diff options
author | mark@chromium.org <mark@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-16 20:31:10 +0000 |
---|---|---|
committer | mark@chromium.org <mark@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-16 20:31:10 +0000 |
commit | 9f816f720d145872fa7ad141bfe63ea090f3840f (patch) | |
tree | fe886c69e458cab0549e4596ad18bf0d53d40747 /chrome/renderer/plugin_channel_host.cc | |
parent | 642961926500acbcc3ada6f3a5f2dc1454c1a5a8 (diff) | |
download | chromium_src-9f816f720d145872fa7ad141bfe63ea090f3840f.zip chromium_src-9f816f720d145872fa7ad141bfe63ea090f3840f.tar.gz chromium_src-9f816f720d145872fa7ad141bfe63ea090f3840f.tar.bz2 |
The plugin channel host in the renderer process should not initialize IPC
using a known-closed channel name. Instead, when the channel name is known
to be closed, initialization should fail. On POSIX systems, the channel is
created by the plugin channel in the plugin process and shared with the
renderer process over IPC. If the channel closes, the renderer process must
not attempt to reestablish it; the plugin process must do that. This serves
as early detection for and an escape from the assertion that causes renderers
to die and be replaced by a sad tab when attempting to open multiple pages
with plugins simultaneously. This resolves the Mac renderer top crash.
BUG=26754
TEST=Test case from bug 26754 comment 9 (affected Macs only):
a. Have lots of bookmarks (import Safari defaults)
b. Right-click on bookmark bar, and choose "Open All Bookmarks"
Expect: no crash, no sad tabs.
This test should be repeated many times.
Review URL: http://codereview.chromium.org/984004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41755 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/renderer/plugin_channel_host.cc')
-rw-r--r-- | chrome/renderer/plugin_channel_host.cc | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/chrome/renderer/plugin_channel_host.cc b/chrome/renderer/plugin_channel_host.cc index 7dfb3b7..bddf69f 100644 --- a/chrome/renderer/plugin_channel_host.cc +++ b/chrome/renderer/plugin_channel_host.cc @@ -7,6 +7,10 @@ #include "chrome/common/plugin_messages.h" #include "chrome/plugin/npobject_base.h" +#if defined(OS_POSIX) +#include "ipc/ipc_channel_posix.h" +#endif + #include "third_party/WebKit/WebKit/chromium/public/WebBindings.h" // A simple MessageFilter that will ignore all messages and respond to sync @@ -83,6 +87,19 @@ PluginChannelHost::~PluginChannelHost() { bool PluginChannelHost::Init(MessageLoop* ipc_message_loop, bool create_pipe_now) { +#if defined(OS_POSIX) + if (!IPC::ChannelSocketExists(channel_name())) { + // Attempting to use this IPC channel would result in a crash + // inside IPC code within the PluginChannelBase::Init call. The plugin + // channel in the plugin process is supposed to have created this channel + // and sent it to this process, the renderer process. If this channel + // closes and is removed, it cannot be reused until the plugin process + // recreates it. + LOG(ERROR) << "Refusing use of missing IPC channel " << channel_name(); + return false; + } +#endif + bool ret = PluginChannelBase::Init(ipc_message_loop, create_pipe_now); is_listening_filter_ = new IsListeningFilter; channel_->AddFilter(is_listening_filter_); |