[Bug]: electron.safeStorage.isEncryptionAvailable() segfaults on Linux when called before creation of the first BrowserWindow

[ganthern]

Preflight Checklist

• I have read the Contributing Guidelines for this project.
• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for a feature request that matches the one I want to file, without success.

Electron Version

15 and 16

What operating system are you using?

Ubuntu

Operating System Version

Ubuntu 20.04

What arch are you using?

x64

Last Known Working Electron version

n/a

Expected Behavior

calling electron.safeStorage.isEncryptionAvailable() returns a boolean

Actual Behavior

calling electron.safeStorage.isEncryptionAvailable() segfaults immediately

Testcase Gist URL

https://github.com/ganthern/safe-storage-segfault

Additional Information

It also happens in a fresh openSUSE Leap 15.1.1 VM.

The API should be available as soon as possible (preferrably before app ready) since it's useful for apps that run on startup without immediately opening BrowserWindows.

For the record, it works as expected on MacOs and returns false on windows, which makes the current documentation of isEncryptionAvailable inaccurate.

[theDevelopper]

I also have this issue in electron 16. Any call to a safeStorage function such as isEncryptionAvailable or decryptString on Ubuntu that happens "to soon" after start will just crash electron. If I delay the first call somewhat then it works just fine.
I hope someone is looking at this issue soon.

[Nantris]

@ganthern I believe this issue can probably be closed now if the solution is in #33640 - unless you've tried this and it yields the same error.

I think we should just document that it requires the app to be ready on windows.

[RaisinTen]

@slapbox IMO this issue shouldn't be closed with a doc fix alone because this involves a crash. A doc fix would have been fine if isEncryptionAvailable() returned false or if the other safeStorage APIs threw JS exceptions like

App threw an error during load
Error: Error while decrypting the ciphertext provided to safeStorage.decryptString. Encryption is not available.

for a certain while but on Linux it just segfaults.

[ganthern]

@ganthern I believe this issue can probably be closed now if the solution is in #33640 - unless you've tried this and it yields the same error.

There is no error, the app just dies.

[RaisinTen]

Today, I tried to attach the debugging symbols to the release builds of Electron v18.0.3 and managed to get a human readable stack trace:

Thread 1 "electron" received signal SIGTRAP, Trace/breakpoint trap.
0x000055555b8b4faf in (anonymous namespace)::CreateKeyStorage () at ../../components/os_crypt/os_crypt_linux.cc:74
74	../../components/os_crypt/os_crypt_linux.cc: No such file or directory.
(gdb) bt
#0  0x000055555b8b4faf in (anonymous namespace)::CreateKeyStorage () at ../../components/os_crypt/os_crypt_linux.cc:74
#1  0x000055555b8b53e9 in (anonymous namespace)::GetPasswordV11 () at ../../components/os_crypt/os_crypt_linux.cc:117
#2  0x000055555b8b4b79 in OSCrypt::IsEncryptionAvailable () at ../../components/os_crypt/os_crypt_linux.cc:245
#3  0x00005555575c6f11 in base::RepeatingCallback<bool ()>::Run() const & (this=0x7fffffffbbc0) at ../../base/callback.h:241
#4  gin_helper::Invoker<gin_helper::IndicesHolder<>>::DispatchToCallback<bool>(base::RepeatingCallback<bool ()>) (callback=..., this=<optimized out>)
    at ../../electron/shell/common/gin_helper/function_template.h:222
#5  gin_helper::Dispatcher<bool ()>::DispatchToCallback(v8::FunctionCallbackInfo<v8::Value> const&) (info=...)
    at ../../electron/shell/common/gin_helper/function_template.h:264
#6  0x00005555587307e1 in v8::internal::FunctionCallbackArguments::Call (this=0x7fffffffbc58, handler=...)
    at ../../v8/src/api/api-arguments-inl.h:152
#7  v8::internal::(anonymous namespace)::HandleApiCallHelper<false> (isolate=0x28d00060c000, fun_data=..., receiver=..., function=..., 
    new_target=..., args=...) at ../../v8/src/builtins/builtins-api.cc:112
#8  v8::internal::Builtin_Impl_HandleApiCall (args=..., isolate=0x28d00060c000) at ../../v8/src/builtins/builtins-api.cc:142
#9  v8::internal::Builtin_HandleApiCall (args_length=5, args_object=<optimized out>, isolate=0x28d00060c000)
    at ../../v8/src/builtins/builtins-api.cc:130
#10 0x00005555572cb5f8 in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit ()
#11 0x000055555724ae22 in Builtins_InterpreterEntryTrampoline ()

So this is probably coming from the release build assertion CHECK in https://source.chromium.org/chromium/chromium/src/+/main:components/os_crypt/os_crypt_linux.cc;l=74;drc=35be6215ec8f09e50176f36753c68f26c63d1885;bpv=1;bpt=0

// Create the KeyStorage. Will be null if no service is found. A Config must be
// set before every call to this function.
std::unique_ptr<KeyStorageLinux> CreateKeyStorage() {
  CHECK(g_cache.Get().config);
  std::unique_ptr<KeyStorageLinux> key_storage =
      KeyStorageLinux::CreateService(*g_cache.Get().config);
  g_cache.Get().config.reset();
  return key_storage;
}

Apparently the config wasn't set as expected. Will try to debug further tomorrow.

[RaisinTen]

Sent a potential fix for this in #33913! Haven't tested it locally yet because I don't have the resources to compile electron on linux yet, so I can try to download the artifacts and test those out instead. Unfortunately, just as @codebytere mentioned in #33640 (comment), electron is mirroring chromium's behavior and that prevents us from running safeStorage methods before the app is ready on linux. The fix makes safeStorage.isEncryptionAvailable() return false instead of crashing before the 'ready' event is emitted by the app.

[ckerr]

Yep, the config is set in ElectronBrowserMainParts::PostCreateMainMessageLoop at

electron/shell/browser/electron_browser_main_parts.cc

Line 499 in 31c2b57

OSCrypt::SetConfig(std::move(config));