summaryrefslogtreecommitdiffstats
path: root/chrome/browser/extensions/extension_message_service.cc
diff options
context:
space:
mode:
authorpaulg@google.com <paulg@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2009-04-14 02:03:20 +0000
committerpaulg@google.com <paulg@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2009-04-14 02:03:20 +0000
commit05349986a0c968101b8925be496794b1f2bc40f5 (patch)
tree7cb79c84d92e7e5910664e94979debb9980b3e3d /chrome/browser/extensions/extension_message_service.cc
parent3401b00e41731a8816d9aec9592b09efb4bf5eac (diff)
downloadchromium_src-05349986a0c968101b8925be496794b1f2bc40f5.zip
chromium_src-05349986a0c968101b8925be496794b1f2bc40f5.tar.gz
chromium_src-05349986a0c968101b8925be496794b1f2bc40f5.tar.bz2
Fix a crash where the ResourceMessageFilter is deleted before a
SafeBrowsing check has completed. The problem occurs since the SafeBrowsingResourceHandler is not deleted when its associated URLRequest is cleaned up *and* a SafeBrowsing check is in progress. When the check completes, the next resource handler in the chain (the AsyncResourceHandler which caches a pointer the now deleted ResourceMessageFilter) will crash. This CL adds a notification for objects to know when the ResourceMessageFilter is destroyed. BUG=8544 (http://crbug.com) Review URL: http://codereview.chromium.org/63036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@13644 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/extensions/extension_message_service.cc')
-rwxr-xr-xchrome/browser/extensions/extension_message_service.cc26
1 files changed, 21 insertions, 5 deletions
diff --git a/chrome/browser/extensions/extension_message_service.cc b/chrome/browser/extensions/extension_message_service.cc
index 8a4ef73..f200c5b 100755
--- a/chrome/browser/extensions/extension_message_service.cc
+++ b/chrome/browser/extensions/extension_message_service.cc
@@ -11,6 +11,7 @@
#include "chrome/browser/renderer_host/render_view_host.h"
#include "chrome/browser/renderer_host/render_process_host.h"
#include "chrome/browser/renderer_host/resource_message_filter.h"
+#include "chrome/common/notification_service.h"
#include "chrome/common/render_messages.h"
#include "chrome/common/stl_util-inl.h"
@@ -132,14 +133,23 @@ void ExtensionMessageService::RendererReady(ResourceMessageFilter* renderer) {
AutoLock lock(renderers_lock_);
DCHECK(renderers_.find(renderer->GetProcessId()) == renderers_.end());
renderers_[renderer->GetProcessId()] = renderer;
+
+ NotificationService::current()->AddObserver(
+ this,
+ NotificationType::RESOURCE_MESSAGE_FILTER_SHUTDOWN,
+ Source<ResourceMessageFilter>(renderer));
}
-void ExtensionMessageService::RendererShutdown(
- ResourceMessageFilter* renderer) {
+void ExtensionMessageService::Observe(NotificationType type,
+ const NotificationSource& source,
+ const NotificationDetails& details) {
+ DCHECK(type.value == NotificationType::RESOURCE_MESSAGE_FILTER_SHUTDOWN);
+ ResourceMessageFilter* filter = Source<ResourceMessageFilter>(source).ptr();
+
{
AutoLock lock(renderers_lock_);
- DCHECK(renderers_.find(renderer->GetProcessId()) != renderers_.end());
- renderers_.erase(renderer->GetProcessId());
+ DCHECK(renderers_.find(filter->GetProcessId()) != renderers_.end());
+ renderers_.erase(filter->GetProcessId());
}
// Close any channels that share this filter.
@@ -147,7 +157,13 @@ void ExtensionMessageService::RendererShutdown(
for (MessageChannelMap::iterator it = channels_.begin();
it != channels_.end(); ) {
MessageChannelMap::iterator current = it++;
- if (current->second.port1 == renderer || current->second.port2 == renderer)
+ if (current->second.port1 == filter || current->second.port2 == filter)
channels_.erase(current);
}
+
+ NotificationService::current()->RemoveObserver(
+ this,
+ NotificationType::RESOURCE_MESSAGE_FILTER_SHUTDOWN,
+ Source<ResourceMessageFilter>(filter));
}
+