Fix a crash when a frame was inserted into a popup and navigated. I added a

test for this case. I also checked the other navigation cases to see if we were relying on state from the renderer (which might be malicious) and the controller being in sync, and I didn't see any others in this area. I clarified some comments so it should be more clearly correct. BUG=1279570 Review URL: http://codereview.chromium.org/4250 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@2549 0039d316-1c4b-4281-b951-d872f2087c98
author: brettw@google.com <brettw@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2008-09-24 16:49:09 +0000
committer: brettw@google.com <brettw@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2008-09-24 16:49:09 +0000
commit: 4c27ba8c72312059ddfc701995a01941a964d435 (patch)
tree: bf1f99730c0ba9a1a6376183c7c7a7d0edc598c4 /chrome/browser/navigation_controller_unittest.cc
parent: 106b7fa4a08f6defa54512a0a93f7a773bc15e38 (diff)
download: chromium_src-4c27ba8c72312059ddfc701995a01941a964d435.zip
chromium_src-4c27ba8c72312059ddfc701995a01941a964d435.tar.gz
chromium_src-4c27ba8c72312059ddfc701995a01941a964d435.tar.bz2
1 files changed, 23 insertions, 0 deletions
diff --git a/chrome/browser/navigation_controller_unittest.cc b/chrome/browser/navigation_controller_unittest.cc
index 3f3e087..759ad6f 100644
--- a/chrome/browser/navigation_controller_unittest.cc
+++ b/chrome/browser/navigation_controller_unittest.cc
@@ -874,6 +874,29 @@ TEST_F(NavigationControllerTest, NewSubframe) {
   EXPECT_EQ(params.page_id, details.entry->page_id());
 }
 
+// Some pages create a popup, then write an iframe into it. This causes a
+// subframe navigation without having any committed entry. Such navigations
+// just get thrown on the ground, but we shouldn't crash.
+TEST_F(NavigationControllerTest, SubframeOnEmptyPage) {
+  TestNotificationTracker notifications;
+  RegisterForAllNavNotifications(&notifications, contents->controller());
+
+  // Navigation controller currently has no entries.
+  const GURL url("test1:foo2");
+  ViewHostMsg_FrameNavigate_Params params;
+  params.page_id = 1;
+  params.url = url;
+  params.transition = PageTransition::AUTO_SUBFRAME;
+  params.should_update_history = false;
+  params.gesture = NavigationGestureAuto;
+  params.is_post = false;
+
+  NavigationController::LoadCommittedDetails details;
+  EXPECT_FALSE(contents->controller()->RendererDidNavigate(params, false,
+                                                           &details));
+  EXPECT_EQ(0, notifications.size());
+}
+
 // Auto subframes are ones the page loads automatically like ads. They should
 // not create new navigation entries.
 TEST_F(NavigationControllerTest, AutoSubframe) {
author	brettw@google.com <brettw@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2008-09-24 16:49:09 +0000
committer	brettw@google.com <brettw@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2008-09-24 16:49:09 +0000
commit	4c27ba8c72312059ddfc701995a01941a964d435 (patch)
tree	bf1f99730c0ba9a1a6376183c7c7a7d0edc598c4 /chrome/browser/navigation_controller_unittest.cc
parent	106b7fa4a08f6defa54512a0a93f7a773bc15e38 (diff)
download	chromium_src-4c27ba8c72312059ddfc701995a01941a964d435.zip chromium_src-4c27ba8c72312059ddfc701995a01941a964d435.tar.gz chromium_src-4c27ba8c72312059ddfc701995a01941a964d435.tar.bz2