summaryrefslogtreecommitdiffstats
path: root/chrome
diff options
context:
space:
mode:
authorjam@chromium.org <jam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-12-22 21:26:30 +0000
committerjam@chromium.org <jam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-12-22 21:26:30 +0000
commitc6602763b8af11cc7bcf66eee6585466c9519272 (patch)
tree082acb805bc1be976a84cd9edd02fd6d7741d6da /chrome
parent3a50f8a87d43c111e58d6e5e0cea5a4ee3c08265 (diff)
downloadchromium_src-c6602763b8af11cc7bcf66eee6585466c9519272.zip
chromium_src-c6602763b8af11cc7bcf66eee6585466c9519272.tar.gz
chromium_src-c6602763b8af11cc7bcf66eee6585466c9519272.tar.bz2
Add stats for figuring out how often we kill processes because of malformed IPCs or unexpected values.
Review URL: http://codereview.chromium.org/6061005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@69985 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
-rw-r--r--chrome/browser/appcache/appcache_dispatcher_host.cc32
-rw-r--r--chrome/browser/appcache/appcache_dispatcher_host.h3
-rw-r--r--chrome/browser/browser_message_filter.cc13
-rw-r--r--chrome/browser/browser_message_filter.h2
-rw-r--r--chrome/browser/extensions/extension_function_dispatcher.cc2
-rw-r--r--chrome/browser/in_process_webkit/dom_storage_message_filter.cc22
-rw-r--r--chrome/browser/in_process_webkit/dom_storage_message_filter.h3
-rw-r--r--chrome/browser/in_process_webkit/indexed_db_dispatcher_host.cc154
-rw-r--r--chrome/browser/in_process_webkit/indexed_db_dispatcher_host.h9
-rw-r--r--chrome/browser/renderer_host/browser_render_process_host.cc27
-rw-r--r--chrome/browser/renderer_host/browser_render_process_host.h8
-rw-r--r--chrome/browser/renderer_host/database_message_filter.cc8
-rw-r--r--chrome/browser/renderer_host/mock_render_process_host.cc2
-rw-r--r--chrome/browser/renderer_host/mock_render_process_host.h2
-rw-r--r--chrome/browser/renderer_host/render_message_filter.cc4
-rw-r--r--chrome/browser/renderer_host/render_process_host.h2
-rw-r--r--chrome/browser/renderer_host/render_view_host.cc4
-rw-r--r--chrome/browser/renderer_host/render_widget_host.cc24
-rw-r--r--chrome/browser/worker_host/worker_process_host.cc2
-rw-r--r--chrome/tools/chromeactions.txt17
20 files changed, 180 insertions, 160 deletions
diff --git a/chrome/browser/appcache/appcache_dispatcher_host.cc b/chrome/browser/appcache/appcache_dispatcher_host.cc
index ecea93c..60172ea 100644
--- a/chrome/browser/appcache/appcache_dispatcher_host.cc
+++ b/chrome/browser/appcache/appcache_dispatcher_host.cc
@@ -6,8 +6,9 @@
#include "base/callback.h"
#include "chrome/browser/appcache/chrome_appcache_service.h"
-#include "chrome/browser/renderer_host/browser_render_process_host.h"
+#include "chrome/browser/metrics/user_metrics.h"
#include "chrome/browser/net/chrome_url_request_context.h"
+#include "chrome/browser/renderer_host/browser_render_process_host.h"
#include "chrome/common/render_messages.h"
AppCacheDispatcherHost::AppCacheDispatcherHost(
@@ -79,10 +80,15 @@ bool AppCacheDispatcherHost::OnMessageReceived(const IPC::Message& message,
return handled;
}
+void AppCacheDispatcherHost::BadMessageReceived() {
+ UserMetrics::RecordAction(UserMetricsAction("BadMessageTerminate_ACDH"));
+ BrowserMessageFilter::BadMessageReceived();
+}
+
void AppCacheDispatcherHost::OnRegisterHost(int host_id) {
if (appcache_service_.get()) {
if (!backend_impl_.RegisterHost(host_id)) {
- BadMessageReceived(AppCacheMsg_RegisterHost::ID);
+ BadMessageReceived();
}
}
}
@@ -90,7 +96,7 @@ void AppCacheDispatcherHost::OnRegisterHost(int host_id) {
void AppCacheDispatcherHost::OnUnregisterHost(int host_id) {
if (appcache_service_.get()) {
if (!backend_impl_.UnregisterHost(host_id)) {
- BadMessageReceived(AppCacheMsg_UnregisterHost::ID);
+ BadMessageReceived();
}
}
}
@@ -103,7 +109,7 @@ void AppCacheDispatcherHost::OnSelectCache(
if (!backend_impl_.SelectCache(host_id, document_url,
cache_document_was_loaded_from,
opt_manifest_url)) {
- BadMessageReceived(AppCacheMsg_SelectCache::ID);
+ BadMessageReceived();
}
} else {
frontend_proxy_.OnCacheSelected(host_id, appcache::AppCacheInfo());
@@ -115,7 +121,7 @@ void AppCacheDispatcherHost::OnSelectCacheForWorker(
if (appcache_service_.get()) {
if (!backend_impl_.SelectCacheForWorker(
host_id, parent_process_id, parent_host_id)) {
- BadMessageReceived(AppCacheMsg_SelectCacheForWorker::ID);
+ BadMessageReceived();
}
} else {
frontend_proxy_.OnCacheSelected(host_id, appcache::AppCacheInfo());
@@ -126,7 +132,7 @@ void AppCacheDispatcherHost::OnSelectCacheForSharedWorker(
int host_id, int64 appcache_id) {
if (appcache_service_.get()) {
if (!backend_impl_.SelectCacheForSharedWorker(host_id, appcache_id))
- BadMessageReceived(AppCacheMsg_SelectCacheForSharedWorker::ID);
+ BadMessageReceived();
} else {
frontend_proxy_.OnCacheSelected(host_id, appcache::AppCacheInfo());
}
@@ -138,7 +144,7 @@ void AppCacheDispatcherHost::OnMarkAsForeignEntry(
if (appcache_service_.get()) {
if (!backend_impl_.MarkAsForeignEntry(host_id, document_url,
cache_document_was_loaded_from)) {
- BadMessageReceived(AppCacheMsg_MarkAsForeignEntry::ID);
+ BadMessageReceived();
}
}
}
@@ -152,7 +158,7 @@ void AppCacheDispatcherHost::OnGetResourceList(
void AppCacheDispatcherHost::OnGetStatus(int host_id,
IPC::Message* reply_msg) {
if (pending_reply_msg_.get()) {
- BadMessageReceived(AppCacheMsg_GetStatus::ID);
+ BadMessageReceived();
delete reply_msg;
return;
}
@@ -161,7 +167,7 @@ void AppCacheDispatcherHost::OnGetStatus(int host_id,
if (appcache_service_.get()) {
if (!backend_impl_.GetStatusWithCallback(
host_id, get_status_callback_.get(), reply_msg)) {
- BadMessageReceived(AppCacheMsg_GetStatus::ID);
+ BadMessageReceived();
}
return;
}
@@ -172,7 +178,7 @@ void AppCacheDispatcherHost::OnGetStatus(int host_id,
void AppCacheDispatcherHost::OnStartUpdate(int host_id,
IPC::Message* reply_msg) {
if (pending_reply_msg_.get()) {
- BadMessageReceived(AppCacheMsg_StartUpdate::ID);
+ BadMessageReceived();
delete reply_msg;
return;
}
@@ -181,7 +187,7 @@ void AppCacheDispatcherHost::OnStartUpdate(int host_id,
if (appcache_service_.get()) {
if (!backend_impl_.StartUpdateWithCallback(
host_id, start_update_callback_.get(), reply_msg)) {
- BadMessageReceived(AppCacheMsg_StartUpdate::ID);
+ BadMessageReceived();
}
return;
}
@@ -192,7 +198,7 @@ void AppCacheDispatcherHost::OnStartUpdate(int host_id,
void AppCacheDispatcherHost::OnSwapCache(int host_id,
IPC::Message* reply_msg) {
if (pending_reply_msg_.get()) {
- BadMessageReceived(AppCacheMsg_SwapCache::ID);
+ BadMessageReceived();
delete reply_msg;
return;
}
@@ -201,7 +207,7 @@ void AppCacheDispatcherHost::OnSwapCache(int host_id,
if (appcache_service_.get()) {
if (!backend_impl_.SwapCacheWithCallback(
host_id, swap_cache_callback_.get(), reply_msg)) {
- BadMessageReceived(AppCacheMsg_SwapCache::ID);
+ BadMessageReceived();
}
return;
}
diff --git a/chrome/browser/appcache/appcache_dispatcher_host.h b/chrome/browser/appcache/appcache_dispatcher_host.h
index 364a4e8..3e2dbe9 100644
--- a/chrome/browser/appcache/appcache_dispatcher_host.h
+++ b/chrome/browser/appcache/appcache_dispatcher_host.h
@@ -43,6 +43,9 @@ class AppCacheDispatcherHost : public BrowserMessageFilter {
bool* message_was_ok);
private:
+ // BrowserMessageFilter override.
