Make functions being routed by NativeHandlers throw an exception if there is no ModuleSystem in the current context.

BUG=124208
TEST=existing tests


Review URL: http://codereview.chromium.org/10208001

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@133643 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 17 insertions, 0 deletions

diff --git a/chrome/renderer/module_system.cc b/chrome/renderer/module_system.cc
index 53f1267..7c246e4 100644
--- a/chrome/renderer/module_system.cc
+++ b/chrome/renderer/module_system.cc
@@ -59,6 +59,12 @@ ModuleSystem::NativesEnabledScope::~NativesEnabledScope() {
   CHECK_GE(module_system_->natives_enabled_, 0);
 }
 
+// static
+bool ModuleSystem::IsPresentInCurrentContext() {
+  v8::Handle<v8::Object> global(v8::Context::GetCurrent()->Global());
+  return !global->GetHiddenValue(v8::String::New(kModuleSystem))->IsUndefined();
+}
+
 void ModuleSystem::Require(const std::string& module_name) {
   v8::HandleScope handle_scope;
   RequireForJsInner(v8::String::New(module_name.c_str()));
diff --git a/chrome/renderer/module_system.h b/chrome/renderer/module_system.h
index 1dc6065..c68137a 100644
--- a/chrome/renderer/module_system.h
+++ b/chrome/renderer/module_system.h
@@ -54,6 +54,9 @@ class ModuleSystem : public NativeHandler {
   explicit ModuleSystem(v8::Handle<v8::Context> context, SourceMap* source_map);
   virtual ~ModuleSystem();
 
+  // Returns true if the current context has a ModuleSystem installed in it.
+  static bool IsPresentInCurrentContext();
+
   // Require the specified module. This is the equivalent of calling
   // require('module_name') from the loaded JS files.
   void Require(const std::string& module_name);
diff --git a/chrome/renderer/native_handler.cc b/chrome/renderer/native_handler.cc
index a09486b..7076b32 100644
--- a/chrome/renderer/native_handler.cc
+++ b/chrome/renderer/native_handler.cc
@@ -6,6 +6,7 @@
 
 #include "base/memory/linked_ptr.h"
 #include "base/logging.h"
+#include "chrome/renderer/module_system.h"
 #include "v8/include/v8.h"
 
 NativeHandler::NativeHandler()
@@ -23,6 +24,13 @@ v8::Handle<v8::Object> NativeHandler::NewInstance() {
 
 // static
 v8::Handle<v8::Value> NativeHandler::Router(const v8::Arguments& args) {
+  // It is possible for JS code to execute after ModuleSystem has been deleted
+  // in which case the native handlers will also have been deleted, making
+  // HandlerFunction below point to freed memory.
+  if (!ModuleSystem::IsPresentInCurrentContext()) {
+    return v8::ThrowException(v8::Exception::Error(
+        v8::String::New("ModuleSystem has been deleted")));
+  }
   HandlerFunction* handler_function = static_cast<HandlerFunction*>(
       args.Data().As<v8::External>()->Value());
   return handler_function->Run(args);