Chromium Code Reviews Chromium Code Reviews
Issue 298913003:
Do not allow GuestViewManager to (re)use an instance ID that was already removed. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/guest_view/guest_view_manager.h" | 5 #include "chrome/browser/guest_view/guest_view_manager.h" |
| 6 | 6 |
| 7 #include "base/strings/stringprintf.h" | 7 #include "base/strings/stringprintf.h" |
| 8 #include "chrome/browser/extensions/extension_service.h" | 8 #include "chrome/browser/extensions/extension_service.h" |
| 9 #include "chrome/browser/guest_view/guest_view_base.h" | 9 #include "chrome/browser/guest_view/guest_view_base.h" |
| 10 #include "chrome/browser/guest_view/guest_view_constants.h" | 10 #include "chrome/browser/guest_view/guest_view_constants.h" |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 53 | 53 |
| 54 virtual void WebContentsDestroyed() OVERRIDE { | 54 virtual void WebContentsDestroyed() OVERRIDE { |
| 55 delete this; | 55 delete this; |
| 56 } | 56 } |
| 57 | 57 |
| 58 private: | 58 private: |
| 59 DISALLOW_COPY_AND_ASSIGN(GuestWebContentsObserver); | 59 DISALLOW_COPY_AND_ASSIGN(GuestWebContentsObserver); |
| 60 }; | 60 }; |
| 61 | 61 |
| 62 GuestViewManager::GuestViewManager(content::BrowserContext* context) | 62 GuestViewManager::GuestViewManager(content::BrowserContext* context) |
| 63 : current_instance_id_(0), | 63 : current_instance_id_(0), last_instance_id_removed_(0), context_(context) { |
| 64 context_(context) {} | 64 } |
| 65 | 65 |
| 66 GuestViewManager::~GuestViewManager() {} | 66 GuestViewManager::~GuestViewManager() {} |
| 67 | 67 |
| 68 // static. | 68 // static. |
| 69 GuestViewManager* GuestViewManager::FromBrowserContext( | 69 GuestViewManager* GuestViewManager::FromBrowserContext( |
| 70 BrowserContext* context) { | 70 BrowserContext* context) { |
| 71 GuestViewManager* guest_manager = | 71 GuestViewManager* guest_manager = |
| 72 static_cast<GuestViewManager*>(context->GetUserData( | 72 static_cast<GuestViewManager*>(context->GetUserData( |
| 73 guestview::kGuestViewManagerKeyName)); | 73 guestview::kGuestViewManagerKeyName)); |
| 74 if (!guest_manager) { | 74 if (!guest_manager) { |
| (...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 183 continue; | 183 continue; |
| 184 | 184 |
| 185 if (callback.Run(guest)) | 185 if (callback.Run(guest)) |
| 186 return true; | 186 return true; |
| 187 } | 187 } |
| 188 return false; | 188 return false; |
| 189 } | 189 } |
| 190 | 190 |
| 191 void GuestViewManager::AddGuest(int guest_instance_id, | 191 void GuestViewManager::AddGuest(int guest_instance_id, |
| 192 WebContents* guest_web_contents) { | 192 WebContents* guest_web_contents) { |
| 193 DCHECK(guest_web_contents_by_instance_id_.find(guest_instance_id) == | 193 CHECK(!ContainsKey(guest_web_contents_by_instance_id_, guest_instance_id)); |
| 194 guest_web_contents_by_instance_id_.end()); | 194 CHECK(CanUseGuestInstanceID(guest_instance_id)); |
| 195 guest_web_contents_by_instance_id_[guest_instance_id] = guest_web_contents; | 195 guest_web_contents_by_instance_id_[guest_instance_id] = guest_web_contents; |
| 196 // This will add the RenderProcessHost ID when we get one. | 196 // This will add the RenderProcessHost ID when we get one. |
| 197 new GuestWebContentsObserver(guest_web_contents); | 197 new GuestWebContentsObserver(guest_web_contents); |
| 198 } | 198 } |
| 199 | 199 |
| 200 void GuestViewManager::RemoveGuest(int guest_instance_id) { | 200 void GuestViewManager::RemoveGuest(int guest_instance_id) { |
| 201 GuestInstanceMap::iterator it = | 201 GuestInstanceMap::iterator it = |
| 202 guest_web_contents_by_instance_id_.find(guest_instance_id); | 202 guest_web_contents_by_instance_id_.find(guest_instance_id); |
| 203 DCHECK(it != guest_web_contents_by_instance_id_.end()); | 203 DCHECK(it != guest_web_contents_by_instance_id_.end()); |
| 204 render_process_host_id_multiset_.erase( | 204 render_process_host_id_multiset_.erase( |
| 205 it->second->GetRenderProcessHost()->GetID()); | 205 it->second->GetRenderProcessHost()->GetID()); |
| 206 guest_web_contents_by_instance_id_.erase(it); | 206 guest_web_contents_by_instance_id_.erase(it); |
| 207 | |
| 208 // All the instance IDs that lie within [0, last_instance_id_removed_] | |
| 209 // are invalid. | |
| 210 // The remaining sparse invalid ids are kept in |removed_instance_ids_| set. | |
| 211 // The following code compacts the set by incrementing | |
| 212 // |last_instance_id_removed_|. | |
| 213 if (guest_instance_id == last_instance_id_removed_ + 1) { | |
| 214 ++last_instance_id_removed_; | |
| 215 // Compact. | |
| 216 std::set<int>::iterator iter = removed_instance_ids_.begin(); | |
| 217 while (iter != removed_instance_ids_.end()) { | |
| 218 int instance_id = *iter; | |
| 219 if (instance_id != last_instance_id_removed_ + 1) | |
|
Fady Samuel
2014/05/22 19:11:00
Add a DCHECK and comment how instance_id > last_in
lazyboy
2014/05/22 21:14:25
Done.
