From 4afa819cc67f1161ec04b23e56b8283152a3b727 Mon Sep 17 00:00:00 2001
From: "alexeypa@chromium.org"
 <alexeypa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Thu, 17 May 2012 23:09:09 +0000
Subject: Making sure that base::MessagePumpForUI from different modules are
 isolated from each other.

This is a minimal version of the original fix that was reverted by https://src.chromium.org/viewvc/chrome?view=rev&revision=137542. This version does not contain any protection against shatter attacks.

BUG=124091


Review URL: https://chromiumcodereview.appspot.com/10407011

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@137765 0039d316-1c4b-4281-b951-d872f2087c98
---
 base/message_pump_win.cc | 12 ++++++------
 base/message_pump_win.h  |  3 +++
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/base/message_pump_win.cc b/base/message_pump_win.cc
index 9484b29..fc65d84 100644
--- a/base/message_pump_win.cc
+++ b/base/message_pump_win.cc
@@ -8,6 +8,7 @@
 
 #include "base/message_loop.h"
 #include "base/metrics/histogram.h"
+#include "base/process_util.h"
 #include "base/win/wrapped_window_proc.h"
 
 namespace base {
@@ -82,13 +83,13 @@ int MessagePumpWin::GetCurrentDelay() const {
 //-----------------------------------------------------------------------------
 // MessagePumpForUI public:
 
-MessagePumpForUI::MessagePumpForUI() {
+MessagePumpForUI::MessagePumpForUI() : instance_(NULL) {
   InitMessageWnd();
 }
 
 MessagePumpForUI::~MessagePumpForUI() {
   DestroyWindow(message_hwnd_);
-  UnregisterClass(kWndClass, GetModuleHandle(NULL));
+  UnregisterClass(kWndClass, instance_);
 }
 
 void MessagePumpForUI::ScheduleWork() {
@@ -230,17 +231,16 @@ void MessagePumpForUI::DoRunLoop() {
 }
 
 void MessagePumpForUI::InitMessageWnd() {
-  HINSTANCE hinst = GetModuleHandle(NULL);
-
   WNDCLASSEX wc = {0};
   wc.cbSize = sizeof(wc);
   wc.lpfnWndProc = base::win::WrappedWindowProc<WndProcThunk>;
-  wc.hInstance = hinst;
+  wc.hInstance = base::GetModuleFromAddress(wc.lpfnWndProc);
   wc.lpszClassName = kWndClass;
+  instance_ = wc.hInstance;
   RegisterClassEx(&wc);
 
   message_hwnd_ =
-      CreateWindow(kWndClass, 0, 0, 0, 0, 0, 0, HWND_MESSAGE, 0, hinst, 0);
+      CreateWindow(kWndClass, 0, 0, 0, 0, 0, 0, HWND_MESSAGE, 0, instance_, 0);
   DCHECK(message_hwnd_);
 }
 
diff --git a/base/message_pump_win.h b/base/message_pump_win.h
index f5a00f3..cf6bff9 100644
--- a/base/message_pump_win.h
+++ b/base/message_pump_win.h
@@ -154,6 +154,9 @@ class BASE_EXPORT MessagePumpForUI : public MessagePumpWin {
   bool ProcessMessageHelper(const MSG& msg);
   bool ProcessPumpReplacementMessage();
 
+  // Instance of the module containing the window procedure.
+  HMODULE instance_;
+
   // A hidden message-only window.
   HWND message_hwnd_;
 };
-- 
cgit v1.1