diff options
| author | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-25 16:04:43 +0000 |
|---|---|---|
| committer | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-25 16:04:43 +0000 |
| commit | bc88e9d7be9dbc039071cef0c7f80b9b1017f804 (patch) | |
| tree | 1f8982e99cc1258184dd79514e5355ca19745cfa /chrome_frame/protocol_sink_wrap.h | |
| parent | 03aaa36e09ca9f235656fc78ff9b65b1116af71d (diff) | |
| download | chromium_src-bc88e9d7be9dbc039071cef0c7f80b9b1017f804.zip chromium_src-bc88e9d7be9dbc039071cef0c7f80b9b1017f804.tar.gz chromium_src-bc88e9d7be9dbc039071cef0c7f80b9b1017f804.tar.bz2 | |
This fixes a crash in IE8 with ChromeFrame when a new tab was created.
ChromeFrame VTable patches the IInternetProtocol interface for the CLSID_HttpProtocol
and CLSID_HttpSProtocol handlers. However we were using the same VTable information to patch both
the handlers essentially overwriting the first one. While this all worked purely by chance, it
exposed a bug in IE8 where every new tab initially goes into a new process and if the chromeframe
is unloaded we would leave behind an IInternetProtocol interface in urlmon patched, which would
crash when dereferenced.
Added a check in the VTable patching code for this case.
This fixes bug http://code.google.com/p/chromium/issues/detail?id=22768
Bug=22768
Review URL: http://codereview.chromium.org/244002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@27191 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame/protocol_sink_wrap.h')
| -rw-r--r-- | chrome_frame/protocol_sink_wrap.h | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/chrome_frame/protocol_sink_wrap.h b/chrome_frame/protocol_sink_wrap.h index e4f9cfb..bab018b 100644 --- a/chrome_frame/protocol_sink_wrap.h +++ b/chrome_frame/protocol_sink_wrap.h @@ -17,6 +17,7 @@ #include "base/scoped_comptr_win.h" #include "googleurl/src/gurl.h" #include "chrome_frame/ie8_types.h" +#include "chrome_frame/vtable_patch_manager.h" // Typedefs for IInternetProtocol and related methods that we patch. typedef HRESULT (STDMETHODCALLTYPE* InternetProtocol_Start_Fn)( @@ -85,8 +86,12 @@ END_COM_MAP() bool Initialize(IInternetProtocol* protocol, IInternetProtocolSink* original_sink, const wchar_t* url); - static bool PatchProtocolHandler(const wchar_t* dll, - const CLSID& handler_clsid); + // VTable patches the IInternetProtocol and IIntenetProtocolEx interface. + // Returns true on success. + static bool PatchProtocolHandlers(); + + // Unpatches the IInternetProtocol and IInternetProtocolEx interfaces. + static void UnpatchProtocolHandlers(); // IInternetProtocol/Ex patches. static HRESULT STDMETHODCALLTYPE OnStart(InternetProtocol_Start_Fn orig_start, @@ -183,6 +188,21 @@ END_COM_MAP() return renderer_type_; } + // Creates an instance of the specified protocol handler and returns the + // IInternetProtocol interface pointer. + // Returns S_OK on success. + static HRESULT CreateProtocolHandlerInstance(const CLSID& clsid, + IInternetProtocol** protocol); + + // Helper function for patching the VTable of the IInternetProtocol + // interface. It instantiates the object identified by the protocol_clsid + // parameter and patches its VTable. + // Returns S_OK on success. + static HRESULT PatchProtocolMethods( + const CLSID& protocol_clsid, + vtable_patch::MethodPatchInfo* protocol_patch_info, + vtable_patch::MethodPatchInfo* protocol_ex_patch_info); + // WARNING: Don't use GURL variables here. Please see // http://b/issue?id=2102171 for details. @@ -202,7 +222,7 @@ END_COM_MAP() HRESULT result_code_; DWORD result_error_; std::wstring result_text_; - // For tracking re-entrency and preventing duplicate Read()s from + // For tracking re-entrency and preventing duplicate Read()s from // distorting the outcome of ReportData. int report_data_recursiveness_; |