) Line 484
	at C:\bb3\brave-browser\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc(484)
base.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() Line 341
	at C:\bb3\brave-browser\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc(341)
base.dll!base::MessagePumpForUI::DoRunLoop() Line 212
	at C:\bb3\brave-browser\src\base\message_loop\message_pump_win.cc(212)
base.dll!base::MessagePumpWin::Run(base::MessagePump::Delegate * delegate) Line 79
	at C:\bb3\brave-browser\src\base\message_loop\message_pump_win.cc(79)
base.dll!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool application_tasks_allowed, base::TimeDelta timeout) Line 639
	at C:\bb3\brave-browser\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc(639)
base.dll!base::RunLoop::Run(const base::Location & location) Line 134
	at C:\bb3\brave-browser\src\base\run_loop.cc(134)
content.dll!content::BrowserMainLoop::RunMainMessageLoop() Line 1073
	at C:\bb3\brave-browser\src\content\browser\browser_main_loop.cc(1073)
content.dll!content::BrowserMainRunnerImpl::Run() Line 159
	at C:\bb3\brave-browser\src\content\browser\browser_main_runner_impl.cc(159)
content.dll!content::BrowserMain(content::MainFunctionParams parameters) Line 32
	at C:\bb3\brave-browser\src\content\browser\browser_main.cc(32)
content.dll!content::RunBrowserProcessMain(content::MainFunctionParams main_function_params, content::ContentMainDelegate * delegate) Line 702
	at C:\bb3\brave-browser\src\content\app\content_main_runner_impl.cc(702)
content.dll!content::ContentMainRunnerImpl::RunBrowser(content::MainFunctionParams main_params, bool start_minimal_browser) Line 1257
	at C:\bb3\brave-browser\src\content\app\content_main_runner_impl.cc(1257)
content.dll!content::ContentMainRunnerImpl::Run() Line 1111
	at C:\bb3\brave-browser\src\content\app\content_main_runner_impl.cc(1111)
content.dll!content::RunContentProcess(content::ContentMainParams params, content::ContentMainRunner * content_main_runner) Line 326
	at C:\bb3\brave-browser\src\content\app\content_main.cc(326)
content.dll!content::ContentMain(content::ContentMainParams params) Line 343
	at C:\bb3\brave-browser\src\content\app\content_main.cc(343)
chrome.dll!ChromeMain(HINSTANCE__ * instance, sandbox::SandboxInterfaceInfo * sandbox_info, __int64 exe_entry_point_ticks) Line 198
	at C:\bb3\brave-browser\src\chrome\app\chrome_main.cc(198)
brave.exe!MainDllLoader::Launch(HINSTANCE__ * instance, base::TimeTicks exe_entry_point_ticks) Line 166
	at C:\bb3\brave-browser\src\chrome\app\main_dll_loader_win.cc(166)
brave.exe!wWinMain(HINSTANCE__ * instance, HINSTANCE__ * prev, wchar_t *, int) Line 390
	at C:\bb3\brave-browser\src\chrome\app\chrome_exe_main_win.cc(390)

This was discovered while rebasing cr114. Based on comments in the code, opening brave://wallet from a guest window should show an error message in the guest profile and redirect to the regular profile.

cc: @darkdh

[kjozwiak]

The above requires 1.50.126 or higher for 1.50.x verification 👍

[kjozwiak]

Moving this into 1.51.x as it looks like we're not going to get another 1.50.x release. The above can basically be checked with https://github.com/brave/brave-browser/releases/tag/v1.51.107 or higher as the above landed into 1.51.x ~5 days ago.

[GeetaSarvadnya]

Verification PASSED on

Brave | 1.51.109 Chromium: 113.0.5672.63 (Official Build) (64-bit)
-- | --
Revision | 0e1a4471d5ae5bf128b1bd8f4d627c8cbd55f70c-refs/branch-heads/5672@{#912}
OS | Windows 10 Version 21H2 (Build 19044.2846)

• Verified the description from the issue and ensured that there is no crash when user enter the text brave://wallet in URL bar and hit enter in Guest window