+ virtual void BadMessageReceived();
+
// IPC message handlers
void OnRegisterHost(int host_id);
void OnUnregisterHost(int host_id);
diff --git a/chrome/browser/browser_message_filter.cc b/chrome/browser/browser_message_filter.cc
index c4ee1d6..d226af4 100644
--- a/chrome/browser/browser_message_filter.cc
+++ b/chrome/browser/browser_message_filter.cc
@@ -7,7 +7,8 @@
#include "base/logging.h"
#include "base/process.h"
#include "base/process_util.h"
-#include "chrome/browser/renderer_host/browser_render_process_host.h"
+#include "chrome/browser/metrics/user_metrics.h"
+#include "chrome/common/result_codes.h"
BrowserMessageFilter::BrowserMessageFilter()
: channel_(NULL), peer_handle_(base::kNullProcessHandle) {
@@ -77,12 +78,14 @@ bool BrowserMessageFilter::DispatchMessage(const IPC::Message& message) {
bool rv = OnMessageReceived(message, &message_was_ok);
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO) || rv) <<
"Must handle messages that were dispatched to another thread!";
- if (!message_was_ok)
- BadMessageReceived(message.type());
+ if (!message_was_ok) {
+ UserMetrics::RecordAction(UserMetricsAction("BadMessageTerminate_BMF"));
+ BadMessageReceived();
+ }
return rv;
}
-void BrowserMessageFilter::BadMessageReceived(uint32 msg_type) {
- BrowserRenderProcessHost::BadMessageTerminateProcess(msg_type, peer_handle());
+void BrowserMessageFilter::BadMessageReceived() {
+ base::KillProcess(peer_handle(), ResultCodes::KILLED_BAD_MESSAGE, false);
}
diff --git a/chrome/browser/browser_message_filter.h b/chrome/browser/browser_message_filter.h
index ccde82d..19f5c7d 100644
--- a/chrome/browser/browser_message_filter.h
+++ b/chrome/browser/browser_message_filter.h
@@ -51,7 +51,7 @@ class BrowserMessageFilter : public IPC::ChannelProxy::MessageFilter,
protected:
// Call this if a message couldn't be deserialized. This kills the renderer.
// Can be called on any thread.
- void BadMessageReceived(uint32 msg_type);
+ virtual void BadMessageReceived();
private:
// Dispatches a message to the derived class.
diff --git a/chrome/browser/extensions/extension_function_dispatcher.cc b/chrome/browser/extensions/extension_function_dispatcher.cc
index cd6714e..07140c5 100644
--- a/chrome/browser/extensions/extension_function_dispatcher.cc
+++ b/chrome/browser/extensions/extension_function_dispatcher.cc
@@ -51,6 +51,7 @@
#include "chrome/browser/extensions/extension_webstore_private_api.h"
#include "chrome/browser/extensions/extensions_quota_service.h"
#include "chrome/browser/extensions/extension_service.h"
+#include "chrome/browser/metrics/user_metrics.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/renderer_host/render_process_host.h"
#include "chrome/browser/renderer_host/render_view_host.h"
@@ -494,6 +495,7 @@ void ExtensionFunctionDispatcher::HandleBadMessage(ExtensionFunction* api) {
CHECK(false);
} else {
NOTREACHED();
+ UserMetrics::RecordAction(UserMetricsAction("BadMessageTerminate_EFD"));
base::KillProcess(render_view_host_->process()->GetHandle(),
ResultCodes::KILLED_BAD_MESSAGE, false);
}
diff --git a/chrome/browser/in_process_webkit/dom_storage_message_filter.cc b/chrome/browser/in_process_webkit/dom_storage_message_filter.cc
index f98fc74..8b91c4c 100644
--- a/chrome/browser/in_process_webkit/dom_storage_message_filter.cc
+++ b/chrome/browser/in_process_webkit/dom_storage_message_filter.cc
@@ -9,6 +9,7 @@
#include "chrome/browser/in_process_webkit/dom_storage_area.h"
#include "chrome/browser/in_process_webkit/dom_storage_context.h"
#include "chrome/browser/in_process_webkit/dom_storage_namespace.h"
+#include "chrome/browser/metrics/user_metrics.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/renderer_host/browser_render_process_host.h"
#include "chrome/browser/renderer_host/render_view_host_notification_task.h"
@@ -101,6 +102,11 @@ bool DOMStorageMessageFilter::OnMessageReceived(const IPC::Message& message,
return handled;
}
+void DOMStorageMessageFilter::BadMessageReceived() {
+ UserMetrics::RecordAction(UserMetricsAction("BadMessageTerminate_DSMF"));
+ BrowserMessageFilter::BadMessageReceived();
+}
+
void DOMStorageMessageFilter::OverrideThreadForMessage(
const IPC::Message& message,
BrowserThread::ID* thread) {
@@ -112,11 +118,11 @@ void DOMStorageMessageFilter::OnStorageAreaId(int64 namespace_id,
const string16& origin,
int64* storage_area_id) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
-
+
DOMStorageNamespace* storage_namespace =
Context()->GetStorageNamespace(namespace_id, true);
if (!storage_namespace) {
- BadMessageReceived(DOMStorageHostMsg_StorageAreaId::ID);
+ BadMessageReceived();
return;
}
DOMStorageArea* storage_area = storage_namespace->GetStorageArea(
@@ -129,7 +135,7 @@ void DOMStorageMessageFilter::OnLength(int64 storage_area_id,
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
DOMStorageArea* storage_area = Context()->GetStorageArea(storage_area_id);
if (!storage_area) {
- BadMessageReceived(DOMStorageHostMsg_Length::ID);
+ BadMessageReceived();
return;
}
*length = storage_area->Length();
@@ -140,7 +146,7 @@ void DOMStorageMessageFilter::OnKey(int64 storage_area_id, unsigned index,
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
DOMStorageArea* storage_area = Context()->GetStorageArea(storage_area_id);
if (!storage_area) {
- BadMessageReceived(DOMStorageHostMsg_Key::ID);
+ BadMessageReceived();
return;
}
*key = storage_area->Key(index);
@@ -152,7 +158,7 @@ void DOMStorageMessageFilter::OnGetItem(int64 storage_area_id,
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
DOMStorageArea* storage_area = Context()->GetStorageArea(storage_area_id);
if (!storage_area) {
- BadMessageReceived(DOMStorageHostMsg_GetItem::ID);
+ BadMessageReceived();
return;
}
*value = storage_area->GetItem(key);
@@ -165,7 +171,7 @@ void DOMStorageMessageFilter::OnSetItem(
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
DOMStorageArea* storage_area = Context()->GetStorageArea(storage_area_id);
if (!storage_area) {
- BadMessageReceived(DOMStorageHostMsg_SetItem::ID);
+ BadMessageReceived();
return;
}
@@ -190,7 +196,7 @@ void DOMStorageMessageFilter::OnRemoveItem(
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
DOMStorageArea* storage_area = Context()->GetStorageArea(storage_area_id);
if (!storage_area) {
- BadMessageReceived(DOMStorageHostMsg_RemoveItem::ID);
+ BadMessageReceived();
return;
}
@@ -203,7 +209,7 @@ void DOMStorageMessageFilter::OnClear(int64 storage_area_id, const GURL& url,
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
DOMStorageArea* storage_area = Context()->GetStorageArea(storage_area_id);
if (!storage_area) {
- BadMessageReceived(DOMStorageHostMsg_Clear::ID);
+ BadMessageReceived();
return;
}
diff --git a/chrome/browser/in_process_webkit/dom_storage_message_filter.h b/chrome/browser/in_process_webkit/dom_storage_message_filter.h
index eea02d0..bf56c04 100644
--- a/chrome/browser/in_process_webkit/dom_storage_message_filter.h
+++ b/chrome/browser/in_process_webkit/dom_storage_message_filter.h
@@ -45,6 +45,9 @@ class DOMStorageMessageFilter : public BrowserMessageFilter {
friend class base::RefCountedThreadSafe<DOMStorageMessageFilter>;
~DOMStorageMessageFilter();
+ // BrowserMessageFilter override.
