#50784: fix: dangling raw_ptr api::Session::browser_context_
Merged
Description of Change
Fix a dangling raw_ptr<ElectronBrowserContext> api::Session::browser_context_; observed by running specs on a local build with dangling raw_ptr checks enabled.
This is fixed by clearing browser_context_ in Session::OnBeforeMicrotasksRunnerDispose().
One minor ripple effect: Session also has an ElectronBrowserContext* browser_context(); getter which can now return nullptr. (This is still better than returning freed memory!) I've checked all of its callers manually and all seems OK. I've added nullptr guards and DCHECK() calls where appropriate.
[DanglingPtr](1/3) A raw_ptr/raw_ref is dangling.
[DanglingPtr](2/3) First, the memory was freed at:
Stack trace:
#0 0x57ad7df42712 base::debug::CollectStackTrace() [../../base/debug/stack_trace_posix.cc:1050:7]
#1 0x57ad7df29f31 base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:280:20]
#2 0x57ad7df49d36 base::allocator::(anonymous namespace)::DanglingRawPtrDetected() [../../base/allocator/partition_alloc_support.cc:438:11]
#3 0x57ad7de2aeeb partition_alloc::PartitionRoot::Free<>() [../../base/allocator/partition_allocator/src/partition_alloc/in_slot_metadata.h:389:5]
#4 0x57ad76da2656 electron::ElectronBrowserContext::~ElectronBrowserContext() [../../electron/shell/browser/electron_browser_context.cc:418:51]
#5 0x57ad76da1576 electron::ElectronBrowserContext::DestroyAllContexts() [../../third_party/libc++/src/include/__memory/unique_ptr.h:74:5]
#6 0x57ad76da9070 electron::ElectronBrowserMainParts::PostMainMessageLoopRun() [../../electron/shell/browser/electron_browser_main_parts.cc:621:3]
#7 0x57ad7bcdbb97 content::BrowserMainLoop::ShutdownThreadsAndCleanUp() [../../content/browser/browser_main_loop.cc:1164:13]
#8 0x57ad7bcddf80 content::BrowserMainRunnerImpl::Shutdown() [../../content/browser/browser_main_runner_impl.cc:175:17]
#9 0x57ad7bcd7871 content::BrowserMain() [../../content/browser/browser_main.cc:41:16]
#10 0x57ad7746b609 content::RunBrowserProcessMain() [../../content/app/content_main_runner_impl.cc:701:10]
#11 0x57ad7746e987 content::ContentMainRunnerImpl::RunBrowser() [../../content/app/content_main_runner_impl.cc:1325:10]
#12 0x57ad7746dc90 content::ContentMainRunnerImpl::Run() [../../content/app/content_main_runner_impl.cc:1155:12]
#13 0x57ad77469d66 content::RunContentProcess() [../../content/app/content_main.cc:356:36]
#14 0x57ad77469fa0 content::ContentMain() [../../content/app/content_main.cc:369:10]
#15 0x57ad76c57555 main [../../electron/shell/app/electron_main_linux.cc:50:10]
#16 0x7f112a02a575 (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a574)
#17 0x7f112a02a628 __libc_start_main
#18 0x57ad76c3b02a _start
[DanglingPtr](3/3) Later, the dangling raw_ptr was released at:
Stack trace:
#0 0x57ad7df42712 base::debug::CollectStackTrace() [../../base/debug/stack_trace_posix.cc:1050:7]
#1 0x57ad7df29f31 base::debug::StackTrace::StackTrace() [../../base/debug/stack_trace.cc:280:20]
#2 0x57ad7df49e1d base::allocator::(anonymous namespace)::DanglingRawPtrReleased<>() [../../base/allocator/partition_alloc_support.cc:600:21]
#3 0x57ad7df877c9 base::internal::RawPtrBackupRefImpl<>::ReleaseInternal() [../../base/allocator/partition_allocator/src/partition_alloc/in_slot_metadata.h:211:7]
#4 0x57ad76cf6ca0 electron::api::Session::~Session() [../../base/allocator/partition_allocator/src/partition_alloc/pointers/raw_ptr_backup_ref_impl.h:194:7]
#5 0x57ad7a301fa8 cppgc::internal::HeapVisitor<>::Traverse() [../../v8/src/heap/cppgc/sweeper.cc:277:13]
#6 0x57ad7a301496 cppgc::internal::(anonymous namespace)::MutatorThreadSweeper::Sweep() [../../v8/src/heap/cppgc/sweeper.cc:653:36]
#7 0x57ad7a301056 cppgc::internal::Sweeper::SweeperImpl::Finish() [../../v8/src/heap/cppgc/sweeper.cc:1311:13]
#8 0x57ad7a2fd051 cppgc::internal::Sweeper::SweeperImpl::FinishIfRunning() [../../v8/src/heap/cppgc/sweeper.cc:1236:7]
