summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-12-28 22:10:17 +0000
committerananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-12-28 22:10:17 +0000
commit172acc45664c67f6ec10a13a7f14da3bc4589f68 (patch)
treef833c3ef73012a9b90dc5fa555e4bda7fb891106
parent7f8e5fabdb957cd2875d4bccd95f39f6bb793354 (diff)
downloadchromium_src-172acc45664c67f6ec10a13a7f14da3bc4589f68.zip
chromium_src-172acc45664c67f6ec10a13a7f14da3bc4589f68.tar.gz
chromium_src-172acc45664c67f6ec10a13a7f14da3bc4589f68.tar.bz2
Speculative fix for a ChromeFrame crash in IE full tab mode. The crash occurs while processing an
accelerator message and based on the callstack it looks like QueryService call for the SID_STopLevelBrowser interface returns S_OK with a NULL interface pointer. Added checks in the DoQueryService helper function to return a failure if the QueryService call returns a NULL service pointer. Fixes http://code.google.com/p/chromium/issues/detail?id=25457 Bug=25457 Review URL: http://codereview.chromium.org/523008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35315 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r--chrome_frame/chrome_frame_activex_base.h2
-rw-r--r--chrome_frame/utils.h7
2 files changed, 6 insertions, 3 deletions
diff --git a/chrome_frame/chrome_frame_activex_base.h b/chrome_frame/chrome_frame_activex_base.h
index 28ca868..5ba38f8 100644
--- a/chrome_frame/chrome_frame_activex_base.h
+++ b/chrome_frame/chrome_frame_activex_base.h
@@ -1005,7 +1005,7 @@ END_MSG_MAP()
HRESULT hr = S_FALSE;
ScopedComPtr<IBrowserService2> bs2;
if (S_OK == DoQueryService(SID_STopLevelBrowser, m_spInPlaceSite,
- bs2.Receive())) {
+ bs2.Receive()) && bs2.get()) {
hr = bs2->v_MayTranslateAccelerator(const_cast<MSG*>(&msg));
} else {
// IE8 doesn't support IBrowserService2 unless you enable a special,
diff --git a/chrome_frame/utils.h b/chrome_frame/utils.h
index d10b7c0..ab25cf2 100644
--- a/chrome_frame/utils.h
+++ b/chrome_frame/utils.h
@@ -210,9 +210,12 @@ HRESULT DoQueryService(const IID& service_id, IUnknown* unk, T** service) {
ScopedComPtr<IServiceProvider> service_provider;
HRESULT hr = service_provider.QueryFrom(unk);
if (!service_provider)
- return hr;
+ return E_NOINTERFACE;
- return service_provider->QueryService(service_id, service);
+ hr = service_provider->QueryService(service_id, service);
+ if (*service == NULL)
+ return E_NOINTERFACE;
+ return hr;
}
// Get url (display name) from a moniker, |bind_context| is optional