+ virtual void BadMessageReceived();
+
// Message Handlers.
void OnStorageAreaId(int64 namespace_id, const string16& origin,
int64* storage_area_id);
diff --git a/chrome/browser/in_process_webkit/indexed_db_dispatcher_host.cc b/chrome/browser/in_process_webkit/indexed_db_dispatcher_host.cc
index 6fb7d82..1463ab5 100644
--- a/chrome/browser/in_process_webkit/indexed_db_dispatcher_host.cc
+++ b/chrome/browser/in_process_webkit/indexed_db_dispatcher_host.cc
@@ -9,12 +9,14 @@
#include "chrome/browser/browser_thread.h"
#include "chrome/browser/content_settings/host_content_settings_map.h"
#include "chrome/browser/in_process_webkit/indexed_db_callbacks.h"
+#include "chrome/browser/metrics/user_metrics.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/renderer_host/browser_render_process_host.h"
#include "chrome/browser/renderer_host/render_message_filter.h"
#include "chrome/browser/renderer_host/render_view_host_notification_task.h"
#include "chrome/common/chrome_switches.h"
#include "chrome/common/indexed_db_messages.h"
+#include "chrome/common/result_codes.h"
#include "googleurl/src/gurl.h"
#include "third_party/WebKit/WebKit/chromium/public/WebDOMStringList.h"
#include "third_party/WebKit/WebKit/chromium/public/WebIDBCursor.h"
@@ -208,22 +210,21 @@ void IndexedDBDispatcherHost::OnIDBFactoryOpen(
template <typename ObjectType>
ObjectType* IndexedDBDispatcherHost::GetOrTerminateProcess(
- IDMap<ObjectType, IDMapOwnPointer>* map, int32 return_object_id,
- uint32 message_type) {
+ IDMap<ObjectType, IDMapOwnPointer>* map, int32 return_object_id) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
ObjectType* return_object = map->Lookup(return_object_id);
- if (!return_object)
- BadMessageReceived(message_type);
+ if (!return_object) {
+ UserMetrics::RecordAction(UserMetricsAction("BadMessageTerminate_IDBMF"));
+ BadMessageReceived();
+ }
return return_object;
}
-template <typename ReplyType, typename MessageType,
- typename MapObjectType, typename Method>
+template <typename ReplyType, typename MapObjectType, typename Method>
void IndexedDBDispatcherHost::SyncGetter(
IDMap<MapObjectType, IDMapOwnPointer>* map, int32 object_id,
ReplyType* reply, Method method) {
- MapObjectType* object = GetOrTerminateProcess(map, object_id,
- MessageType::ID);
+ MapObjectType* object = GetOrTerminateProcess(map, object_id);
if (!object)
return;
@@ -232,9 +233,8 @@ void IndexedDBDispatcherHost::SyncGetter(
template <typename ObjectType>
void IndexedDBDispatcherHost::DestroyObject(
- IDMap<ObjectType, IDMapOwnPointer>* map, int32 object_id,
- uint32 message_type) {
- GetOrTerminateProcess(map, object_id, message_type);
+ IDMap<ObjectType, IDMapOwnPointer>* map, int32 object_id) {
+ GetOrTerminateProcess(map, object_id);
map->Remove(object_id);
}
@@ -280,20 +280,19 @@ void IndexedDBDispatcherHost::DatabaseDispatcherHost::Send(
void IndexedDBDispatcherHost::DatabaseDispatcherHost::OnName(
int32 object_id, string16* name) {
- parent_->SyncGetter<string16, IndexedDBHostMsg_DatabaseName>(
- &map_, object_id, name, &WebIDBDatabase::name);
+ parent_->SyncGetter<string16>(&map_, object_id, name, &WebIDBDatabase::name);
}
void IndexedDBDispatcherHost::DatabaseDispatcherHost::OnVersion(
int32 object_id, string16* version) {
- parent_->SyncGetter<string16, IndexedDBHostMsg_DatabaseVersion>(
+ parent_->SyncGetter<string16>(
&map_, object_id, version, &WebIDBDatabase::version);
}
void IndexedDBDispatcherHost::DatabaseDispatcherHost::OnObjectStoreNames(
int32 idb_database_id, std::vector<string16>* object_stores) {
WebIDBDatabase* idb_database = parent_->GetOrTerminateProcess(
- &map_, idb_database_id, IndexedDBHostMsg_DatabaseObjectStoreNames::ID);
+ &map_, idb_database_id);
if (!idb_database)
return;
@@ -308,11 +307,9 @@ void IndexedDBDispatcherHost::DatabaseDispatcherHost::OnCreateObjectStore(
int32* object_store_id, WebKit::WebExceptionCode* ec) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
WebIDBDatabase* idb_database = parent_->GetOrTerminateProcess(
- &map_, params.idb_database_id,
- IndexedDBHostMsg_DatabaseCreateObjectStore::ID);
+ &map_, params.idb_database_id);
WebIDBTransaction* idb_transaction = parent_->GetOrTerminateProcess(
- &parent_->transaction_dispatcher_host_->map_, params.transaction_id,
- IndexedDBHostMsg_DatabaseCreateObjectStore::ID);
+ &parent_->transaction_dispatcher_host_->map_, params.transaction_id);
if (!idb_database || !idb_transaction)
return;
@@ -330,10 +327,9 @@ void IndexedDBDispatcherHost::DatabaseDispatcherHost::OnDeleteObjectStore(
WebKit::WebExceptionCode* ec) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
WebIDBDatabase* idb_database = parent_->GetOrTerminateProcess(
- &map_, idb_database_id, IndexedDBHostMsg_DatabaseDeleteObjectStore::ID);
+ &map_, idb_database_id);
WebIDBTransaction* idb_transaction = parent_->GetOrTerminateProcess(
- &parent_->transaction_dispatcher_host_->map_, transaction_id,
- IndexedDBHostMsg_DatabaseDeleteObjectStore::ID);
+ &parent_->transaction_dispatcher_host_->map_, transaction_id);
if (!idb_database || !idb_transaction)
return;
@@ -348,7 +344,7 @@ void IndexedDBDispatcherHost::DatabaseDispatcherHost::OnSetVersion(
WebKit::WebExceptionCode* ec) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
WebIDBDatabase* idb_database = parent_->GetOrTerminateProcess(
- &map_, idb_database_id, IndexedDBHostMsg_DatabaseSetVersion::ID);
+ &map_, idb_database_id);
if (!idb_database)
return;
@@ -367,7 +363,7 @@ void IndexedDBDispatcherHost::DatabaseDispatcherHost::OnTransaction(
int32* idb_transaction_id,
WebKit::WebExceptionCode* ec) {
WebIDBDatabase* database = parent_->GetOrTerminateProcess(
- &map_, idb_database_id, IndexedDBHostMsg_DatabaseTransaction::ID);
+ &map_, idb_database_id);
if (!database)
return;
@@ -386,8 +382,7 @@ void IndexedDBDispatcherHost::DatabaseDispatcherHost::OnTransaction(
void IndexedDBDispatcherHost::DatabaseDispatcherHost::OnDestroyed(
int32 object_id) {
- parent_->DestroyObject(&map_, object_id,
