diff options
author | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-28 22:10:17 +0000 |
---|---|---|
committer | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-28 22:10:17 +0000 |
commit | 172acc45664c67f6ec10a13a7f14da3bc4589f68 (patch) | |
tree | f833c3ef73012a9b90dc5fa555e4bda7fb891106 /chrome_frame | |
parent | 7f8e5fabdb957cd2875d4bccd95f39f6bb793354 (diff) | |
download | chromium_src-172acc45664c67f6ec10a13a7f14da3bc4589f68.zip chromium_src-172acc45664c67f6ec10a13a7f14da3bc4589f68.tar.gz chromium_src-172acc45664c67f6ec10a13a7f14da3bc4589f68.tar.bz2 |
Speculative fix for a ChromeFrame crash in IE full tab mode. The crash occurs while processing an
accelerator message and based on the callstack it looks like QueryService call for the SID_STopLevelBrowser
interface returns S_OK with a NULL interface pointer.
Added checks in the DoQueryService helper function to return a failure if the QueryService call returns
a NULL service pointer.
Fixes http://code.google.com/p/chromium/issues/detail?id=25457
Bug=25457
Review URL: http://codereview.chromium.org/523008
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35315 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame')
-rw-r--r-- | chrome_frame/chrome_frame_activex_base.h | 2 | ||||
-rw-r--r-- | chrome_frame/utils.h | 7 |
2 files changed, 6 insertions, 3 deletions
diff --git a/chrome_frame/chrome_frame_activex_base.h b/chrome_frame/chrome_frame_activex_base.h index 28ca868..5ba38f8 100644 --- a/chrome_frame/chrome_frame_activex_base.h +++ b/chrome_frame/chrome_frame_activex_base.h @@ -1005,7 +1005,7 @@ END_MSG_MAP() HRESULT hr = S_FALSE; ScopedComPtr<IBrowserService2> bs2; if (S_OK == DoQueryService(SID_STopLevelBrowser, m_spInPlaceSite, - bs2.Receive())) { + bs2.Receive()) && bs2.get()) { hr = bs2->v_MayTranslateAccelerator(const_cast<MSG*>(&msg)); } else { // IE8 doesn't support IBrowserService2 unless you enable a special, diff --git a/chrome_frame/utils.h b/chrome_frame/utils.h index d10b7c0..ab25cf2 100644 --- a/chrome_frame/utils.h +++ b/chrome_frame/utils.h @@ -210,9 +210,12 @@ HRESULT DoQueryService(const IID& service_id, IUnknown* unk, T** service) { ScopedComPtr<IServiceProvider> service_provider; HRESULT hr = service_provider.QueryFrom(unk); if (!service_provider) - return hr; + return E_NOINTERFACE; - return service_provider->QueryService(service_id, service); + hr = service_provider->QueryService(service_id, service); + if (*service == NULL) + return E_NOINTERFACE; + return hr; } // Get url (display name) from a moniker, |bind_context| is optional |