diff options
| author | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-02 05:59:55 +0000 |
|---|---|---|
| committer | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-02 05:59:55 +0000 |
| commit | 8e33c8f52878ca9a81bc427494a5f07c8045849c (patch) | |
| tree | f8fd7c3d3803b07e4ca335974815333c0127dea1 /chrome_frame | |
| parent | a3bc13b9a554d857d95f696a2b55db0ee57527b0 (diff) | |
| download | chromium_src-8e33c8f52878ca9a81bc427494a5f07c8045849c.zip chromium_src-8e33c8f52878ca9a81bc427494a5f07c8045849c.tar.gz chromium_src-8e33c8f52878ca9a81bc427494a5f07c8045849c.tar.bz2 | |
Fix a ChromeFrame crash which occurs while handling the open url notification from Chrome. This crash
happens while attempting to dereference a NULL IWebBrowser2 interface pointer, which could occur if
the client site is NULL, i.e. chrome frame is in the process of being torn down.
This fixes bug http://code.google.com/p/chromium/issues/detail?id=40174
Bug=40174
Review URL: http://codereview.chromium.org/1585014
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43457 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame')
| -rw-r--r-- | chrome_frame/chrome_frame_activex_base.h | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/chrome_frame/chrome_frame_activex_base.h b/chrome_frame/chrome_frame_activex_base.h index 6a400f6..bb516af 100644 --- a/chrome_frame/chrome_frame_activex_base.h +++ b/chrome_frame/chrome_frame_activex_base.h @@ -1013,8 +1013,10 @@ END_MSG_MAP() const GURL& referrer, int open_disposition) { ScopedComPtr<IWebBrowser2> web_browser2; DoQueryService(SID_SWebBrowserApp, m_spClientSite, web_browser2.Receive()); - DCHECK(web_browser2); - + if (!web_browser2) { + NOTREACHED() << "Failed to retrieve IWebBrowser2 interface"; + return; + } ScopedVariant url; // Check to see if the URL uses a "view-source:" prefix, if so, open it // using chrome frame full tab mode by using 'cf:' protocol handler. |