- IndexedDBHostMsg_DatabaseDestroyed::ID);
+ parent_->DestroyObject(&map_, object_id);
}
@@ -431,26 +426,24 @@ void IndexedDBDispatcherHost::IndexDispatcherHost::Send(
void IndexedDBDispatcherHost::IndexDispatcherHost::OnName(
int32 object_id, string16* name) {
- parent_->SyncGetter<string16, IndexedDBHostMsg_IndexName>(
- &map_, object_id, name, &WebIDBIndex::name);
+ parent_->SyncGetter<string16>(&map_, object_id, name, &WebIDBIndex::name);
}
void IndexedDBDispatcherHost::IndexDispatcherHost::OnStoreName(
int32 object_id, string16* store_name) {
- parent_->SyncGetter<string16, IndexedDBHostMsg_IndexStoreName>(
+ parent_->SyncGetter<string16>(
&map_, object_id, store_name, &WebIDBIndex::storeName);
}
void IndexedDBDispatcherHost::IndexDispatcherHost::OnKeyPath(
int32 object_id, NullableString16* key_path) {
- parent_->SyncGetter<NullableString16, IndexedDBHostMsg_IndexKeyPath>(
+ parent_->SyncGetter<NullableString16>(
&map_, object_id, key_path, &WebIDBIndex::keyPath);
}
void IndexedDBDispatcherHost::IndexDispatcherHost::OnUnique(
int32 object_id, bool* unique) {
- parent_->SyncGetter<bool, IndexedDBHostMsg_IndexUnique>(
- &map_, object_id, unique, &WebIDBIndex::unique);
+ parent_->SyncGetter<bool>(&map_, object_id, unique, &WebIDBIndex::unique);
}
void IndexedDBDispatcherHost::IndexDispatcherHost::OnOpenObjectCursor(
@@ -458,10 +451,9 @@ void IndexedDBDispatcherHost::IndexDispatcherHost::OnOpenObjectCursor(
WebKit::WebExceptionCode* ec) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
WebIDBIndex* idb_index = parent_->GetOrTerminateProcess(
- &map_, params.idb_index_id, IndexedDBHostMsg_IndexOpenObjectCursor::ID);
+ &map_, params.idb_index_id);
WebIDBTransaction* idb_transaction = parent_->GetOrTerminateProcess(
- &parent_->transaction_dispatcher_host_->map_,
- params.transaction_id, IndexedDBHostMsg_IndexOpenObjectCursor::ID);
+ &parent_->transaction_dispatcher_host_->map_, params.transaction_id);
if (!idb_transaction || !idb_index)
return;
@@ -479,10 +471,9 @@ void IndexedDBDispatcherHost::IndexDispatcherHost::OnOpenKeyCursor(
WebKit::WebExceptionCode* ec) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
WebIDBIndex* idb_index = parent_->GetOrTerminateProcess(
- &map_, params.idb_index_id, IndexedDBHostMsg_IndexOpenKeyCursor::ID);
+ &map_, params.idb_index_id);
WebIDBTransaction* idb_transaction = parent_->GetOrTerminateProcess(
- &parent_->transaction_dispatcher_host_->map_, params.transaction_id,
- IndexedDBHostMsg_IndexOpenKeyCursor::ID);
+ &parent_->transaction_dispatcher_host_->map_, params.transaction_id);
if (!idb_transaction || !idb_index)
return;
@@ -503,10 +494,9 @@ void IndexedDBDispatcherHost::IndexDispatcherHost::OnGetObject(
WebKit::WebExceptionCode* ec) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
WebIDBIndex* idb_index = parent_->GetOrTerminateProcess(
- &map_, idb_index_id, IndexedDBHostMsg_IndexGetObject::ID);
+ &map_, idb_index_id);
WebIDBTransaction* idb_transaction = parent_->GetOrTerminateProcess(
- &parent_->transaction_dispatcher_host_->map_, transaction_id,
- IndexedDBHostMsg_IndexGetObject::ID);
+ &parent_->transaction_dispatcher_host_->map_, transaction_id);
if (!idb_transaction || !idb_index)
return;
@@ -524,10 +514,9 @@ void IndexedDBDispatcherHost::IndexDispatcherHost::OnGetKey(
WebKit::WebExceptionCode* ec) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
WebIDBIndex* idb_index = parent_->GetOrTerminateProcess(
- &map_, idb_index_id, IndexedDBHostMsg_IndexGetKey::ID);
+ &map_, idb_index_id);
WebIDBTransaction* idb_transaction = parent_->GetOrTerminateProcess(
- &parent_->transaction_dispatcher_host_->map_, transaction_id,
- IndexedDBHostMsg_IndexGetKey::ID);
+ &parent_->transaction_dispatcher_host_->map_, transaction_id);
if (!idb_transaction || !idb_index)
return;
@@ -539,7 +528,7 @@ void IndexedDBDispatcherHost::IndexDispatcherHost::OnGetKey(
void IndexedDBDispatcherHost::IndexDispatcherHost::OnDestroyed(
int32 object_id) {
- parent_->DestroyObject(&map_, object_id, IndexedDBHostMsg_IndexDestroyed::ID);
+ parent_->DestroyObject(&map_, object_id);
}
//////////////////////////////////////////////////////////////////////
@@ -584,20 +573,20 @@ void IndexedDBDispatcherHost::ObjectStoreDispatcherHost::Send(
void IndexedDBDispatcherHost::ObjectStoreDispatcherHost::OnName(
int32 object_id, string16* name) {
- parent_->SyncGetter<string16, IndexedDBHostMsg_ObjectStoreName>(
+ parent_->SyncGetter<string16>(
&map_, object_id, name, &WebIDBObjectStore::name);
}
void IndexedDBDispatcherHost::ObjectStoreDispatcherHost::OnKeyPath(
int32 object_id, NullableString16* keyPath) {
- parent_->SyncGetter<NullableString16, IndexedDBHostMsg_ObjectStoreKeyPath>(
+ parent_->SyncGetter<NullableString16>(
&map_, object_id, keyPath, &WebIDBObjectStore::keyPath);
}
void IndexedDBDispatcherHost::ObjectStoreDispatcherHost::OnIndexNames(
int32 idb_object_store_id, std::vector<string16>* index_names) {
WebIDBObjectStore* idb_object_store = parent_->GetOrTerminateProcess(
- &map_, idb_object_store_id, IndexedDBHostMsg_ObjectStoreIndexNames::ID);
+ &map_, idb_object_store_id);
if (!idb_object_store)
return;
@@ -615,10 +604,9 @@ void IndexedDBDispatcherHost::ObjectStoreDispatcherHost::OnGet(
WebKit::WebExceptionCode* ec) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
WebIDBObjectStore* idb_object_store = parent_->GetOrTerminateProcess(
- &map_, idb_object_store_id, IndexedDBHostMsg_ObjectStoreGet::ID);
+ &map_, idb_object_store_id);
WebIDBTransaction* idb_transaction = parent_->GetOrTerminateProcess(
- &parent_->transaction_dispatcher_host_->map_, transaction_id,
- IndexedDBHostMsg_ObjectStoreGet::ID);
+ &parent_->transaction_dispatcher_host_->map_, transaction_id);
if (!idb_transaction || !idb_object_store)
return;
@@ -633,10 +621,9 @@ void IndexedDBDispatcherHost::ObjectStoreDispatcherHost::OnPut(
WebKit::WebExceptionCode* ec) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
WebIDBObjectStore* idb_object_store = parent_->GetOrTerminateProcess(
