diff options
author | nasko <nasko@chromium.org> | 2015-02-23 11:54:25 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-02-23 19:55:17 +0000 |
commit | fce51c8ed52fd9a0e90fad89bd8b2fd309dea889 (patch) | |
tree | 8734948325c44bc7482b1c96e90379fe299bf9f5 | |
parent | 11694b0ca87a690eb0d32e97204df04f1510cdf2 (diff) | |
download | chromium_src-fce51c8ed52fd9a0e90fad89bd8b2fd309dea889.zip chromium_src-fce51c8ed52fd9a0e90fad89bd8b2fd309dea889.tar.gz chromium_src-fce51c8ed52fd9a0e90fad89bd8b2fd309dea889.tar.bz2 |
Add helper method to check for invalid message source.
This CL refactors the check for invalid render_frame_message_source_ to a common method and uses it in all of the relevant IPC handlers. Ideally it will all be removed once RenderViewHost disappears or all of its IPC handling is removed.
BUG=451932, 449777
TBR=isherman@chromium.org
NOTRY=true
Review URL: https://codereview.chromium.org/877203002
Cr-Commit-Position: refs/heads/master@{#313445}
(cherry picked from commit 907fcb65c9ff242000395d8e4483ebdca8b77cbe)
Review URL: https://codereview.chromium.org/943083003
Cr-Commit-Position: refs/branch-heads/2272@{#363}
Cr-Branched-From: 827a380cfdb31aa54c8d56e63ce2c3fd8c3ba4d4-refs/heads/master@{#310958}
-rw-r--r-- | content/browser/web_contents/web_contents_impl.cc | 43 | ||||
-rw-r--r-- | content/browser/web_contents/web_contents_impl.h | 4 | ||||
-rw-r--r-- | tools/metrics/actions/actions.xml | 5 |
3 files changed, 42 insertions, 10 deletions
diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc index 25d8762..ac0a7dc 100644 --- a/content/browser/web_contents/web_contents_impl.cc +++ b/content/browser/web_contents/web_contents_impl.cc @@ -567,6 +567,17 @@ bool WebContentsImpl::OnMessageReceived(RenderViewHost* render_view_host, return handled; } +bool WebContentsImpl::HasValidFrameSource() { + if (!render_frame_message_source_) { + DCHECK(render_view_message_source_); + RecordAction(base::UserMetricsAction("BadMessageTerminate_WC")); + GetRenderProcessHost()->ReceivedBadMessage(); + return false; + } + + return true; +} + void WebContentsImpl::RunFileChooser( RenderViewHost* render_view_host, const FileChooserParams& params) { @@ -2723,21 +2734,18 @@ void WebContentsImpl::OnDidRunInsecureContent( } void WebContentsImpl::OnDocumentLoadedInFrame() { - CHECK(render_frame_message_source_); - CHECK(!render_view_message_source_); + if (!HasValidFrameSource()) + return; + RenderFrameHostImpl* rfh = static_cast<RenderFrameHostImpl*>(render_frame_message_source_); FOR_EACH_OBSERVER( WebContentsObserver, observers_, DocumentLoadedInFrame(rfh)); } -void WebContentsImpl::OnDidFinishLoad( - const GURL& url) { - if (!render_frame_message_source_) { - RecordAction(base::UserMetricsAction("BadMessageTerminate_RVD2")); - GetRenderProcessHost()->ReceivedBadMessage(); +void WebContentsImpl::OnDidFinishLoad(const GURL& url) { + if (!HasValidFrameSource()) return; - } GURL validated_url(url); RenderProcessHost* render_process_host = @@ -2751,6 +2759,9 @@ void WebContentsImpl::OnDidFinishLoad( } void WebContentsImpl::OnDidStartLoading(bool to_different_document) { + if (!HasValidFrameSource()) + return; + RenderFrameHostImpl* rfh = static_cast<RenderFrameHostImpl*>(render_frame_message_source_); int64 render_frame_id = rfh->frame_tree_node()->frame_tree_node_id(); @@ -2789,6 +2800,9 @@ void WebContentsImpl::OnDidStartLoading(bool to_different_document) { } void WebContentsImpl::OnDidStopLoading() { + if (!HasValidFrameSource()) + return; + RenderFrameHostImpl* rfh = static_cast<RenderFrameHostImpl*>(render_frame_message_source_); int64 render_frame_id = rfh->frame_tree_node()->frame_tree_node_id(); @@ -2816,6 +2830,9 @@ void WebContentsImpl::OnDidStopLoading() { } void WebContentsImpl::OnDidChangeLoadProgress(double load_progress) { + if (!HasValidFrameSource()) + return; + RenderFrameHostImpl* rfh = static_cast<RenderFrameHostImpl*>(render_frame_message_source_); int64 render_frame_id = rfh->frame_tree_node()->frame_tree_node_id(); @@ -2952,9 +2969,9 @@ void WebContentsImpl::OnOpenColorChooser( int color_chooser_id, SkColor color, const std::vector<ColorSuggestion>& suggestions) { - // Protect against malicious renderer. See http://crbug.com/449777 - if (!render_frame_message_source_) + if (!HasValidFrameSource()) return; + ColorChooser* new_color_chooser = delegate_ ? delegate_->OpenColorChooser(this, color, suggestions) : NULL; @@ -4371,6 +4388,9 @@ void WebContentsImpl::OnPreferredSizeChanged(const gfx::Size& old_size) { void WebContentsImpl::AddMediaPlayerEntry(int64 player_cookie, ActiveMediaPlayerMap* player_map) { + if (!HasValidFrameSource()) + return; + const uintptr_t key = reinterpret_cast<uintptr_t>(render_frame_message_source_); DCHECK(std::find((*player_map)[key].begin(), @@ -4381,6 +4401,9 @@ void WebContentsImpl::AddMediaPlayerEntry(int64 player_cookie, void WebContentsImpl::RemoveMediaPlayerEntry(int64 player_cookie, ActiveMediaPlayerMap* player_map) { + if (!HasValidFrameSource()) + return; + const uintptr_t key = reinterpret_cast<uintptr_t>(render_frame_message_source_); ActiveMediaPlayerMap::iterator it = player_map->find(key); diff --git a/content/browser/web_contents/web_contents_impl.h b/content/browser/web_contents/web_contents_impl.h index 7158107..376c19f 100644 --- a/content/browser/web_contents/web_contents_impl.h +++ b/content/browser/web_contents/web_contents_impl.h @@ -741,6 +741,10 @@ class CONTENT_EXPORT WebContentsImpl RenderFrameHost* render_frame_host, const IPC::Message& message); + // Checks whether render_frame_message_source_ is set to non-null value, + // otherwise it terminates the main frame renderer process. + bool HasValidFrameSource(); + // IPC message handlers. void OnThemeColorChanged(SkColor theme_color); void OnDidLoadResourceFromMemoryCache(const GURL& url, diff --git a/tools/metrics/actions/actions.xml b/tools/metrics/actions/actions.xml index b438d74..e823561 100644 --- a/tools/metrics/actions/actions.xml +++ b/tools/metrics/actions/actions.xml @@ -1250,6 +1250,11 @@ should be able to be added at any place in this file. <description>Please enter the description of this user action.</description> </action> +<action name="BadMessageTerminate_WC"> + <owner>Please list the metric's owners. Add more owner tags as needed.</owner> + <description>Please enter the description of the metric.</description> +</action> + <action name="BadMessageTerminate_WPH"> <owner>Please list the metric's owners. Add more owner tags as needed.</owner> <description>Please enter the description of this user action.</description> |