diff options
| author | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-03-11 00:03:55 +0000 |
|---|---|---|
| committer | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-03-11 00:03:55 +0000 |
| commit | 7af08f6cf18eef9089dbfbe94590ac004c649906 (patch) | |
| tree | 6aad7112e51ca202b44d9411daadf858aefdb26c /chrome_frame | |
| parent | c0e5f71c772164b794089e26a2f3cc001b8b13f9 (diff) | |
| download | chromium_src-7af08f6cf18eef9089dbfbe94590ac004c649906.zip chromium_src-7af08f6cf18eef9089dbfbe94590ac004c649906.tar.gz chromium_src-7af08f6cf18eef9089dbfbe94590ac004c649906.tar.bz2 | |
Fix the flakiness with download requests routed by ChromeFrame to the host browser. We issue
the NavigateWithBindCtx interface call to issue a navigation such that it reuses the existing
bind context. This basically results in a cross apartment deadlock at times when we are in the
context of a OnStopBinding call in our bind status callback implementation. The Navigate call
is marshaled to a different thread which tries to grab a urlmon critical section which is
held in the context of the OnStopBinding call by the current thread.
Fix is to use PostMessage to ensure that we unwind the current call chain.
BUG=73985
TEST=As described in the bug.
Review URL: http://codereview.chromium.org/6677004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@77732 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame')
| -rw-r--r-- | chrome_frame/chrome_frame_activex_base.h | 1 | ||||
| -rw-r--r-- | chrome_frame/urlmon_url_request.cc | 17 | ||||
| -rw-r--r-- | chrome_frame/utils.h | 6 |
3 files changed, 11 insertions, 13 deletions
diff --git a/chrome_frame/chrome_frame_activex_base.h b/chrome_frame/chrome_frame_activex_base.h index b80caf1..2b746eb 100644 --- a/chrome_frame/chrome_frame_activex_base.h +++ b/chrome_frame/chrome_frame_activex_base.h @@ -477,6 +477,7 @@ END_MSG_MAP() UTF8ToWide(download_params->request_headers).c_str(), download_params->bind_ctx, NULL, download_params->post_data); } + delete download_params; return TRUE; } diff --git a/chrome_frame/urlmon_url_request.cc b/chrome_frame/urlmon_url_request.cc index b7d3fdb..652361c 100644 --- a/chrome_frame/urlmon_url_request.cc +++ b/chrome_frame/urlmon_url_request.cc @@ -1073,18 +1073,15 @@ void UrlmonUrlRequestManager::BindTerminated(IMoniker* moniker, IBindCtx* bind_ctx, IStream* post_data, const char* request_headers) { - DownloadInHostParams download_params; - download_params.bind_ctx = bind_ctx; - download_params.moniker = moniker; - download_params.post_data = post_data; + DownloadInHostParams* download_params = new DownloadInHostParams; + download_params->bind_ctx = bind_ctx; + download_params->moniker = moniker; + download_params->post_data = post_data; if (request_headers) { - download_params.request_headers = request_headers; + download_params->request_headers = request_headers; } - // We use SendMessage and not PostMessage to make sure that if the - // notification window does not handle the message we won't leak - // the moniker. - ::SendMessage(notification_window_, WM_DOWNLOAD_IN_HOST, - reinterpret_cast<WPARAM>(&download_params), 0); + ::PostMessage(notification_window_, WM_DOWNLOAD_IN_HOST, + reinterpret_cast<WPARAM>(download_params), 0); } void UrlmonUrlRequestManager::GetCookiesForUrl(const GURL& url, int cookie_id) { diff --git a/chrome_frame/utils.h b/chrome_frame/utils.h index c2d6ef9..3e0035a 100644 --- a/chrome_frame/utils.h +++ b/chrome_frame/utils.h @@ -461,9 +461,9 @@ extern base::Lock g_ChromeFrameHistogramLock; // This structure contains the parameters sent over to initiate a download // request in the host browser. struct DownloadInHostParams { - IBindCtx* bind_ctx; - IMoniker* moniker; - IStream* post_data; + base::win::ScopedComPtr<IBindCtx> bind_ctx; + base::win::ScopedComPtr<IMoniker> moniker; + base::win::ScopedComPtr<IStream> post_data; std::string request_headers; }; |