- &map_, params.idb_object_store_id, IndexedDBHostMsg_ObjectStorePut::ID);
+ &map_, params.idb_object_store_id);
WebIDBTransaction* idb_transaction = parent_->GetOrTerminateProcess(
- &parent_->transaction_dispatcher_host_->map_, params.transaction_id,
- IndexedDBHostMsg_ObjectStorePut::ID);
+ &parent_->transaction_dispatcher_host_->map_, params.transaction_id);
if (!idb_transaction || !idb_object_store)
return;
@@ -655,10 +642,9 @@ void IndexedDBDispatcherHost::ObjectStoreDispatcherHost::OnDelete(
WebKit::WebExceptionCode* ec) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
WebIDBObjectStore* idb_object_store = parent_->GetOrTerminateProcess(
- &map_, idb_object_store_id, IndexedDBHostMsg_ObjectStoreDelete::ID);
+ &map_, idb_object_store_id);
WebIDBTransaction* idb_transaction = parent_->GetOrTerminateProcess(
- &parent_->transaction_dispatcher_host_->map_, transaction_id,
- IndexedDBHostMsg_ObjectStoreDelete::ID);
+ &parent_->transaction_dispatcher_host_->map_, transaction_id);
if (!idb_transaction || !idb_object_store)
return;
@@ -674,11 +660,9 @@ void IndexedDBDispatcherHost::ObjectStoreDispatcherHost::OnCreateIndex(
int32* index_id, WebKit::WebExceptionCode* ec) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
WebIDBObjectStore* idb_object_store = parent_->GetOrTerminateProcess(
- &map_, params.idb_object_store_id,
- IndexedDBHostMsg_ObjectStoreCreateIndex::ID);
+ &map_, params.idb_object_store_id);
WebIDBTransaction* idb_transaction = parent_->GetOrTerminateProcess(
- &parent_->transaction_dispatcher_host_->map_, params.transaction_id,
- IndexedDBHostMsg_ObjectStoreCreateIndex::ID);
+ &parent_->transaction_dispatcher_host_->map_, params.transaction_id);
if (!idb_object_store || !idb_transaction)
return;
@@ -694,7 +678,7 @@ void IndexedDBDispatcherHost::ObjectStoreDispatcherHost::OnIndex(
int32* idb_index_id,
WebKit::WebExceptionCode* ec) {
WebIDBObjectStore* idb_object_store = parent_->GetOrTerminateProcess(
- &map_, idb_object_store_id, IndexedDBHostMsg_ObjectStoreIndex::ID);
+ &map_, idb_object_store_id);
if (!idb_object_store)
return;
@@ -710,10 +694,9 @@ void IndexedDBDispatcherHost::ObjectStoreDispatcherHost::OnDeleteIndex(
WebKit::WebExceptionCode* ec) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
WebIDBObjectStore* idb_object_store = parent_->GetOrTerminateProcess(
- &map_, idb_object_store_id, IndexedDBHostMsg_ObjectStoreDeleteIndex::ID);
+ &map_, idb_object_store_id);
WebIDBTransaction* idb_transaction = parent_->GetOrTerminateProcess(
- &parent_->transaction_dispatcher_host_->map_, transaction_id,
- IndexedDBHostMsg_ObjectStoreDeleteIndex::ID);
+ &parent_->transaction_dispatcher_host_->map_, transaction_id);
if (!idb_object_store || !idb_transaction)
return;
@@ -727,10 +710,9 @@ void IndexedDBDispatcherHost::ObjectStoreDispatcherHost::OnOpenCursor(
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
WebIDBObjectStore* idb_object_store = parent_->GetOrTerminateProcess(
&parent_->object_store_dispatcher_host_->map_,
- params.idb_object_store_id, IndexedDBHostMsg_ObjectStoreOpenCursor::ID);
+ params.idb_object_store_id);
WebIDBTransaction* idb_transaction = parent_->GetOrTerminateProcess(
- &parent_->transaction_dispatcher_host_->map_, params.transaction_id,
- IndexedDBHostMsg_ObjectStoreOpenCursor::ID);
+ &parent_->transaction_dispatcher_host_->map_, params.transaction_id);
if (!idb_transaction || !idb_object_store)
return;
@@ -745,8 +727,7 @@ void IndexedDBDispatcherHost::ObjectStoreDispatcherHost::OnOpenCursor(
void IndexedDBDispatcherHost::ObjectStoreDispatcherHost::OnDestroyed(
int32 object_id) {
- parent_->DestroyObject(
- &map_, object_id, IndexedDBHostMsg_ObjectStoreDestroyed::ID);
+ parent_->DestroyObject(&map_, object_id);
}
//////////////////////////////////////////////////////////////////////
@@ -787,8 +768,7 @@ void IndexedDBDispatcherHost::CursorDispatcherHost::Send(
void IndexedDBDispatcherHost::CursorDispatcherHost::OnDirection(
int32 object_id, int32* direction) {
- WebIDBCursor* idb_cursor = parent_->GetOrTerminateProcess(
- &map_, object_id, IndexedDBHostMsg_CursorDirection::ID);
+ WebIDBCursor* idb_cursor = parent_->GetOrTerminateProcess(&map_, object_id);
if (!idb_cursor)
return;
@@ -797,8 +777,7 @@ void IndexedDBDispatcherHost::CursorDispatcherHost::OnDirection(
void IndexedDBDispatcherHost::CursorDispatcherHost::OnKey(
int32 object_id, IndexedDBKey* key) {
- WebIDBCursor* idb_cursor = parent_->GetOrTerminateProcess(
- &map_, object_id, IndexedDBHostMsg_CursorKey::ID);
+ WebIDBCursor* idb_cursor = parent_->GetOrTerminateProcess(&map_, object_id);
if (!idb_cursor)
return;
@@ -809,8 +788,7 @@ void IndexedDBDispatcherHost::CursorDispatcherHost::OnValue(
int32 object_id,
SerializedScriptValue* script_value,
IndexedDBKey* key) {
- WebIDBCursor* idb_cursor = parent_->GetOrTerminateProcess(
- &map_, object_id, IndexedDBHostMsg_CursorValue::ID);
+ WebIDBCursor* idb_cursor = parent_->GetOrTerminateProcess(&map_, object_id);
if (!idb_cursor)
return;
@@ -828,8 +806,7 @@ void IndexedDBDispatcherHost::CursorDispatcherHost::OnUpdate(
const SerializedScriptValue& value,
WebKit::WebExceptionCode* ec) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
- WebIDBCursor* idb_cursor = parent_->GetOrTerminateProcess(
- &map_, cursor_id, IndexedDBHostMsg_CursorUpdate::ID);
+ WebIDBCursor* idb_cursor = parent_->GetOrTerminateProcess(&map_, cursor_id);
if (!idb_cursor)
return;
@@ -844,8 +821,7 @@ void IndexedDBDispatcherHost::CursorDispatcherHost::OnContinue(
const IndexedDBKey& key,
WebKit::WebExceptionCode* ec) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
- WebIDBCursor* idb_cursor = parent_->GetOrTerminateProcess(
- &map_, cursor_id, IndexedDBHostMsg_CursorContinue::ID);
+ WebIDBCursor* idb_cursor = parent_->GetOrTerminateProcess(&map_, cursor_id);
if (!idb_cursor)
return;
@@ -859,8 +835,7 @@ void IndexedDBDispatcherHost::CursorDispatcherHost::OnDelete(
int32 response_id,
