diff options
| author | amit@chromium.org <amit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-05-13 20:21:08 +0000 |
|---|---|---|
| committer | amit@chromium.org <amit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-05-13 20:21:08 +0000 |
| commit | f1917ed6945d79a12fe45957c46584dfe8771dbb (patch) | |
| tree | 9a28a5d9ac41ef81984b5b61a552157d9291f728 /chrome_frame/urlmon_bind_status_callback.cc | |
| parent | 3368b54748ed06d61ddc35f0cce4190961ec950c (diff) | |
| download | chromium_src-f1917ed6945d79a12fe45957c46584dfe8771dbb.zip chromium_src-f1917ed6945d79a12fe45957c46584dfe8771dbb.tar.gz chromium_src-f1917ed6945d79a12fe45957c46584dfe8771dbb.tar.bz2 | |
Fix crash in CacheStream::Read
Fix incorrect assumption that the Read of CacheStream will happen
in the context of IBindStatusCallback::OnDataAvailable notification.
TEST=none
BUG=43949
Review URL: http://codereview.chromium.org/2007009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47184 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame/urlmon_bind_status_callback.cc')
| -rw-r--r-- | chrome_frame/urlmon_bind_status_callback.cc | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/chrome_frame/urlmon_bind_status_callback.cc b/chrome_frame/urlmon_bind_status_callback.cc index b6d7c15..1f39a08 100644 --- a/chrome_frame/urlmon_bind_status_callback.cc +++ b/chrome_frame/urlmon_bind_status_callback.cc @@ -36,8 +36,10 @@ HRESULT CacheStream::BSCBFeedData(IBindStatusCallback* bscb, const char* data, return hr; } - cache_stream->AddRef(); - cache_stream->Initialize(data, size, eof); + scoped_refptr<CacheStream> cache_ref = cache_stream; + hr = cache_stream->Initialize(data, size, eof); + if (FAILED(hr)) + return hr; FORMATETC format_etc = { clip_format, NULL, DVASPECT_CONTENT, -1, TYMED_ISTREAM }; @@ -46,16 +48,24 @@ HRESULT CacheStream::BSCBFeedData(IBindStatusCallback* bscb, const char* data, medium.pstm = cache_stream; hr = bscb->OnDataAvailable(flags, size, &format_etc, &medium); - - cache_stream->Release(); return hr; } -void CacheStream::Initialize(const char* cache, size_t size, bool eof) { - cache_ = cache; - size_ = size; +HRESULT CacheStream::Initialize(const char* cache, size_t size, bool eof) { position_ = 0; eof_ = eof; + + HRESULT hr = S_OK; + cache_.reset(new char[size]); + if (cache_.get()) { + memcpy(cache_.get(), cache, size); + size_ = size; + } else { + DLOG(ERROR) << "failed to allocate cache stream."; + hr = E_OUTOFMEMORY; + } + + return hr; } // Read is the only call that we expect. Return E_PENDING if there @@ -65,11 +75,14 @@ STDMETHODIMP CacheStream::Read(void* pv, ULONG cb, ULONG* read) { if (!pv || !read) return E_INVALIDARG; + if (!cache_.get()) + return E_FAIL; + // Default to E_PENDING to signal that this is a partial data. HRESULT hr = eof_ ? S_FALSE : E_PENDING; if (position_ < size_) { *read = std::min(size_ - position_, size_t(cb)); - memcpy(pv, cache_ + position_, *read); + memcpy(pv, cache_ .get() + position_, *read); position_ += *read; hr = S_OK; } |