summaryrefslogtreecommitdiffstats
path: root/chrome/renderer/plugin_channel_host.cc
diff options
context:
space:
mode:
authormark@chromium.org <mark@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-03-16 20:31:10 +0000
committermark@chromium.org <mark@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-03-16 20:31:10 +0000
commit9f816f720d145872fa7ad141bfe63ea090f3840f (patch)
treefe886c69e458cab0549e4596ad18bf0d53d40747 /chrome/renderer/plugin_channel_host.cc
parent642961926500acbcc3ada6f3a5f2dc1454c1a5a8 (diff)
downloadchromium_src-9f816f720d145872fa7ad141bfe63ea090f3840f.zip
chromium_src-9f816f720d145872fa7ad141bfe63ea090f3840f.tar.gz
chromium_src-9f816f720d145872fa7ad141bfe63ea090f3840f.tar.bz2
The plugin channel host in the renderer process should not initialize IPC
using a known-closed channel name. Instead, when the channel name is known to be closed, initialization should fail. On POSIX systems, the channel is created by the plugin channel in the plugin process and shared with the renderer process over IPC. If the channel closes, the renderer process must not attempt to reestablish it; the plugin process must do that. This serves as early detection for and an escape from the assertion that causes renderers to die and be replaced by a sad tab when attempting to open multiple pages with plugins simultaneously. This resolves the Mac renderer top crash. BUG=26754 TEST=Test case from bug 26754 comment 9 (affected Macs only): a. Have lots of bookmarks (import Safari defaults) b. Right-click on bookmark bar, and choose "Open All Bookmarks" Expect: no crash, no sad tabs. This test should be repeated many times. Review URL: http://codereview.chromium.org/984004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41755 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/renderer/plugin_channel_host.cc')
-rw-r--r--chrome/renderer/plugin_channel_host.cc17
1 files changed, 17 insertions, 0 deletions
diff --git a/chrome/renderer/plugin_channel_host.cc b/chrome/renderer/plugin_channel_host.cc
index 7dfb3b7..bddf69f 100644
--- a/chrome/renderer/plugin_channel_host.cc
+++ b/chrome/renderer/plugin_channel_host.cc
@@ -7,6 +7,10 @@
#include "chrome/common/plugin_messages.h"
#include "chrome/plugin/npobject_base.h"
+#if defined(OS_POSIX)
+#include "ipc/ipc_channel_posix.h"
+#endif
+
#include "third_party/WebKit/WebKit/chromium/public/WebBindings.h"
// A simple MessageFilter that will ignore all messages and respond to sync
@@ -83,6 +87,19 @@ PluginChannelHost::~PluginChannelHost() {
bool PluginChannelHost::Init(MessageLoop* ipc_message_loop,
bool create_pipe_now) {
+#if defined(OS_POSIX)
+ if (!IPC::ChannelSocketExists(channel_name())) {
+ // Attempting to use this IPC channel would result in a crash
+ // inside IPC code within the PluginChannelBase::Init call. The plugin
+ // channel in the plugin process is supposed to have created this channel
+ // and sent it to this process, the renderer process. If this channel
+ // closes and is removed, it cannot be reused until the plugin process
+ // recreates it.
+ LOG(ERROR) << "Refusing use of missing IPC channel " << channel_name();
+ return false;
+ }
+#endif
+
bool ret = PluginChannelBase::Init(ipc_message_loop, create_pipe_now);
is_listening_filter_ = new IsListeningFilter;
channel_->AddFilter(is_listening_filter_);