diff options
| author | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-15 01:39:26 +0000 |
|---|---|---|
| committer | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-15 01:39:26 +0000 |
| commit | 70277f6b896c776999e356d6546d65fd999dea05 (patch) | |
| tree | 455a61a961f398d2b8dbab0c4673b1bae792b589 /chrome_frame/urlmon_bind_status_callback.cc | |
| parent | e6e55fb4b70fb47c6959b68e0cccd328bed9c358 (diff) | |
| download | chromium_src-70277f6b896c776999e356d6546d65fd999dea05.zip chromium_src-70277f6b896c776999e356d6546d65fd999dea05.tar.gz chromium_src-70277f6b896c776999e356d6546d65fd999dea05.tar.bz2 | |
Avoid a crash in ChromeFrame in the BindToStorage call initiated when our active document is loaded. The crash occurs while dereferencing a
NULL delegate which is the case in the pending request object created by the active document to handle the initial load.
Fix for this is to maintain a pending state in the request object. We ignore all OnProgress notifications in this state. When Chrome requests
data for the top level url this state is cleared.
Consolidated the number of bind context information structures into one which contains everything we need in ChromeFrame, i.e. to decide to
switch to Chrome, indicating whether the request came from Chrome, etc.
Review URL: http://codereview.chromium.org/1654012
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@44604 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame/urlmon_bind_status_callback.cc')
| -rw-r--r-- | chrome_frame/urlmon_bind_status_callback.cc | 21 |
1 files changed, 7 insertions, 14 deletions
diff --git a/chrome_frame/urlmon_bind_status_callback.cc b/chrome_frame/urlmon_bind_status_callback.cc index 68cf175..6f85210 100644 --- a/chrome_frame/urlmon_bind_status_callback.cc +++ b/chrome_frame/urlmon_bind_status_callback.cc @@ -11,6 +11,7 @@ #include "base/string_util.h" #include "base/utf_string_conversions.h" +#include "chrome_frame/bind_context_info.h" #include "chrome_frame/urlmon_moniker.h" #include "chrome_tab.h" // NOLINT @@ -178,8 +179,7 @@ void SniffData::DetermineRendererType(bool last_chance) { ///////////////////////////////////////////////////////////////////// -HRESULT BSCBStorageBind::Initialize(IMoniker* moniker, IBindCtx* bind_ctx, - bool no_cache) { +HRESULT BSCBStorageBind::Initialize(IMoniker* moniker, IBindCtx* bind_ctx) { DLOG(INFO) << __FUNCTION__ << me() << StringPrintf(" tid=%i", PlatformThread::CurrentId()); @@ -197,7 +197,6 @@ HRESULT BSCBStorageBind::Initialize(IMoniker* moniker, IBindCtx* bind_ctx, std::wstring url = GetActualUrlFromMoniker(moniker, bind_ctx, std::wstring()); data_sniffer_.InitializeCache(url); - no_cache_ = no_cache; return hr; } @@ -310,18 +309,12 @@ HRESULT BSCBStorageBind::MayPlayBack(DWORD flags) { if (data_sniffer_.is_cache_valid()) { if (data_sniffer_.is_chrome()) { - ScopedComPtr<IStream> cache; - if (no_cache_) { - // This flag is set by BindToObject indicating taht we don't need - // to cache as we'll be able to read data from the bind later. - CreateStreamOnHGlobal(NULL, TRUE, cache.Receive()); - } else { - // Binding began with BindToStorage and the data cann't be read - // back so pass on the data read so far. - cache = data_sniffer_.cache_; + scoped_refptr<BindContextInfo> info = + BindContextInfo::FromBindContext(bind_ctx_); + DCHECK(info); + if (info) { + info->SetToSwitch(data_sniffer_.cache_); } - DCHECK(cache); - NavigationManager::SetForSwitch(bind_ctx_, cache); } hr = data_sniffer_.DrainCache(delegate(), |