diff options
| author | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-11 19:21:48 +0000 |
|---|---|---|
| committer | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-11 19:21:48 +0000 |
| commit | 2cf5fd6fd8dcdce46f6cb02ee5d9b6ea408f6ac5 (patch) | |
| tree | 97887f0f92a081f1652b8246ff0896ca96a97b0a | |
| parent | a74eb25bab32dd190b4c925cdf27ffa1fca2b37a (diff) | |
| download | chromium_src-2cf5fd6fd8dcdce46f6cb02ee5d9b6ea408f6ac5.zip chromium_src-2cf5fd6fd8dcdce46f6cb02ee5d9b6ea408f6ac5.tar.gz chromium_src-2cf5fd6fd8dcdce46f6cb02ee5d9b6ea408f6ac5.tar.bz2 | |
The ChromeFrame net tests randomly crash in the url request redirect tests on the chrome frame builder.
Some debugging revealed that we send over two redirect responses from the IE host network stack implementation
to Chrome, which causes a crash in the url request automation job while dereferencing a NULL request.
Two redirect responses are sent in the following scenario:-
1. We received a redirect notification in our bind status callback. We abort the binding and return E_ABORT.
2. Eventually we receive a call in our bind status callback implementation of OnResponse even after the binding
was aborted. This causes the response to be sent twice.
Added a check for a NULL binding and a trace in the IE host network stack implementation. I also added
a NOTREACHED in the url request automation job if we ever receive a message for an automation job which
has a NULL request.
Bug=30118
Review URL: http://codereview.chromium.org/487028
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34360 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/browser/automation/url_request_automation_job.cc | 7 | ||||
| -rw-r--r-- | chrome_frame/urlmon_url_request.cc | 7 |
2 files changed, 14 insertions, 0 deletions
diff --git a/chrome/browser/automation/url_request_automation_job.cc b/chrome/browser/automation/url_request_automation_job.cc index 97522d2..f1a1f29 100644 --- a/chrome/browser/automation/url_request_automation_job.cc +++ b/chrome/browser/automation/url_request_automation_job.cc @@ -226,6 +226,13 @@ bool URLRequestAutomationJob::MayFilterMessage(const IPC::Message& message, } void URLRequestAutomationJob::OnMessage(const IPC::Message& message) { + if (!request_) { + NOTREACHED() << __FUNCTION__ + << ": Unexpected request received for job:" + << id(); + return; + } + IPC_BEGIN_MESSAGE_MAP(URLRequestAutomationJob, message) IPC_MESSAGE_HANDLER(AutomationMsg_RequestStarted, OnRequestStarted) IPC_MESSAGE_HANDLER(AutomationMsg_RequestData, OnDataAvailable) diff --git a/chrome_frame/urlmon_url_request.cc b/chrome_frame/urlmon_url_request.cc index 5fabfb0..5bb78c2 100644 --- a/chrome_frame/urlmon_url_request.cc +++ b/chrome_frame/urlmon_url_request.cc @@ -481,6 +481,13 @@ STDMETHODIMP UrlmonUrlRequest::OnResponse(DWORD dwResponseCode, DCHECK(worker_thread_ != NULL); DCHECK_EQ(PlatformThread::CurrentId(), worker_thread_->thread_id()); + if (!binding_) { + DCHECK(redirect_url_.empty() == false); + DLOG(WARNING) << __FUNCTION__ + << ": Ignoring as the binding was aborted due to a redirect"; + return S_OK; + } + std::string raw_headers = WideToUTF8(response_headers); // Security check for frame busting headers. We don't honor the headers |