WebKit::WebExceptionCode* ec) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
- WebIDBCursor* idb_cursor = parent_->GetOrTerminateProcess(
- &map_, cursor_id, IndexedDBHostMsg_CursorUpdate::ID);
+ WebIDBCursor* idb_cursor = parent_->GetOrTerminateProcess(&map_, cursor_id);
if (!idb_cursor)
return;
@@ -871,8 +846,7 @@ void IndexedDBDispatcherHost::CursorDispatcherHost::OnDelete(
void IndexedDBDispatcherHost::CursorDispatcherHost::OnDestroyed(
int32 object_id) {
- parent_->DestroyObject(
- &map_, object_id, IndexedDBHostMsg_CursorDestroyed::ID);
+ parent_->DestroyObject(&map_, object_id);
}
//////////////////////////////////////////////////////////////////////
@@ -918,7 +892,7 @@ void IndexedDBDispatcherHost::TransactionDispatcherHost::Send(
void IndexedDBDispatcherHost::TransactionDispatcherHost::OnAbort(
int32 transaction_id) {
WebIDBTransaction* idb_transaction = parent_->GetOrTerminateProcess(
- &map_, transaction_id, IndexedDBHostMsg_TransactionAbort::ID);
+ &map_, transaction_id);
if (!idb_transaction)
return;
@@ -929,7 +903,7 @@ void IndexedDBDispatcherHost::TransactionDispatcherHost::OnMode(
int32 transaction_id,
int* mode) {
WebIDBTransaction* idb_transaction = parent_->GetOrTerminateProcess(
- &map_, transaction_id, IndexedDBHostMsg_TransactionMode::ID);
+ &map_, transaction_id);
if (!idb_transaction)
return;
@@ -940,7 +914,7 @@ void IndexedDBDispatcherHost::TransactionDispatcherHost::OnObjectStore(
int32 transaction_id, const string16& name, int32* object_store_id,
WebKit::WebExceptionCode* ec) {
WebIDBTransaction* idb_transaction = parent_->GetOrTerminateProcess(
- &map_, transaction_id, IndexedDBHostMsg_TransactionObjectStore::ID);
+ &map_, transaction_id);
if (!idb_transaction)
return;
@@ -953,8 +927,7 @@ void IndexedDBDispatcherHost::
TransactionDispatcherHost::OnDidCompleteTaskEvents(int transaction_id) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT));
WebIDBTransaction* idb_transaction = parent_->GetOrTerminateProcess(
- &map_, transaction_id,
- IndexedDBHostMsg_TransactionDidCompleteTaskEvents::ID);
+ &map_, transaction_id);
if (!idb_transaction)
return;
@@ -963,6 +936,5 @@ void IndexedDBDispatcherHost::
void IndexedDBDispatcherHost::TransactionDispatcherHost::OnDestroyed(
int32 object_id) {
- parent_->DestroyObject(
- &map_, object_id, IndexedDBHostMsg_TransactionDestroyed::ID);
+ parent_->DestroyObject(&map_, object_id);
}
diff --git a/chrome/browser/in_process_webkit/indexed_db_dispatcher_host.h b/chrome/browser/in_process_webkit/indexed_db_dispatcher_host.h
index db68ed7..ff21529 100644
--- a/chrome/browser/in_process_webkit/indexed_db_dispatcher_host.h
+++ b/chrome/browser/in_process_webkit/indexed_db_dispatcher_host.h
@@ -68,17 +68,14 @@ class IndexedDBDispatcherHost : public BrowserMessageFilter {
// Helper templates.
template <class ReturnType>
ReturnType* GetOrTerminateProcess(
- IDMap<ReturnType, IDMapOwnPointer>* map, int32 return_object_id,
- uint32 message_type);
+ IDMap<ReturnType, IDMapOwnPointer>* map, int32 return_object_id);
- template <typename ReplyType, typename MessageType,
- typename WebObjectType, typename Method>
+ template <typename ReplyType, typename WebObjectType, typename Method>
void SyncGetter(IDMap<WebObjectType, IDMapOwnPointer>* map, int32 object_id,
ReplyType* reply, Method method);
template <typename ObjectType>
- void DestroyObject(IDMap<ObjectType, IDMapOwnPointer>* map, int32 object_id,
- uint32 message_type);
+ void DestroyObject(IDMap<ObjectType, IDMapOwnPointer>* map, int32 object_id);
class DatabaseDispatcherHost {
public:
diff --git a/chrome/browser/renderer_host/browser_render_process_host.cc b/chrome/browser/renderer_host/browser_render_process_host.cc
index ddf115c..66968b7 100644
--- a/chrome/browser/renderer_host/browser_render_process_host.cc
+++ b/chrome/browser/renderer_host/browser_render_process_host.cc
@@ -44,6 +44,7 @@
#include "chrome/browser/in_process_webkit/dom_storage_message_filter.h"
#include "chrome/browser/in_process_webkit/indexed_db_dispatcher_host.h"
#include "chrome/browser/io_thread.h"
+#include "chrome/browser/metrics/user_metrics.h"
#include "chrome/browser/mime_registry_message_filter.h"
#include "chrome/browser/platform_util.h"
#include "chrome/browser/plugin_service.h"
@@ -500,8 +501,14 @@ bool BrowserRenderProcessHost::WaitForUpdateMsg(
return widget_helper_->WaitForUpdateMsg(render_widget_id, max_delay, msg);
}
-void BrowserRenderProcessHost::ReceivedBadMessage(uint32 msg_type) {
- BadMessageTerminateProcess(msg_type, GetHandle());
+void BrowserRenderProcessHost::ReceivedBadMessage() {
+ if (run_renderer_in_process()) {
+ // In single process mode it is better if we don't suicide but just
+ // crash.
+ CHECK(false);
+ }
+ NOTREACHED();
+ base::KillProcess(GetHandle(), ResultCodes::KILLED_BAD_MESSAGE, false);
}
void BrowserRenderProcessHost::ViewCreated() {
@@ -1007,7 +1014,9 @@ void BrowserRenderProcessHost::OnMessageReceived(const IPC::Message& msg) {
if (!msg_is_ok) {
// The message had a handler, but its de-serialization failed.
// We consider this a capital crime. Kill the renderer if we have one.
- ReceivedBadMessage(msg.type());
+ LOG(ERROR) << "bad message " << msg.type() << " terminating renderer.";
+ UserMetrics::RecordAction(UserMetricsAction("BadMessageTerminate_BRPH"));
+ ReceivedBadMessage();
}
return;
}
@@ -1034,18 +1043,6 @@ void BrowserRenderProcessHost::OnChannelConnected(int32 peer_pid) {
#endif
}
-// Static. This function can be called from any thread.
-void BrowserRenderProcessHost::BadMessageTerminateProcess(
- uint32 msg_type, base::ProcessHandle process) {
- LOG(ERROR) << "bad message " << msg_type << " terminating renderer.";
- if (run_renderer_in_process()) {
- // In single process mode it is better if we don't suicide but just crash.
- CHECK(false);
- }
- NOTREACHED();
- base::KillProcess(process, ResultCodes::KILLED_BAD_MESSAGE, false);
-}
-
void BrowserRenderProcessHost::OnChannelError() {
// Our child process has died. If we didn't expect it, it's a crash.
