[WebSocket] Fix a crash caused by a pending empty frame.

This CL fixes the process that sends pending frames when a WebSocketChannel receives quota from the renderer process. The IOBuffer data of a frame can be null, but the implementation didn't take account of that. BUG=364788 R=ricea@chromium.org Review URL: https://codereview.chromium.org/258833005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@266513 0039d316-1c4b-4281-b951-d872f2087c98
author: yhirano@chromium.org <yhirano@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2014-04-28 12:10:46 +0000
committer: yhirano@chromium.org <yhirano@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2014-04-28 12:10:46 +0000
commit: 82cc04b29fc2e9d7a1a9daa3d1af2f429c029854 (patch)
tree: 7b2f94ea7cb9f24cd1d874a9d66251bb35091a0d /net/websockets
parent: 2b19d41b478d7c81d3f28c578ddd1ea53ff82e84 (diff)
download: chromium_src-82cc04b29fc2e9d7a1a9daa3d1af2f429c029854.zip
chromium_src-82cc04b29fc2e9d7a1a9daa3d1af2f429c029854.tar.gz
chromium_src-82cc04b29fc2e9d7a1a9daa3d1af2f429c029854.tar.bz2
2 files changed, 4 insertions, 2 deletions
diff --git a/net/websockets/websocket_channel.cc b/net/websockets/websocket_channel.cc
index 652142b..47114f8 100644
--- a/net/websockets/websocket_channel.cc
+++ b/net/websockets/websocket_channel.cc
@@ -421,7 +421,9 @@ void WebSocketChannel::SendFlowControl(int64 quota) {
     const size_t bytes_to_send =
         std::min(base::checked_cast<size_t>(quota), data_size);
     const bool final = front.final() && data_size == bytes_to_send;
-    const char* data = front.data()->data() + front.offset();
+    const char* data = front.data() ?
+        front.data()->data() + front.offset() : NULL;
+    DCHECK(!bytes_to_send || data) << "Non empty data should not be null.";
     const std::vector<char> data_vector(data, data + bytes_to_send);
     DVLOG(3) << "Sending frame previously split due to quota to the "
              << "renderer: quota=" << quota << " data_size=" << data_size
diff --git a/net/websockets/websocket_channel_test.cc b/net/websockets/websocket_channel_test.cc
index 82078cb..464c30e 100644
--- a/net/websockets/websocket_channel_test.cc
+++ b/net/websockets/websocket_channel_test.cc
@@ -2406,7 +2406,7 @@ TEST_F(WebSocketChannelFlowControlTest, EmptyMessageNoQuota) {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText,
        NOT_MASKED,  "FIRST MESSAGE"},
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText,
-       NOT_MASKED,  ""},
+       NOT_MASKED,  NULL},
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText,
        NOT_MASKED,  "THIRD MESSAGE"}};
   stream->PrepareReadFrames(ReadableFakeWebSocketStream::SYNC, OK, frames);
author	yhirano@chromium.org <yhirano@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2014-04-28 12:10:46 +0000
committer	yhirano@chromium.org <yhirano@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2014-04-28 12:10:46 +0000
commit	82cc04b29fc2e9d7a1a9daa3d1af2f429c029854 (patch)
tree	7b2f94ea7cb9f24cd1d874a9d66251bb35091a0d /net/websockets
parent	2b19d41b478d7c81d3f28c578ddd1ea53ff82e84 (diff)
download	chromium_src-82cc04b29fc2e9d7a1a9daa3d1af2f429c029854.zip chromium_src-82cc04b29fc2e9d7a1a9daa3d1af2f429c029854.tar.gz chromium_src-82cc04b29fc2e9d7a1a9daa3d1af2f429c029854.tar.bz2