From 7323a70e6522dfd3747808027b5fe4688f978278 Mon Sep 17 00:00:00 2001 From: "gbillock@chromium.org" Date: Fri, 9 Sep 2011 19:10:39 +0000 Subject: Fix potential leak in WebUI. R=estade@chromium.org BUG=50056 TEST=WebUIBrowserTest.* Review URL: http://codereview.chromium.org/7782018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@100461 0039d316-1c4b-4281-b951-d872f2087c98 --- content/browser/webui/web_ui.cc | 10 ++++++++-- content/browser/webui/web_ui.h | 6 ++++-- 2 files changed, 12 insertions(+), 4 deletions(-) (limited to 'content') diff --git a/content/browser/webui/web_ui.cc b/content/browser/webui/web_ui.cc index 22b9fa1..58ae2ed 100644 --- a/content/browser/webui/web_ui.cc +++ b/content/browser/webui/web_ui.cc @@ -152,8 +152,14 @@ void WebUI::RegisterMessageCallback(const std::string &message, message_callbacks_.insert(std::make_pair(message, callback)); // Overwrite preexisting message callback mappings. - if (register_callback_overwrites() && !result.second) - result.first->second = callback; + if (!result.second) { + if (register_callback_overwrites()) { + delete result.first->second; + result.first->second = callback; + } else { + delete callback; + } + } } bool WebUI::IsLoading() const { diff --git a/content/browser/webui/web_ui.h b/content/browser/webui/web_ui.h index fef18ec..377df55 100644 --- a/content/browser/webui/web_ui.h +++ b/content/browser/webui/web_ui.h @@ -64,7 +64,9 @@ class WebUI : public IPC::Channel::Listener { // won't be run in that case. virtual void DidBecomeActiveForReusedRenderView() {} - // Used by WebUIMessageHandlers. + // Used by WebUIMessageHandlers. RegisterMessageCallback takes ownership of + // the passed callback. If the given message is already registered, the call + // has no effect unless |register_callback_overwrites_| is set to true. typedef Callback1::Type MessageCallback; void RegisterMessageCallback(const std::string& message, MessageCallback* callback); @@ -110,7 +112,7 @@ class WebUI : public IPC::Channel::Listener { return register_callback_overwrites_; } - void register_callback_overwrites(bool value) { + void set_register_callback_overwrites(bool value) { register_callback_overwrites_ = value; } -- cgit v1.1