Double-check safe-browsing database validity on update failure.

chrome/browser/safe_browsing/safe_browsing_database.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/safe_browsing/safe_browsing_database.h"
 
 #include <algorithm>
 #include <iterator>
 
 #include "base/bind.h"
@@ skipping 1083 matching lines @@
                       download_whitelist_listnames, lists);
   }
 
   corruption_detected_ = false;
   change_detected_ = false;
   return true;
 }
 
 void SafeBrowsingDatabaseNew::UpdateFinished(bool update_succeeded) {
   DCHECK_EQ(creation_loop_, MessageLoop::current());
+
+  // The update may have failed due to corrupt storage (for instance,
+  // an excessive number of invalid add_chunks and sub_chunks).
+  // Double-check that the databases are valid.
+  // TODO(shess): Providing a checksum for the add_chunk and sub_chunk
+  // sections would allow throwing a corruption error in
+  // UpdateStarted().
+  if (!update_succeeded) {
+    if (!browse_store_->CheckValidity())
+      DLOG(ERROR) << "Safe-browsing browse database corrupt.";
+
+    if (download_store_.get() && !download_store_->CheckValidity())
+      DLOG(ERROR) << "Safe-browsing download database corrupt.";
+
+    if (csd_whitelist_store_.get() && !csd_whitelist_store_->CheckValidity())
+      DLOG(ERROR) << "Safe-browsing csd whitelist database corrupt.";
+
+    if (download_whitelist_store_.get() &&
+        !download_whitelist_store_->CheckValidity()) {
+      DLOG(ERROR) << "Safe-browsing download whitelist database corrupt.";
+    }
+  }
+
   if (corruption_detected_)
     return;
 
   // Unroll the transaction if there was a protocol error or if the
   // transaction was empty.  This will leave the bloom filter, the
   // pending hashes, and the prefix miss cache in place.
   if (!update_succeeded || !change_detected_) {
     // Track empty updates to answer questions at http://crbug.com/72216 .
     if (update_succeeded && !change_detected_)
       UMA_HISTOGRAM_COUNTS("SB2.DatabaseUpdateKilobytes", 0);
@@ skipping 204 matching lines @@
     MessageLoop::current()->PostTask(FROM_HERE,
         base::Bind(&SafeBrowsingDatabaseNew::OnHandleCorruptDatabase,
                    reset_factory_.GetWeakPtr()));
   }
 }
 
 void SafeBrowsingDatabaseNew::OnHandleCorruptDatabase() {
   RecordFailure(FAILURE_DATABASE_CORRUPT_HANDLER);
   corruption_detected_ = true;  // Stop updating the database.
   ResetDatabase();
-  DCHECK(false) << "SafeBrowsing database was corrupt and reset";
+  DLOG(FATAL) << "SafeBrowsing database was corrupt and reset";
 }
 
 // TODO(shess): I'm not clear why this code doesn't have any
 // real error-handling.
 void SafeBrowsingDatabaseNew::LoadBloomFilter() {
   DCHECK_EQ(creation_loop_, MessageLoop::current());
   DCHECK(!bloom_filter_filename_.empty());
 
   // If we're missing either of the database or filter files, we wait until the
   // next update to generate a new filter.
@@ skipping 99 matching lines @@
   if (std::binary_search(new_whitelist.begin(), new_whitelist.end(),
                          kill_switch)) {
     // The kill switch is whitelisted hence we whitelist all URLs.
     WhitelistEverything(whitelist);
   } else {
     base::AutoLock locked(lookup_lock_);
     whitelist->second = false;
     whitelist->first.swap(new_whitelist);
   }
 }