Revert 47453 - In ChromeFrame the ChromeFrameAutomationProxy object is created on the background proxy channel thread and is accessed

from the UI thread, the proxy channel thread and the IPC thread. This leads to a race condition when ChromeFrame is being torn down which occurs because the ChromeFrameAutomationProxy pointer is being set to NULL in the UI thread/deleted in the proxy background thread while it could be accessed while processing a callback in the IPC thread thus causing a crash. Fix is to ensure that the IPC thread does not access the ChromeFrameAutomationProxy pointer. To achieve this the callbacks are now individual context objects which when invoked forward the actions to the ChromeFrameAutomationClient object. The CreateExternalTab and ConnectExternalTab callbacks now complete their actions on the UI thread. While at this based on a discussion and lot of help from Stoyan we decided to clean up the sync message dispatching code used by ChromeFrame by having callbacks now derive from a SyncMessageCallContext class to ensure that these get cleaned up correctly in all cases. For e.g. if we don't receive a response for a message, etc and thus enable them to present a consistent interface to be invoked when we receive a response for a IPc message. Fixes bug http://code.google.com/p/chromium/issues/detail?id=44245 Bug=44245 Review URL: http://codereview.chromium.org/2073007 TBR=ananta@chromium.org Review URL: http://codereview.chromium.org/2110006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47461 0039d316-1c4b-4281-b951-d872f2087c98
author: ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-05-17 21:47:30 +0000
committer: ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-05-17 21:47:30 +0000
commit: cb291e642a4fe2d36c2354a1bfdb843661de74a0 (patch)
tree: bb6c13ad7586ad839c0f0d332410842804a3a2da /chrome_frame/sync_msg_reply_dispatcher.cc
parent: 981b34450805e070b6694c8df292f24ee1f73ff4 (diff)
download: chromium_src-cb291e642a4fe2d36c2354a1bfdb843661de74a0.zip
chromium_src-cb291e642a4fe2d36c2354a1bfdb843661de74a0.tar.gz
chromium_src-cb291e642a4fe2d36c2354a1bfdb843661de74a0.tar.bz2
1 files changed, 23 insertions, 28 deletions
diff --git a/chrome_frame/sync_msg_reply_dispatcher.cc b/chrome_frame/sync_msg_reply_dispatcher.cc
index 1b51516..b301698 100644
--- a/chrome_frame/sync_msg_reply_dispatcher.cc
+++ b/chrome_frame/sync_msg_reply_dispatcher.cc
@@ -6,61 +6,56 @@
 
 #include "ipc/ipc_sync_message.h"
 
-void SyncMessageReplyDispatcher::Push(IPC::SyncMessage* msg,
-                                      SyncMessageCallContext* context,
+void SyncMessageReplyDispatcher::Push(IPC::SyncMessage* msg, void* callback,
                                       void* key) {
-  context->message_type_ = msg->type();
-  context->id_ = IPC::SyncMessage::GetMessageId(*msg);
-  context->key_ = key;
-
+  MessageSent pending(IPC::SyncMessage::GetMessageId(*msg),
+                      msg->type(), callback, key);
   AutoLock lock(message_queue_lock_);
-  message_queue_.push_back(context);
+  message_queue_.push_back(pending);
 }
 
-bool SyncMessageReplyDispatcher::HandleMessageType(
-    const IPC::Message& msg, SyncMessageCallContext* context) {
+bool SyncMessageReplyDispatcher::HandleMessageType(const IPC::Message& msg,
+                                                   const MessageSent& origin) {
   return false;
 }
 
 bool SyncMessageReplyDispatcher::OnMessageReceived(const IPC::Message& msg) {
-  SyncMessageCallContext* context = GetContext(msg);
-  // No context e.g. no return values and/or don't care
-  if (!context) {
+  MessageSent origin;
+  if (!Pop(msg, &origin)) {
     return false;
   }
 
-  return HandleMessageType(msg, context);
+  // No callback e.g. no return values and/or don't care
+  if (origin.callback == NULL)
+    return true;
+
+  return HandleMessageType(msg, origin);
 }
 
 void SyncMessageReplyDispatcher::Cancel(void* key) {
   DCHECK(key != NULL);
   AutoLock lock(message_queue_lock_);
-  PendingSyncMessageQueue::iterator it = message_queue_.begin();
-  while (it != message_queue_.end()) {
-    SyncMessageCallContext* context = *it;
-    if (context->key_ == key) {
-      it = message_queue_.erase(it);
-      delete context;
-    } else {
-      ++it;
+  PendingSyncMessageQueue::iterator it;
+  for (it = message_queue_.begin(); it != message_queue_.end(); ++it) {
+    if (it->key == key) {
+      it->key = NULL;
     }
   }
 }
 
-SyncMessageReplyDispatcher::SyncMessageCallContext*
-    SyncMessageReplyDispatcher::GetContext(const IPC::Message& msg) {
+bool SyncMessageReplyDispatcher::Pop(const IPC::Message& msg, MessageSent* t) {
   if (!msg.is_reply())
-    return NULL;
+    return false;
 
   int id = IPC::SyncMessage::GetMessageId(msg);
   AutoLock lock(message_queue_lock_);
   PendingSyncMessageQueue::iterator it;
   for (it = message_queue_.begin(); it != message_queue_.end(); ++it) {
-    SyncMessageCallContext* context = *it;
-    if (context->id_ == id) {
+    if (it->id == id) {
+      *t = *it;
       message_queue_.erase(it);
-      return context;
+      return true;
     }
   }
-  return NULL;
+  return false;
 }
author	ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-05-17 21:47:30 +0000
committer	ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-05-17 21:47:30 +0000
commit	cb291e642a4fe2d36c2354a1bfdb843661de74a0 (patch)
tree	bb6c13ad7586ad839c0f0d332410842804a3a2da /chrome_frame/sync_msg_reply_dispatcher.cc
parent	981b34450805e070b6694c8df292f24ee1f73ff4 (diff)
download	chromium_src-cb291e642a4fe2d36c2354a1bfdb843661de74a0.zip chromium_src-cb291e642a4fe2d36c2354a1bfdb843661de74a0.tar.gz chromium_src-cb291e642a4fe2d36c2354a1bfdb843661de74a0.tar.bz2