Reverting r133134 - Make sure that base::MessagePumpForUI from different modules are isolated from each other and add protection from shatter attacks by placing |this| pointer to the used data associated with the message-only window (instead of blindly trusting the value of WPARAM).

We suspect that r133134 might be causing issues like 124091, so it needs to be reworked.

BUG=124091,127933

TBR=alexeypa@chromium.org

Review URL: https://chromiumcodereview.appspot.com/10384209

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@137542 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 25 insertions, 60 deletions

diff --git a/base/message_pump_win.cc b/base/message_pump_win.cc
index 7dc3da3..9484b29 100644
--- a/base/message_pump_win.cc
+++ b/base/message_pump_win.cc
@@ -8,19 +8,11 @@
 
 #include "base/message_loop.h"
 #include "base/metrics/histogram.h"
-#include "base/stringprintf.h"
 #include "base/win/wrapped_window_proc.h"
 
-namespace {
-
-// The ID of the timer used by the UI message pump.
-const int kMessagePumpTimerId = 0;
-
-}  // namespace
-
 namespace base {
 
-static const wchar_t kWndClassFormat[] = L"Chrome_MessagePumpWindow%p";
+static const wchar_t kWndClass[] = L"Chrome_MessagePumpWindow";
 
 // Message sent to get an additional time slice for pumping (processing) another
 // task (a series of such messages creates a continuous task pump).
@@ -90,19 +82,13 @@ int MessagePumpWin::GetCurrentDelay() const {
 //-----------------------------------------------------------------------------
 // MessagePumpForUI public:
 
-MessagePumpForUI::MessagePumpForUI()
-    : atom_(0),
-      instance_(NULL),
-      message_hwnd_(NULL) {
+MessagePumpForUI::MessagePumpForUI() {
   InitMessageWnd();
 }
 
 MessagePumpForUI::~MessagePumpForUI() {
-  if (message_hwnd_ != NULL)
-    DestroyWindow(message_hwnd_);
-
-  if (atom_ != 0)
-    UnregisterClass(reinterpret_cast<const char16*>(atom_), instance_);
+  DestroyWindow(message_hwnd_);
+  UnregisterClass(kWndClass, GetModuleHandle(NULL));
 }
 
 void MessagePumpForUI::ScheduleWork() {
@@ -110,7 +96,7 @@ void MessagePumpForUI::ScheduleWork() {
     return;  // Someone else continued the pumping.
 
   // Make sure the MessagePump does some work for us.
-  PostMessage(message_hwnd_, kMsgHaveWork, 0, 0);
+  PostMessage(message_hwnd_, kMsgHaveWork, reinterpret_cast<WPARAM>(this), 0);
 }
 
 void MessagePumpForUI::ScheduleDelayedWork(const TimeTicks& delayed_work_time) {
@@ -143,7 +129,7 @@ void MessagePumpForUI::ScheduleDelayedWork(const TimeTicks& delayed_work_time) {
 
   // Create a WM_TIMER event that will wake us up to check for any pending
   // timers (in case we are running within a nested, external sub-pump).
-  SetTimer(message_hwnd_, kMessagePumpTimerId, delay_msec, NULL);
+  SetTimer(message_hwnd_, reinterpret_cast<UINT_PTR>(this), delay_msec, NULL);
 }
 
 void MessagePumpForUI::PumpOutPendingPaintMessages() {
@@ -176,19 +162,13 @@ void MessagePumpForUI::PumpOutPendingPaintMessages() {
 // static
 LRESULT CALLBACK MessagePumpForUI::WndProcThunk(
     HWND hwnd, UINT message, WPARAM wparam, LPARAM lparam) {
-  // Retrieve |this| from the user data, associated with the window.
-  MessagePumpForUI* self = reinterpret_cast<MessagePumpForUI*>(
-      GetWindowLongPtr(hwnd, GWLP_USERDATA));
-  if (self != NULL) {
-    switch (message) {
-      case kMsgHaveWork:
-        self->HandleWorkMessage();
-        break;
-      case WM_TIMER:
-        DCHECK(wparam == kMessagePumpTimerId);
-        self->HandleTimerMessage();
-        break;
-    }
+  switch (message) {
+    case kMsgHaveWork:
+      reinterpret_cast<MessagePumpForUI*>(wparam)->HandleWorkMessage();
+      break;
+    case WM_TIMER:
+      reinterpret_cast<MessagePumpForUI*>(wparam)->HandleTimerMessage();
+      break;
   }
   return DefWindowProc(hwnd, message, wparam, lparam);
 }
@@ -231,7 +211,7 @@ void MessagePumpForUI::DoRunLoop() {
     // don't want to disturb that timer if it is already in flight.  However,
     // if we did do all remaining delayed work, then lets kill the WM_TIMER.
     if (more_work_is_plausible && delayed_work_time_.is_null())
-      KillTimer(message_hwnd_, kMessagePumpTimerId);
+      KillTimer(message_hwnd_, reinterpret_cast<UINT_PTR>(this));
     if (state_->should_quit)
       break;
 
@@ -250,33 +230,18 @@ void MessagePumpForUI::DoRunLoop() {
 }
 
 void MessagePumpForUI::InitMessageWnd() {
-  // Register a unique window class for each instance of UI pump.
-  string16 class_name = base::StringPrintf(kWndClassFormat, this);
-  WNDCLASSEX window_class;
-  base::win::InitializeWindowClass(
-      class_name.c_str(),
-      &base::win::WrappedWindowProc<WndProcThunk>,
-      0, 0, 0, NULL, NULL, NULL, NULL, NULL,
-      &window_class);
-  instance_ = window_class.hInstance;
-  atom_ = RegisterClassEx(&window_class);
-  if (atom_ == 0) {
-    DCHECK(atom_);
-    return;
-  }
+  HINSTANCE hinst = GetModuleHandle(NULL);
 
-  // Create the message-only window.
-  message_hwnd_ = CreateWindow(
-      MAKEINTATOM(atom_), 0, 0, 0, 0, 0, 0, HWND_MESSAGE, 0, instance_, 0);
-  if (message_hwnd_ == NULL) {
-    DCHECK(message_hwnd_);
-    return;
-  }
+  WNDCLASSEX wc = {0};
+  wc.cbSize = sizeof(wc);
+  wc.lpfnWndProc = base::win::WrappedWindowProc<WndProcThunk>;
+  wc.hInstance = hinst;
+  wc.lpszClassName = kWndClass;
+  RegisterClassEx(&wc);
 
-  // Store |this| so that the window procedure could retrieve it later.
-  SetWindowLongPtr(message_hwnd_,
-                   GWLP_USERDATA,
-                   reinterpret_cast<LONG_PTR>(this));
+  message_hwnd_ =
+      CreateWindow(kWndClass, 0, 0, 0, 0, 0, 0, HWND_MESSAGE, 0, hinst, 0);
+  DCHECK(message_hwnd_);
 }
 
 void MessagePumpForUI::WaitForWork() {
@@ -335,7 +300,7 @@ void MessagePumpForUI::HandleWorkMessage() {
 }
 
 void MessagePumpForUI::HandleTimerMessage() {
-  KillTimer(message_hwnd_, kMessagePumpTimerId);
+  KillTimer(message_hwnd_, reinterpret_cast<UINT_PTR>(this));
 
   // If we are being called outside of the context of Run, then don't do
   // anything.  This could correspond to a MessageBox call or something of