#9 0x57ad7a2e677e cppgc::internal::HeapBase::Terminate() [../../v8/src/heap/cppgc/heap-base.cc:281:15]
#10 0x57ad79244440 v8::internal::CppHeap::~CppHeap() [../../v8/src/heap/cppgc-js/cpp-heap.cc:551:13]
#11 0x57ad79244588 v8::internal::CppHeap::~CppHeap() [../../v8/src/heap/cppgc-js/cpp-heap.cc:539:21]
#12 0x57ad792e5c66 v8::internal::Heap::TearDown() [../../third_party/libc++/src/include/__memory/unique_ptr.h:74:5]
#13 0x57ad7918167f v8::internal::Isolate::Deinit() [../../v8/src/execution/isolate.cc:4927:9]
#14 0x57ad79180ed6 v8::internal::Isolate::Deinitialize() [../../v8/src/execution/isolate.cc:4491:12]
#15 0x57ad79180dde v8::internal::Isolate::Delete() [../../v8/src/execution/isolate.cc:4472:3]
#16 0x57ad8038294d gin::IsolateHolder::~IsolateHolder() [../../gin/isolate_holder.cc:157:13]
#17 0x57ad76dd350b electron::JavascriptEnvironment::~JavascriptEnvironment() [../../third_party/libc++/src/include/__memory/unique_ptr.h:74:5]
#18 0x57ad76da78f9 electron::ElectronBrowserMainParts::~ElectronBrowserMainParts() [../../third_party/libc++/src/include/__memory/unique_ptr.h:74:5]
#19 0x57ad76da79fe electron::ElectronBrowserMainParts::~ElectronBrowserMainParts() [../../electron/shell/browser/electron_browser_main_parts.cc:192:53]
#20 0x57ad7bcd7f48 content::BrowserMainLoop::~BrowserMainLoop() [../../third_party/libc++/src/include/__memory/unique_ptr.h:74:5]
#21 0x57ad7bcd818e content::BrowserMainLoop::~BrowserMainLoop() [../../content/browser/browser_main_loop.cc:496:37]
#22 0x57ad7bcddf9c content::BrowserMainRunnerImpl::Shutdown() [../../third_party/libc++/src/include/__memory/unique_ptr.h:74:5]
#23 0x57ad7bcd7871 content::BrowserMain() [../../content/browser/browser_main.cc:41:16]
#24 0x57ad7746b609 content::RunBrowserProcessMain() [../../content/app/content_main_runner_impl.cc:701:10]
#25 0x57ad7746e987 content::ContentMainRunnerImpl::RunBrowser() [../../content/app/content_main_runner_impl.cc:1325:10]
#26 0x57ad7746dc90 content::ContentMainRunnerImpl::Run() [../../content/app/content_main_runner_impl.cc:1155:12]
#27 0x57ad77469d66 content::RunContentProcess() [../../content/app/content_main.cc:356:36]
#28 0x57ad77469fa0 content::ContentMain() [../../content/app/content_main.cc:369:10]
#29 0x57ad76c57555 main [../../electron/shell/app/electron_main_linux.cc:50:10]
#30 0x7f112a02a575 (/usr/lib/x86_64-linux-gnu/libc.so.6+0x2a574)
#31 0x7f112a02a628 __libc_start_main
#32 0x57ad76c3b02a _start
Please check for more information on:
https://chromium.googlesource.com/chromium/src/+/main/docs/dangling_ptr_guide.md
Checks enabled by building with these flags:
diff --git a/build/args/all.gn b/build/args/all.gn
index 45939f456f..1934854c67 100644
--- a/build/args/all.gn
+++ b/build/args/all.gn
@@ -53,8 +53,11 @@ use_qt6 = false
# https://chromium.googlesource.com/chromium/src/+/main/docs/dangling_ptr.md
# TODO(vertedinde): hunt down dangling pointers on Linux
-enable_dangling_raw_ptr_checks = false
-enable_dangling_raw_ptr_feature_flag = false
+is_debug = true
+enable_dangling_raw_ptr_checks = true
+enable_dangling_raw_ptr_feature_flag = true
+enable_backup_ref_ptr_support = true
+enable_backup_ref_ptr_feature_flag = trueChecklist
- PR description included
- I have built and tested this PR
-
npm testpasses - tests are changed or added
- PR release notes describe the change in a way relevant to app developers, and are capitalized, punctuated, and past tense.
Release Notes
Notes: none.
Backports
42-x-y
MergedPR Number
#50799Merged At
Apr 8, 2026, 11:26:28 AM
Released In
v42.0.0-beta.2Release Date
Apr 10, 2026, 12:27:42 PM
Semver Impact
Major
Breaking changes
Minor
New features
Patch
Bug fixes
None
Docs, tests, etc.
Semantic Versioning helps users understand the impact of updates:
- Major (X.y.z): Breaking changes that may require code modifications
- Minor (x.Y.z): New features that maintain backward compatibility
- Patch (x.y.Z): Bug fixes that don't change the API
- None: Changes that don't affect using facing parts of Electron