// In any case, we need to let everyone know it's gone.
diff --git a/chrome/browser/renderer_host/browser_render_process_host.h b/chrome/browser/renderer_host/browser_render_process_host.h
index 469fd12..3b28e6b 100644
--- a/chrome/browser/renderer_host/browser_render_process_host.h
+++ b/chrome/browser/renderer_host/browser_render_process_host.h
@@ -69,7 +69,7 @@ class BrowserRenderProcessHost : public RenderProcessHost,
virtual bool WaitForUpdateMsg(int render_widget_id,
const base::TimeDelta& max_delay,
IPC::Message* msg);
- virtual void ReceivedBadMessage(uint32 msg_type);
+ virtual void ReceivedBadMessage();
virtual void WidgetRestored();
virtual void WidgetHidden();
virtual void ViewCreated();
@@ -89,12 +89,6 @@ class BrowserRenderProcessHost : public RenderProcessHost,
virtual void OnChannelConnected(int32 peer_pid);
virtual void OnChannelError();
- // If the a process has sent a message that cannot be decoded, it is deemed
- // corrupted and thus needs to be terminated using this call. This function
- // can be safely called from any thread.
- static void BadMessageTerminateProcess(uint32 msg_type,
- base::ProcessHandle renderer);
-
// NotificationObserver implementation.
virtual void Observe(NotificationType type,
const NotificationSource& source,
diff --git a/chrome/browser/renderer_host/database_message_filter.cc b/chrome/browser/renderer_host/database_message_filter.cc
index a134bb2..b8258f97 100644
--- a/chrome/browser/renderer_host/database_message_filter.cc
+++ b/chrome/browser/renderer_host/database_message_filter.cc
@@ -9,8 +9,10 @@
#include "base/string_util.h"
#include "base/thread.h"
#include "chrome/browser/content_settings/host_content_settings_map.h"
+#include "chrome/browser/metrics/user_metrics.h"
#include "chrome/browser/net/chrome_url_request_context.h"
#include "chrome/common/database_messages.h"
+#include "chrome/common/result_codes.h"
#include "googleurl/src/gurl.h"
#include "third_party/sqlite/sqlite3.h"
#include "third_party/WebKit/WebKit/chromium/public/WebSecurityOrigin.h"
@@ -257,7 +259,8 @@ void DatabaseMessageFilter::OnDatabaseModified(
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE));
if (!database_connections_.IsDatabaseOpened(
origin_identifier, database_name)) {
- BadMessageReceived(DatabaseHostMsg_Modified::ID);
+ UserMetrics::RecordAction(UserMetricsAction("BadMessageTerminate_DBMF"));
+ BadMessageReceived();
return;
}
@@ -269,7 +272,8 @@ void DatabaseMessageFilter::OnDatabaseClosed(const string16& origin_identifier,
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE));
if (!database_connections_.IsDatabaseOpened(
origin_identifier, database_name)) {
- BadMessageReceived(DatabaseHostMsg_Closed::ID);
+ UserMetrics::RecordAction(UserMetricsAction("BadMessageTerminate_DBMF"));
+ BadMessageReceived();
return;
}
diff --git a/chrome/browser/renderer_host/mock_render_process_host.cc b/chrome/browser/renderer_host/mock_render_process_host.cc
index a2ccfa0..bd4d675 100644
--- a/chrome/browser/renderer_host/mock_render_process_host.cc
+++ b/chrome/browser/renderer_host/mock_render_process_host.cc
@@ -46,7 +46,7 @@ bool MockRenderProcessHost::WaitForUpdateMsg(int render_widget_id,
return false;
}
-void MockRenderProcessHost::ReceivedBadMessage(uint32 msg_type) {
+void MockRenderProcessHost::ReceivedBadMessage() {
++bad_msg_count_;
}
diff --git a/chrome/browser/renderer_host/mock_render_process_host.h b/chrome/browser/renderer_host/mock_render_process_host.h
index 232725b..0d8bfa6 100644
--- a/chrome/browser/renderer_host/mock_render_process_host.h
+++ b/chrome/browser/renderer_host/mock_render_process_host.h
@@ -40,7 +40,7 @@ class MockRenderProcessHost : public RenderProcessHost {
virtual bool WaitForUpdateMsg(int render_widget_id,
const base::TimeDelta& max_delay,
IPC::Message* msg);
- virtual void ReceivedBadMessage(uint32 msg_type);
+ virtual void ReceivedBadMessage();
virtual void WidgetRestored();
virtual void WidgetHidden();
virtual void ViewCreated();
diff --git a/chrome/browser/renderer_host/render_message_filter.cc b/chrome/browser/renderer_host/render_message_filter.cc
index 2bda4a6..b5adbaa 100644
--- a/chrome/browser/renderer_host/render_message_filter.cc
+++ b/chrome/browser/renderer_host/render_message_filter.cc
@@ -26,6 +26,7 @@
#include "chrome/browser/gpu_process_host.h"
#include "chrome/browser/host_zoom_map.h"
#include "chrome/browser/metrics/histogram_synchronizer.h"
+#include "chrome/browser/metrics/user_metrics.h"
#include "chrome/browser/nacl_host/nacl_process_host.h"
#include "chrome/browser/net/chrome_url_request_context.h"
#include "chrome/browser/net/predictor_api.h"
@@ -1463,7 +1464,8 @@ void RenderMessageFilter::OnAsyncOpenFile(const IPC::Message& msg,
if (!ChildProcessSecurityPolicy::GetInstance()->HasPermissionsForFile(
render_process_id_, path, flags)) {
DLOG(ERROR) << "Bad flags in ViewMsgHost_AsyncOpenFile message: " << flags;
- BadMessageReceived(ViewHostMsg_AsyncOpenFile::ID);
+ UserMetrics::RecordAction(UserMetricsAction("BadMessageTerminate_AOF"));
+ BadMessageReceived();
return;
}
diff --git a/chrome/browser/renderer_host/render_process_host.h b/chrome/browser/renderer_host/render_process_host.h
index c9a8abc..1e8523b 100644
--- a/chrome/browser/renderer_host/render_process_host.h
+++ b/chrome/browser/renderer_host/render_process_host.h
@@ -178,7 +178,7 @@ class RenderProcessHost : public IPC::Channel::Sender,
IPC::Message* msg) = 0;
// Called when a received message cannot be decoded.
- virtual void ReceivedBadMessage(uint32 msg_type) = 0;
+ virtual void ReceivedBadMessage() = 0;
// Track the count of visible widgets. Called by listeners to register and
// unregister visibility.
diff --git a/chrome/browser/renderer_host/render_view_host.cc b/chrome/browser/renderer_host/render_view_host.cc
index 5833296..df012bf 100644
--- a/chrome/browser/renderer_host/render_view_host.cc
+++ b/chrome/browser/renderer_host/render_view_host.cc
@@ -25,6 +25,7 @@
#include "chrome/browser/dom_operation_notification_details.h"
#include "chrome/browser/extensions/extension_message_service.h"
#include "chrome/browser/in_process_webkit/session_storage_namespace.h"
+#include "chrome/browser/metrics/user_metrics.h"
#include "chrome/browser/net/predictor_api.h"
#include "chrome/browser/notifications/desktop_notification_service.h"
#include "chrome/browser/printing/printer_query.h"
@@ -922,7 +923,8 @@ void RenderViewHost::OnMessageReceived(const IPC::Message& msg) {
if (!msg_is_ok) {
// The message had a handler, but its de-serialization failed.
// Kill the renderer.