| |
| 220 break; | |
| 221 ++last_instance_id_removed_; | |
| 222 removed_instance_ids_.erase(iter++); | |
| 223 } | |
| 224 } else { | |
| 225 removed_instance_ids_.insert(guest_instance_id); | |
| 226 } | |
| 207 } | 227 } |
| 208 | 228 |
| 209 void GuestViewManager::AddRenderProcessHostID(int render_process_host_id) { | 229 void GuestViewManager::AddRenderProcessHostID(int render_process_host_id) { |
| 210 render_process_host_id_multiset_.insert(render_process_host_id); | 230 render_process_host_id_multiset_.insert(render_process_host_id); |
| 211 } | 231 } |
| 212 | 232 |
| 213 content::WebContents* GuestViewManager::GetGuestByInstanceID( | 233 content::WebContents* GuestViewManager::GetGuestByInstanceID( |
| 214 int guest_instance_id, | 234 int guest_instance_id, |
| 215 int embedder_render_process_id) { | 235 int embedder_render_process_id) { |
| 216 GuestInstanceMap::const_iterator it = | 236 GuestInstanceMap::const_iterator it = |
| (...skipping 13 matching lines...) Expand all Loading... | |
| 230 base::UserMetricsAction("BadMessageTerminate_BPGM")); | 250 base::UserMetricsAction("BadMessageTerminate_BPGM")); |
| 231 base::KillProcess( | 251 base::KillProcess( |
| 232 content::RenderProcessHost::FromID(embedder_render_process_id)-> | 252 content::RenderProcessHost::FromID(embedder_render_process_id)-> |
| 233 GetHandle(), | 253 GetHandle(), |
| 234 content::RESULT_CODE_KILLED_BAD_MESSAGE, false); | 254 content::RESULT_CODE_KILLED_BAD_MESSAGE, false); |
| 235 return false; | 255 return false; |
| 236 } | 256 } |
| 237 return true; | 257 return true; |
| 238 } | 258 } |
| 239 | 259 |
| 260 bool GuestViewManager::CanUseGuestInstanceID(int guest_instance_id) { | |
| 261 if (guest_instance_id <= last_instance_id_removed_) | |
| 262 return false; | |
| 263 return !ContainsKey(removed_instance_ids_, guest_instance_id); | |
| 264 } | |
| 265 | |
| 240 bool GuestViewManager::CanEmbedderAccessInstanceID( | 266 bool GuestViewManager::CanEmbedderAccessInstanceID( |
| 241 int embedder_render_process_id, | 267 int embedder_render_process_id, |
| 242 int guest_instance_id) { | 268 int guest_instance_id) { |
| 243 // The embedder is trying to access a guest with a negative or zero | 269 // The embedder is trying to access a guest with a negative or zero |
| 244 // instance ID. | 270 // instance ID. |
| 245 if (guest_instance_id <= guestview::kInstanceIDNone) | 271 if (guest_instance_id <= guestview::kInstanceIDNone) |
| 246 return false; | 272 return false; |
| 247 | 273 |
| 248 // The embedder is trying to access an instance ID that has not yet been | 274 // The embedder is trying to access an instance ID that has not yet been |
| 249 // allocated by GuestViewManager. This could cause instance ID | 275 // allocated by GuestViewManager. This could cause instance ID |
| (...skipping 23 matching lines...) Expand all Loading... | |
| 273 return false; | 299 return false; |
| 274 | 300 |
| 275 return embedder_render_process_id == | 301 return embedder_render_process_id == |
| 276 guest->GetOpener()->embedder_web_contents()->GetRenderProcessHost()-> | 302 guest->GetOpener()->embedder_web_contents()->GetRenderProcessHost()-> |
| 277 GetID(); | 303 GetID(); |
| 278 } | 304 } |
| 279 | 305 |
| 280 return embedder_render_process_id == | 306 return embedder_render_process_id == |
| 281 guest->embedder_web_contents()->GetRenderProcessHost()->GetID(); | 307 guest->embedder_web_contents()->GetRenderProcessHost()->GetID(); |
| 282 } | 308 } |
| OLD | NEW |
