diff options
Diffstat (limited to 'content/browser/security_exploit_browsertest.cc')
| -rw-r--r-- | content/browser/security_exploit_browsertest.cc | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/content/browser/security_exploit_browsertest.cc b/content/browser/security_exploit_browsertest.cc index 4bb84b1..dacc1e6 100644 --- a/content/browser/security_exploit_browsertest.cc +++ b/content/browser/security_exploit_browsertest.cc @@ -146,4 +146,23 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, // If the above operation doesn't cause a crash, the test has succeeded! } +// This is a test for crbug.com/312016. It tries to create two RenderWidgetHosts +// with the same process and routing ids, which causes a collision. It is almost +// identical to the AttemptDuplicateRenderViewHost test case. +IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, + AttemptDuplicateRenderWidgetHost) { + int duplicate_routing_id = MSG_ROUTING_NONE; + RenderViewHostImpl* pending_rvh = + PrepareToDuplicateHosts(shell(), &duplicate_routing_id); + EXPECT_NE(MSG_ROUTING_NONE, duplicate_routing_id); + + // Since this test executes on the UI thread and hopping threads might cause + // different timing in the test, let's simulate a CreateNewWidget call coming + // from the IO thread. Use the existing window routing id to cause a + // deliberate collision. + pending_rvh->CreateNewWidget(duplicate_routing_id, blink::WebPopupTypeSelect); + + // If the above operation doesn't crash, the test has succeeded! +} + } // namespace content |