diff options
| author | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-25 16:04:43 +0000 |
|---|---|---|
| committer | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-25 16:04:43 +0000 |
| commit | bc88e9d7be9dbc039071cef0c7f80b9b1017f804 (patch) | |
| tree | 1f8982e99cc1258184dd79514e5355ca19745cfa /chrome_frame/bho.cc | |
| parent | 03aaa36e09ca9f235656fc78ff9b65b1116af71d (diff) | |
| download | chromium_src-bc88e9d7be9dbc039071cef0c7f80b9b1017f804.zip chromium_src-bc88e9d7be9dbc039071cef0c7f80b9b1017f804.tar.gz chromium_src-bc88e9d7be9dbc039071cef0c7f80b9b1017f804.tar.bz2 | |
This fixes a crash in IE8 with ChromeFrame when a new tab was created.
ChromeFrame VTable patches the IInternetProtocol interface for the CLSID_HttpProtocol
and CLSID_HttpSProtocol handlers. However we were using the same VTable information to patch both
the handlers essentially overwriting the first one. While this all worked purely by chance, it
exposed a bug in IE8 where every new tab initially goes into a new process and if the chromeframe
is unloaded we would leave behind an IInternetProtocol interface in urlmon patched, which would
crash when dereferenced.
Added a check in the VTable patching code for this case.
This fixes bug http://code.google.com/p/chromium/issues/detail?id=22768
Bug=22768
Review URL: http://codereview.chromium.org/244002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@27191 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame/bho.cc')
| -rw-r--r-- | chrome_frame/bho.cc | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/chrome_frame/bho.cc b/chrome_frame/bho.cc index e8c0374..9561cc1 100644 --- a/chrome_frame/bho.cc +++ b/chrome_frame/bho.cc @@ -18,7 +18,6 @@ #include "chrome_frame/utils.h" #include "chrome_frame/vtable_patch_manager.h" -const wchar_t kUrlMonDllName[] = L"urlmon.dll"; const wchar_t kPatchProtocols[] = L"PatchProtocols"; static const int kIBrowserServiceOnHttpEquivIndex = 30; @@ -217,8 +216,7 @@ void PatchHelper::InitializeAndPatchProtocolsIfNeeded() { bool patch_protocol = GetConfigBool(true, kPatchProtocols); if (patch_protocol) { - ProtocolSinkWrap::PatchProtocolHandler(kUrlMonDllName, CLSID_HttpProtocol); - ProtocolSinkWrap::PatchProtocolHandler(kUrlMonDllName, CLSID_HttpSProtocol); + ProtocolSinkWrap::PatchProtocolHandlers(); state_ = PATCH_PROTOCOL; } else { state_ = PATCH_IBROWSER; @@ -232,12 +230,9 @@ void PatchHelper::PatchBrowserService(IBrowserService* browser_service) { IBrowserService_PatchInfo); } -extern vtable_patch::MethodPatchInfo IInternetProtocol_PatchInfo[]; -extern vtable_patch::MethodPatchInfo IInternetProtocolEx_PatchInfo[]; void PatchHelper::UnpatchIfNeeded() { if (state_ == PATCH_PROTOCOL) { - vtable_patch::UnpatchInterfaceMethods(IInternetProtocol_PatchInfo); - vtable_patch::UnpatchInterfaceMethods(IInternetProtocolEx_PatchInfo); + ProtocolSinkWrap::UnpatchProtocolHandlers(); } else if (state_ == PATCH_IBROWSER_OK) { vtable_patch::UnpatchInterfaceMethods(IBrowserService_PatchInfo); } |