- process()->ReceivedBadMessage(msg.type());
+ UserMetrics::RecordAction(UserMetricsAction("BadMessageTerminate_RVH"));
+ process()->ReceivedBadMessage();
}
}
diff --git a/chrome/browser/renderer_host/render_widget_host.cc b/chrome/browser/renderer_host/render_widget_host.cc
index f530697..3c319e0 100644
--- a/chrome/browser/renderer_host/render_widget_host.cc
+++ b/chrome/browser/renderer_host/render_widget_host.cc
@@ -10,6 +10,7 @@
#include "base/message_loop.h"
#include "base/metrics/histogram.h"
#include "chrome/browser/accessibility/browser_accessibility_state.h"
+#include "chrome/browser/metrics/user_metrics.h"
#include "chrome/browser/renderer_host/backing_store.h"
#include "chrome/browser/renderer_host/backing_store_manager.h"
#include "chrome/browser/renderer_host/render_process_host.h"
@@ -17,6 +18,7 @@
#include "chrome/browser/renderer_host/render_widget_host_painting_observer.h"
#include "chrome/browser/renderer_host/render_widget_host_view.h"
#include "chrome/common/chrome_switches.h"
+#include "chrome/common/result_codes.h"
#include "chrome/common/native_web_keyboard_event.h"
#include "chrome/common/notification_service.h"
#include "chrome/common/render_messages.h"
@@ -195,7 +197,8 @@ void RenderWidgetHost::OnMessageReceived(const IPC::Message &msg) {
if (!msg_is_ok) {
// The message de-serialization failed. Kill the renderer process.
- process()->ReceivedBadMessage(msg.type());
+ UserMetrics::RecordAction(UserMetricsAction("BadMessageTerminate_RWH"));
+ process()->ReceivedBadMessage();
}
}
@@ -850,7 +853,9 @@ void RenderWidgetHost::OnMsgUpdateRect(
if (dib) {
if (dib->size() < size) {
DLOG(WARNING) << "Transport DIB too small for given rectangle";
- process()->ReceivedBadMessage(ViewHostMsg_UpdateRect::ID);
+ UserMetrics::RecordAction(UserMetricsAction(
+ "BadMessageTerminate_RWH1"));
+ process()->ReceivedBadMessage();
} else {
// Scroll the backing store.
if (!params.scroll_rect.IsEmpty()) {
@@ -924,7 +929,8 @@ void RenderWidgetHost::OnMsgInputEventAck(const IPC::Message& message) {
void* iter = NULL;
int type = 0;
if (!message.ReadInt(&iter, &type) || (type < WebInputEvent::Undefined)) {
- process()->ReceivedBadMessage(message.type());
+ UserMetrics::RecordAction(UserMetricsAction("BadMessageTerminate_RWH2"));
+ process()->ReceivedBadMessage();
} else if (type == WebInputEvent::MouseMove) {
mouse_move_pending_ = false;
@@ -937,8 +943,10 @@ void RenderWidgetHost::OnMsgInputEventAck(const IPC::Message& message) {
ProcessWheelAck();
} else if (WebInputEvent::isKeyboardEventType(type)) {
bool processed = false;
- if (!message.ReadBool(&iter, &processed))
- process()->ReceivedBadMessage(message.type());
+ if (!message.ReadBool(&iter, &processed)) {
+ UserMetrics::RecordAction(UserMetricsAction("BadMessageTerminate_RWH3"));
+ process()->ReceivedBadMessage();
+ }
ProcessKeyboardEventAck(type, processed);
}
@@ -958,12 +966,14 @@ void RenderWidgetHost::ProcessWheelAck() {
void RenderWidgetHost::OnMsgFocus() {
// Only RenderViewHost can deal with that message.
- process()->ReceivedBadMessage(ViewHostMsg_Focus::ID);
+ UserMetrics::RecordAction(UserMetricsAction("BadMessageTerminate_RWH4"));
+ process()->ReceivedBadMessage();
}
void RenderWidgetHost::OnMsgBlur() {
// Only RenderViewHost can deal with that message.
- process()->ReceivedBadMessage(ViewHostMsg_Blur::ID);
+ UserMetrics::RecordAction(UserMetricsAction("BadMessageTerminate_RWH5"));
+ process()->ReceivedBadMessage();
}
void RenderWidgetHost::OnMsgSetCursor(const WebCursor& cursor) {
diff --git a/chrome/browser/worker_host/worker_process_host.cc b/chrome/browser/worker_host/worker_process_host.cc
index cc3e9e2..6167132 100644
--- a/chrome/browser/worker_host/worker_process_host.cc
+++ b/chrome/browser/worker_host/worker_process_host.cc
@@ -17,6 +17,7 @@
#include "chrome/browser/child_process_security_policy.h"
#include "chrome/browser/content_settings/host_content_settings_map.h"
#include "chrome/browser/file_system/file_system_dispatcher_host.h"
+#include "chrome/browser/metrics/user_metrics.h"
#include "chrome/browser/mime_registry_message_filter.h"
#include "chrome/browser/net/chrome_url_request_context.h"
#include "chrome/browser/renderer_host/blob_message_filter.h"
@@ -287,6 +288,7 @@ void WorkerProcessHost::OnMessageReceived(const IPC::Message& message) {
if (!msg_is_ok) {
NOTREACHED();
+ UserMetrics::RecordAction(UserMetricsAction("BadMessageTerminate_WPH"));
base::KillProcess(handle(), ResultCodes::KILLED_BAD_MESSAGE, false);
}
diff --git a/chrome/tools/chromeactions.txt b/chrome/tools/chromeactions.txt
index 18d9212..5199d59 100644
--- a/chrome/tools/chromeactions.txt
+++ b/chrome/tools/chromeactions.txt
@@ -71,6 +71,21 @@
0xd31dee084a5166e5 BackMenu_Popup
0x478e9b82a50ffea5 BackMenu_ShowFullHistory
0x048733a8c6205d00 BackgroundImageCache
+0x554b7c860c749c2f BadMessageTerminate_ACDH
+0x878b28b309d1205e BadMessageTerminate_AOF
+0xec6518c4af50b7ac BadMessageTerminate_BMF
+0x5a858938e484c903 BadMessageTerminate_BRPH
+0x6f41bf748eb54008 BadMessageTerminate_DBMF
+0xd910b7f4e1b53c11 BadMessageTerminate_DSMF
+0x6ebaa5e3651107fa BadMessageTerminate_EFD
+0xbecb3852be04c506 BadMessageTerminate_IDBMF
+0xf845124429e7aa80 BadMessageTerminate_RVH
+0xcb59a352ad13dc91 BadMessageTerminate_RWH
+0x1b40d08165319763 BadMessageTerminate_RWH2
+0xb4074307cbcb96bd BadMessageTerminate_RWH3
+0xa00e08812a4284c2 BadMessageTerminate_RWH4
+0xefc9deffa33ee67d BadMessageTerminate_RWH5
+0xc4874f0e8e8b60aa BadMessageTerminate_WPH
0x1d145f0af708242c BlockNonsandboxedPlugins_Disable
0xd80cc9291c9c82a9 BlockNonsandboxedPlugins_Enable
0x114c3050111d8b8d Bold
@@ -118,6 +133,7 @@
0x6755e17f118c99d8 ClearBrowsingData_Cookies
0xea9b835bf0310f85 ClearBrowsingData_Downloads
0xe3c9686626019346 ClearBrowsingData_History
+0x86678d0ede469c46 ClearBrowsingData_LSOData
0x511e8366cdda3890 ClearBrowsingData_Passwords
0x6d69a061f7adf595 ClearBrowsingData_ShowDlg
0x9fd631c62234969a ClearSelection
@@ -737,6 +753,7 @@
0x384a6609143bbcae LoadURL
0xe009e92f3909009c LoadURLFromKeyword
0xfb40450c5de92998 Login_Failure
+0x31374d163aec5a5e Login_GuestLoginSuccess
0x47421e3d3406b4e1 Login_OffTheRecordLoginSuccess
0xc23fa875d14a7ddb Login_Success
0x84ba0ed3cbdf3956 MediaContextMenu_Controls
generated by cgit v1.1 at 2025-02-19 09:09:30 +0000