Initialize blink only when needed in utility processes.

Currently, in a utility process containing a v8 proxy resolver, both
blink and the proxy resolver attempt to use v8 in incompatible ways,
causing a crash on shutdown. This cl changes the utility process to
only initialize blink when needed.

On Windows, initializing blink with v8 before enabling the sandbox
calls RtlGenRandom(), which leaves it available from within the sandbox.
To avoid breaking base::RandBytes(), this cl also adds a call to
base::RandBytes before enabling the sandbox.

BUG=506439

Review URL: https://codereview.chromium.org/1251823002

Cr-Commit-Position: refs/heads/master@{#340835}

7 files changed, 25 insertions, 8 deletions

diff --git a/chrome/utility/chrome_content_utility_client.cc b/chrome/utility/chrome_content_utility_client.cc
index 9671be8..440ff96 100644
--- a/chrome/utility/chrome_content_utility_client.cc
+++ b/chrome/utility/chrome_content_utility_client.cc
@@ -291,6 +291,7 @@ void ChromeContentUtilityClient::OnDecodeImage(
     const std::vector<unsigned char>& encoded_data,
     bool shrink_to_fit,
     int request_id) {
+  content::UtilityThread::Get()->EnsureBlinkInitialized();
   DecodeImageAndSend(encoded_data, shrink_to_fit, request_id);
 }
 
diff --git a/chrome/utility/profile_import_handler.cc b/chrome/utility/profile_import_handler.cc
index 62ad739..3a57d4f 100644
--- a/chrome/utility/profile_import_handler.cc
+++ b/chrome/utility/profile_import_handler.cc
@@ -44,6 +44,7 @@ void ProfileImportHandler::OnImportStart(
     const importer::SourceProfile& source_profile,
     uint16 items,
     const base::DictionaryValue& localized_strings) {
+  content::UtilityThread::Get()->EnsureBlinkInitialized();
   bridge_ = new ExternalProcessImporterBridge(
       localized_strings,
       content::UtilityThread::Get(),
diff --git a/content/public/utility/utility_thread.h b/content/public/utility/utility_thread.h
index 42bf10c..acafd1a 100644
--- a/content/public/utility/utility_thread.h
+++ b/content/public/utility/utility_thread.h
@@ -21,6 +21,9 @@ class CONTENT_EXPORT UtilityThread : virtual public ChildThread {
 
   // Releases the process if we are not (or no longer) in batch mode.
   virtual void ReleaseProcessIfNeeded() = 0;
+
+  // Initializes blink if it hasn't already been initialized.
+  virtual void EnsureBlinkInitialized() = 0;
 };
 
 }  // namespace content
diff --git a/content/utility/utility_main.cc b/content/utility/utility_main.cc
index 4c6e7212..742a476 100644
--- a/content/utility/utility_main.cc
+++ b/content/utility/utility_main.cc
@@ -15,6 +15,7 @@
 #include "content/utility/utility_thread_impl.h"
 
 #if defined(OS_WIN)
+#include "base/rand_util.h"
 #include "sandbox/win/src/sandbox.h"
 #endif
 
@@ -52,6 +53,10 @@ int UtilityMain(const MainFunctionParams& parameters) {
     if (!LoadLibraryA("dbghelp.dll"))
       return false;
 #endif
+    char buffer;
+    // Ensure RtlGenRandom is warm before the token is lowered; otherwise,
+    // base::RandBytes() will CHECK fail when v8 is initialized.
+    base::RandBytes(&buffer, sizeof(buffer));
     target_services->LowerToken();
   }
 #endif
diff --git a/content/utility/utility_thread_impl.cc b/content/utility/utility_thread_impl.cc
index 00ebc6e..9e5e33e 100644
--- a/content/utility/utility_thread_impl.cc
+++ b/content/utility/utility_thread_impl.cc
@@ -55,8 +55,8 @@ UtilityThreadImpl::~UtilityThreadImpl() {
 void UtilityThreadImpl::Shutdown() {
   ChildThreadImpl::Shutdown();
 
-  if (!IsInBrowserProcess())
-    blink::shutdown();
+  if (blink_platform_impl_)
+    blink::shutdownWithoutV8();
 }
 
 void UtilityThreadImpl::ReleaseProcessIfNeeded() {
@@ -74,17 +74,22 @@ void UtilityThreadImpl::ReleaseProcessIfNeeded() {
   }
 }
 
-void UtilityThreadImpl::Init() {
-  batch_mode_ = false;
-  ChildProcess::current()->AddRefProcess();
-  if (!IsInBrowserProcess()) {
+void UtilityThreadImpl::EnsureBlinkInitialized() {
+  if (blink_platform_impl_ || IsInBrowserProcess()) {
     // We can only initialize WebKit on one thread, and in single process mode
     // we run the utility thread on separate thread. This means that if any code
     // needs WebKit initialized in the utility process, they need to have
     // another path to support single process mode.
-    blink_platform_impl_.reset(new UtilityBlinkPlatformImpl);
-    blink::initialize(blink_platform_impl_.get());
+    return;
   }
+
+  blink_platform_impl_.reset(new UtilityBlinkPlatformImpl);
+  blink::initializeWithoutV8(blink_platform_impl_.get());
+}
+
+void UtilityThreadImpl::Init() {
+  batch_mode_ = false;
+  ChildProcess::current()->AddRefProcess();
   GetContentClient()->utility()->UtilityThreadStarted();
 
   process_control_.reset(new UtilityProcessControlImpl);
diff --git a/content/utility/utility_thread_impl.h b/content/utility/utility_thread_impl.h
index 74908ca..9394a44 100644
--- a/content/utility/utility_thread_impl.h
+++ b/content/utility/utility_thread_impl.h
@@ -43,6 +43,7 @@ class UtilityThreadImpl : public UtilityThread,
   void Shutdown() override;
 
   void ReleaseProcessIfNeeded() override;
+  void EnsureBlinkInitialized() override;
 
  private:
   void Init();
diff --git a/extensions/utility/utility_handler.cc b/extensions/utility/utility_handler.cc
index 65cf509..f3c8a8c 100644
--- a/extensions/utility/utility_handler.cc
+++ b/extensions/utility/utility_handler.cc
@@ -99,6 +99,7 @@ void UtilityHandler::OnUnpackExtension(
   CHECK_GT(location, Manifest::INVALID_LOCATION);
   CHECK_LT(location, Manifest::NUM_LOCATIONS);
   DCHECK(ExtensionsClient::Get());
+  content::UtilityThread::Get()->EnsureBlinkInitialized();
   base::FilePath working_dir = extension_path.DirName();
   base::FilePath unzipped_dir = working_dir.AppendASCII(kTempExtensionName);
   base::string16 error;