diff options
| author | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-01-31 19:54:32 +0000 |
|---|---|---|
| committer | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-01-31 19:54:32 +0000 |
| commit | bb7097f0d49c5282d5012fdf37923f259c5b39a3 (patch) | |
| tree | 101aff24beb9af85d23c21ccd360d8e688d0640b /chrome_frame | |
| parent | 46ed47f6fe473b02af620597f0ec9c0d6670b132 (diff) | |
| download | chromium_src-bb7097f0d49c5282d5012fdf37923f259c5b39a3.zip chromium_src-bb7097f0d49c5282d5012fdf37923f259c5b39a3.tar.gz chromium_src-bb7097f0d49c5282d5012fdf37923f259c5b39a3.tar.bz2 | |
Ensure that ChromeFrame does not interfere with non ChromeFrame requests initiated by IE.
ChromeFrame patches the urlmon transaction object vtable to ensure that top level requests initiated
by IE are intercepted. Methods patched include the Start/StartEx and Read. The Read method is patched
to ensure that we return unprocessed data back to urlmon in case the site is not switched into ChromeFrame.
There is a race condition between the time the data is discarded and a new request is created as the
IInternetProtocol interface ptr can be reused. This causes us to return stale data from a previous request to
IE. The data is keyed off the IInternetProtocol interface ptr.
Fix is to patch the Abort and Terminate methods of the transaction vtable and destroy the data for the protocol.
Fixes bug http://code.google.com/p/chromium/issues/detail?id=168308
BUG=168308
Review URL: https://chromiumcodereview.appspot.com/12093077
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@179932 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame')
| -rw-r--r-- | chrome_frame/protocol_sink_wrap.cc | 46 | ||||
| -rw-r--r-- | chrome_frame/protocol_sink_wrap.h | 5 |
2 files changed, 48 insertions, 3 deletions
diff --git a/chrome_frame/protocol_sink_wrap.cc b/chrome_frame/protocol_sink_wrap.cc index 69d6e68..ddb608a 100644 --- a/chrome_frame/protocol_sink_wrap.cc +++ b/chrome_frame/protocol_sink_wrap.cc @@ -38,6 +38,8 @@ static const int kInternetProtocolReadIndex = 9; static const int kInternetProtocolStartExIndex = 13; static const int kInternetProtocolLockRequestIndex = 11; static const int kInternetProtocolUnlockRequestIndex = 12; +static const int kInternetProtocolAbortIndex = 5; +static const int kInternetProtocolTerminateIndex = 6; // IInternetProtocol/Ex patches. @@ -64,17 +66,29 @@ STDMETHODIMP Hook_Read(InternetProtocol_Read_Fn orig_read, ULONG* size_read); STDMETHODIMP Hook_LockRequest(InternetProtocol_LockRequest_Fn orig_req, - IInternetProtocol* protocol, DWORD dwOptions); + IInternetProtocol* protocol, + DWORD options); STDMETHODIMP Hook_UnlockRequest(InternetProtocol_UnlockRequest_Fn orig_req, IInternetProtocol* protocol); +STDMETHODIMP Hook_Abort(InternetProtocol_Abort_Fn orig_req, + IInternetProtocol* protocol, + HRESULT hr, + DWORD options); + +STDMETHODIMP Hook_Terminate(InternetProtocol_Terminate_Fn orig_req, + IInternetProtocol* protocol, + DWORD options); + ///////////////////////////////////////////////////////////////////////////// BEGIN_VTABLE_PATCHES(CTransaction) VTABLE_PATCH_ENTRY(kInternetProtocolStartIndex, Hook_Start) VTABLE_PATCH_ENTRY(kInternetProtocolReadIndex, Hook_Read) VTABLE_PATCH_ENTRY(kInternetProtocolLockRequestIndex, Hook_LockRequest) VTABLE_PATCH_ENTRY(kInternetProtocolUnlockRequestIndex, Hook_UnlockRequest) + VTABLE_PATCH_ENTRY(kInternetProtocolAbortIndex, Hook_Abort) + VTABLE_PATCH_ENTRY(kInternetProtocolTerminateIndex, Hook_Terminate) END_VTABLE_PATCHES() BEGIN_VTABLE_PATCHES(CTransaction2) @@ -807,7 +821,8 @@ STDMETHODIMP Hook_Read(InternetProtocol_Read_Fn orig_read, } STDMETHODIMP Hook_LockRequest(InternetProtocol_LockRequest_Fn orig_req, - IInternetProtocol* protocol, DWORD options) { + IInternetProtocol* protocol, + DWORD options) { DCHECK(orig_req); scoped_refptr<ProtData> prot_data = ProtData::DataFromProtocol(protocol); @@ -838,6 +853,33 @@ STDMETHODIMP Hook_UnlockRequest(InternetProtocol_UnlockRequest_Fn orig_req, return orig_req(protocol); } +STDMETHODIMP Hook_Abort(InternetProtocol_Abort_Fn orig_req, + IInternetProtocol* protocol, + HRESULT hr, + DWORD options) { + scoped_refptr<ProtData> prot_data = ProtData::DataFromProtocol(protocol); + if (prot_data) + prot_data->Invalidate(); + + // We are just pass through at this point, avoid false positive crash + // reports. + ExceptionBarrierReportOnlyModule barrier; + return orig_req(protocol, hr, options); +} + +STDMETHODIMP Hook_Terminate(InternetProtocol_Terminate_Fn orig_req, + IInternetProtocol* protocol, + DWORD options) { + scoped_refptr<ProtData> prot_data = ProtData::DataFromProtocol(protocol); + if (prot_data) + prot_data->Invalidate(); + + // We are just pass through at this point, avoid false positive crash + // reports. + ExceptionBarrierReportOnlyModule barrier; + return orig_req(protocol, options); +} + // Patching / Hooking code. class FakeProtocol : public CComObjectRootEx<CComSingleThreadModel>, public IInternetProtocol { diff --git a/chrome_frame/protocol_sink_wrap.h b/chrome_frame/protocol_sink_wrap.h index d201a99..c5dc461 100644 --- a/chrome_frame/protocol_sink_wrap.h +++ b/chrome_frame/protocol_sink_wrap.h @@ -40,7 +40,10 @@ typedef HRESULT (STDMETHODCALLTYPE* InternetProtocol_LockRequest_Fn)( IInternetProtocol* this_object, DWORD options); typedef HRESULT (STDMETHODCALLTYPE* InternetProtocol_UnlockRequest_Fn)( IInternetProtocol* this_object); - +typedef HRESULT (STDMETHODCALLTYPE* InternetProtocol_Abort_Fn)( + IInternetProtocol* this_object, HRESULT hr, DWORD options); +typedef HRESULT (STDMETHODCALLTYPE* InternetProtocol_Terminate_Fn)( + IInternetProtocol* this_object, DWORD options); class ProtData; |