The ChromeFrameAutomationClient class needs to be refcounted as it implements the PluginRequestHandler

interface which is maintained by individual requests which can outlive the active document/activex instances.
I ran into a crash where UrlmonUrlRequest was calling into an invalid PluginRequestHandler pointer which
had been destroyed just before.

We also need to ensure that UrlmonUrlRequest and ChromeFrameActiveXBase select the multi threaded model as
AddRef/Release can be invoked from multiple threads.

I also removed the CleanupAsyncRequests function in ChromeFrameAutomationClient and moved all the code to CleanupRequests, which ensures that we treat synchronous
and asynchronous requests similarly. 

There are instances where an automation client instance is created and destroyed without being initialized which causes a spurious assert to fire in the Uninitialize function. I added a check in the Uninitialize function to return if the state is uninitialized.

Bug=none

Review URL: http://codereview.chromium.org/386014

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@31792 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 8 insertions, 18 deletions

diff --git a/chrome_frame/chrome_frame_automation.cc b/chrome_frame/chrome_frame_automation.cc
index 1a4b763..8dbf795 100644
--- a/chrome_frame/chrome_frame_automation.cc
+++ b/chrome_frame/chrome_frame_automation.cc
@@ -436,7 +436,6 @@ bool ChromeFrameAutomationClient::Initialize(
   chrome_frame_delegate_ = chrome_frame_delegate;
   incognito_ = incognito;
   ui_thread_id_ = PlatformThread::CurrentId();
-
 #ifndef NDEBUG
   // In debug mode give more time to work with a debugger.
   if (IsDebuggerPresent()) {
@@ -476,6 +475,11 @@ bool ChromeFrameAutomationClient::Initialize(
 void ChromeFrameAutomationClient::Uninitialize() {
   DLOG(INFO) << __FUNCTION__;
 
+  if (init_state_ == UNINITIALIZED) {
+    DLOG(WARNING) << __FUNCTION__ << ": Automation client not initialized";
+    return;
+  }
+
   init_state_ = UNINITIALIZING;
 
   // Called from client's FinalRelease() / destructor
@@ -633,14 +637,14 @@ class InstallExtensionContext {
   }
 
   void InstallExtensionComplete(AutomationMsg_ExtensionResponseValues res) {
-    client_->PostTask(FROM_HERE, NewRunnableMethod(client_,
+    client_->PostTask(FROM_HERE, NewRunnableMethod(client_.get(),
         &ChromeFrameAutomationClient::InstallExtensionComplete, crx_path_,
         user_data_, res));
     delete this;
   }
 
  private:
-  ChromeFrameAutomationClient* client_;
+  scoped_refptr<ChromeFrameAutomationClient> client_;
   FilePath crx_path_;
   void* user_data_;
 };
@@ -1072,20 +1076,6 @@ bool ChromeFrameAutomationClient::IsValidRequest(
 
 void ChromeFrameAutomationClient::CleanupRequests() {
   DCHECK_EQ(PlatformThread::CurrentId(), ui_thread_id_);
-  while (request_map_.size()) {
-    PluginUrlRequest* request = request_map_.begin()->second;
-    if (request) {
-      int request_id = request->id();
-      request->Stop();
-    }
-  }
-
-  DCHECK(request_map_.empty());
-  request_map_.clear();
-}
-
-void ChromeFrameAutomationClient::CleanupAsyncRequests() {
-  DCHECK_EQ(PlatformThread::CurrentId(), ui_thread_id_);
 
   std::vector<scoped_refptr<PluginUrlRequest> > request_list;
   // We copy the pending requests into a temporary vector as the Stop
@@ -1119,7 +1109,7 @@ bool ChromeFrameAutomationClient::Reinitialize(
     return false;
   }
 
-  CleanupAsyncRequests();
+  CleanupRequests();
   chrome_frame_delegate_ = delegate;
   SetParentWindow(NULL);
   return true;