Closing a tab with a constrained pop-up showing an SSL interstitial would crash the browser.

BUG=1966
TEST=Open a page that opens a popup which is served over bad SSL. Close the tab.
Review URL: http://codereview.chromium.org/1898

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@2058 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 40 insertions, 3 deletions

diff --git a/chrome/browser/ssl_blocking_page.cc b/chrome/browser/ssl_blocking_page.cc
index a8f5152..699c9e2 100644
--- a/chrome/browser/ssl_blocking_page.cc
+++ b/chrome/browser/ssl_blocking_page.cc
@@ -171,7 +171,10 @@ void SSLBlockingPage::Observe(NotificationType type,
       // the last entry is kept for the restoring on next start-up.
       Browser* browser = Browser::GetBrowserForController(tab_->controller(),
                                                           NULL);
-      if (remove_last_entry_ &&
+      // We may not have a browser (this is the case for constrained popups), in
+      // which case it does not matter if we do not remove the temporary entry
+      // as their navigation history is not saved.
+      if (remove_last_entry_ && browser &&
           !browser->tabstrip_model()->closing_all()) {
         tab_->controller()->RemoveLastEntry();
       }
diff --git a/chrome/browser/ssl_uitest.cc b/chrome/browser/ssl_uitest.cc
index 93a7015..7b34292 100644
--- a/chrome/browser/ssl_uitest.cc
+++ b/chrome/browser/ssl_uitest.cc
@@ -123,13 +123,13 @@ TEST_F(SSLUITest, TestHTTP) {
 // Visits a page over http which includes broken https resources (status should
 // be OK).
 TEST_F(SSLUITest, TestHTTPWithBrokenHTTPSResource) {
-  TestServer httpServer(kDocRoot);
+  TestServer http_server(kDocRoot);
   HTTPSTestServer httpsServer(kHostName, kBadHTTPSPort,
                               kDocRoot, GetExpiredCertPath());
   scoped_ptr<TabProxy> tab(GetActiveTabProxy());
 
   NavigateTab(tab.get(),
-      httpServer.TestServerPageW(L"files/ssl/page_with_unsafe_contents.html"));
+      http_server.TestServerPageW(L"files/ssl/page_with_unsafe_contents.html"));
 
   SecurityStyle security_style;
   int cert_status;
@@ -470,6 +470,33 @@ TEST_F(SSLUITest, TestRefNavigation) {
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 }
 
+// Tests that closing a page that has a unsafe pop-up does not crash the browser
+// (bug #1966).
+TEST_F(SSLUITest, TestCloseTabWithUnsafePopup) {
+  TestServer http_server(kDocRoot);
+  HTTPSTestServer bad_https_server(kHostName, kBadHTTPSPort,
+                                   kDocRoot, GetExpiredCertPath());
+
+  scoped_ptr<TabProxy> tab(GetActiveTabProxy());
+  NavigateTab(tab.get(),
+              http_server.TestServerPageW(
+                  L"files/ssl/page_with_unsafe_popup.html"));
+
+  int popup_count = 0;
+  EXPECT_TRUE(tab->GetConstrainedWindowCount(&popup_count));
+  EXPECT_EQ(1, popup_count);
+
+  // Let's add another tab to make sure the browser does not exit when we close
+  // the first tab.
+  scoped_ptr<BrowserProxy> browser_proxy(automation()->GetBrowserWindow(0));
+  EXPECT_TRUE(browser_proxy.get());
+  browser_proxy->AppendTab(
+      http_server.TestServerPageW(L"files/ssl/google.html"));
+
+  // Close the first tab.
+  tab->Close();
+}
+
 // TODO (jcampan): more tests to do below.
 
 // Visit a page over bad https that is a redirect to a page with good https.
diff --git a/chrome/test/data/ssl/page_with_unsafe_popup.html b/chrome/test/data/ssl/page_with_unsafe_popup.html
new file mode 100644
index 0000000..093aef7
--- /dev/null
+++ b/chrome/test/data/ssl/page_with_unsafe_popup.html
@@ -0,0 +1,7 @@
+<html>
+This page opens a popup on an insecure page.
+<script>
+  window.open('https://127.0.0.1:9666/files/ssl/bad_iframe.html', 'Portnawak',
+              "status = 1, height = 300, width = 300, resizable = 0" );
+</script>
+</html>