diff options
| author | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-05-20 21:11:25 +0000 |
|---|---|---|
| committer | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-05-20 21:11:25 +0000 |
| commit | 7db5d174005149773ff076266eb28dfe7d9065c3 (patch) | |
| tree | 3c452060749a1c704605dcfa7bb134f4b1ac53fb /chrome_frame/urlmon_url_request.cc | |
| parent | 218a5706e87a31d71dd8431b8af317e4f50193e2 (diff) | |
| download | chromium_src-7db5d174005149773ff076266eb28dfe7d9065c3.zip chromium_src-7db5d174005149773ff076266eb28dfe7d9065c3.tar.gz chromium_src-7db5d174005149773ff076266eb28dfe7d9065c3.tar.bz2 | |
Fix a ChromeFrame crash caused when the cookie policy is set to prompt and the active document is released before the prompt is clicked
on. This only happens on IE6 where the prompt dialog is modeless in the context of the InternetSetCookieEx call.
To ensure that the active document remains valid for the duration of the call we maintain a reference on the container for the duration of
the InternetSetCookie call.
The cookie calls in IE are now handled on the UI thread as we cannot block the IPC thread in case the set cookie calls result in a prompt.
This fixes bug http://code.google.com/p/chromium/issues/detail?id=44465
The FullTabModeIE_UnloadEventTest has been disabled as the change to execute the cookie calls on the UI thread would break it.
Bug=44465, 40814
Review URL: http://codereview.chromium.org/2091015
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47846 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame/urlmon_url_request.cc')
| -rw-r--r-- | chrome_frame/urlmon_url_request.cc | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/chrome_frame/urlmon_url_request.cc b/chrome_frame/urlmon_url_request.cc index 90aff6c1..fb7e740 100644 --- a/chrome_frame/urlmon_url_request.cc +++ b/chrome_frame/urlmon_url_request.cc @@ -906,7 +906,7 @@ net::Error UrlmonUrlRequest::HresultToNetError(HRESULT hr) { PluginUrlRequestManager::ThreadSafeFlags UrlmonUrlRequestManager::GetThreadSafeFlags() { - return PluginUrlRequestManager::COOKIE_REQUEST_THREADSAFE; + return PluginUrlRequestManager::NOT_THREADSAFE; } void UrlmonUrlRequestManager::SetInfoForUrl(const std::wstring& url, @@ -1055,12 +1055,24 @@ void UrlmonUrlRequestManager::GetCookiesForUrl(const GURL& url, int cookie_id) { void UrlmonUrlRequestManager::SetCookiesForUrl(const GURL& url, const std::string& cookie) { + DCHECK(container_); + // Grab a reference on the container to ensure that we don't get destroyed in + // case the InternetSetCookie call below puts up a dialog box, which can + // happen if the cookie policy is set to prompt. + if (container_) { + container_->AddRef(); + } + InternetCookieState cookie_state = static_cast<InternetCookieState>( InternetSetCookieExA(url.spec().c_str(), NULL, cookie.c_str(), INTERNET_COOKIE_EVALUATE_P3P, NULL)); int32 cookie_action = MapCookieStateToCookieAction(cookie_state); AddPrivacyDataForUrl(url.spec(), "", cookie_action); + + if (container_) { + container_->Release(); + } } void UrlmonUrlRequestManager::EndRequest(int request_id) { @@ -1147,7 +1159,8 @@ scoped_refptr<UrlmonUrlRequest> UrlmonUrlRequestManager::LookupRequest( UrlmonUrlRequestManager::UrlmonUrlRequestManager() : stopping_(false), calling_delegate_(0), notification_window_(NULL), - privileged_mode_(false) { + privileged_mode_(false), + container_(NULL) { } UrlmonUrlRequestManager::~UrlmonUrlRequestManager() { @@ -1158,7 +1171,6 @@ void UrlmonUrlRequestManager::AddPrivacyDataForUrl( const std::string& url, const std::string& policy_ref, int32 flags) { DCHECK(!url.empty()); - AutoLock lock(privacy_info_lock_); bool fire_privacy_event = false; |