Fix a crash in ChromeFrame full tab mode while processing the attach external tab request, which comes in during window open.

We create a ProtData object instance which is mapped to the protocol with a NULL read function pointer which was used to indicate
if this is a dummy request. It appears that there are cases where we may receive a StartEx call with a reused protocol pointer.
which basically causes a crash in the context of IInternetProtocolSink::ReportData which internally calls IInternetProtocol::LockRequest,
which crashes as the transaction never started.

Fix is to invalidate the protdata mapping if the protdata has not been destroyed yet, but the underlying Transaction has been destroyed.
This can happen if the original bind context has not yet been destroyed

Fixes bug http://code.google.com/p/chromium/issues/detail?id=50814

Bug=50814,50956

Test=Subsequent CL.


Review URL: http://codereview.chromium.org/3078010

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@54553 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 4 insertions, 0 deletions

diff --git a/chrome_frame/bind_context_info.h b/chrome_frame/bind_context_info.h
index 1778604..4b08505 100644
--- a/chrome_frame/bind_context_info.h
+++ b/chrome_frame/bind_context_info.h
@@ -89,6 +89,10 @@ class __declspec(uuid("00000000-0000-0000-0000-000000000000")) BindContextInfo
     return prot_data_;
   }
 
+  bool has_prot_data() const {
+    return prot_data_.get() != NULL;
+  }
+
  protected:
   STDMETHOD(GetCppObject)(void** me) {
     DCHECK(me);