avoid dereferencing NULL extension in ExtensionHost

chrome/browser/extensions/extension_host.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/extension_host.h"
 
 #include <list>
 
 #include "base/memory/singleton.h"
 #include "base/message_loop.h"
 #include "base/metrics/histogram.h"
 #include "base/string_util.h"
 #include "chrome/browser/browser_shutdown.h"
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/extensions/extension_tabs_module.h"
 #include "chrome/browser/file_select_helper.h"
 #include "chrome/browser/platform_util.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/renderer_preferences_util.h"
 #include "chrome/browser/tab_contents/popup_menu_helper_mac.h"
 #include "chrome/browser/tabs/tab_strip_model.h"
 #include "chrome/browser/ui/app_modal_dialogs/message_box_handler.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_list.h"
 #include "chrome/browser/ui/browser_window.h"
 #include "chrome/browser/ui/tab_contents/tab_contents_wrapper.h"
 #include "chrome/browser/ui/webui/chrome_web_ui_factory.h"
 #include "chrome/common/chrome_constants.h"
-#include "chrome/common/extensions/extension.h"
 #include "chrome/common/extensions/extension_constants.h"
 #include "chrome/common/render_messages.h"
 #include "chrome/common/url_constants.h"
 #include "chrome/common/view_types.h"
 #include "content/browser/browsing_instance.h"
 #include "content/browser/renderer_host/browser_render_process_host.h"
 #include "content/browser/renderer_host/render_process_host.h"
 #include "content/browser/renderer_host/render_view_host.h"
 #include "content/browser/renderer_host/render_widget_host.h"
 #include "content/browser/renderer_host/render_widget_host_view.h"
@@ skipping 79 matching lines @@
 };
 
 ////////////////
 // ExtensionHost
 
 ExtensionHost::ExtensionHost(const Extension* extension,
                              SiteInstance* site_instance,
                              const GURL& url,
                              ViewType::Type host_type)
     : extension_(extension),
+      id_(extension->id()),
       profile_(site_instance->browsing_instance()->profile()),
       did_stop_loading_(false),
       document_element_available_(false),
       url_(url),
       extension_host_type_(host_type),
       associated_tab_contents_(NULL),
       suppress_javascript_messages_(false) {
   render_view_host_ = new RenderViewHost(site_instance, this, MSG_ROUTING_NONE,
                                          NULL);
   render_view_host_->set_is_extension_process(true);
@@ skipping 88 matching lines @@
 }
 
 gfx::NativeView ExtensionHost::GetNativeViewOfHost() {
   return view() ? view()->native_view() : NULL;
 }
 
 void ExtensionHost::NavigateToURL(const GURL& url) {
   // Prevent explicit navigation to another extension id's pages.
   // This method is only called by some APIs, so we still need to protect
   // DidNavigate below (location = "").
-  if (url.SchemeIs(chrome::kExtensionScheme) &&
-      url.host() != extension_->id()) {
+  if (url.SchemeIs(chrome::kExtensionScheme) && url.host() != id()) {
     // TODO(erikkay) communicate this back to the caller?
     return;
   }
 
   url_ = url;
 
   if (!is_background_page() &&
       !profile_->GetExtensionService()->IsBackgroundPageReady(extension_)) {
     // Make sure the background page loads before any others.
     registrar_.Add(this, NotificationType::EXTENSION_BACKGROUND_PAGE_READY,
                    Source<Extension>(extension_));
     return;
   }
 
   render_view_host_->NavigateToURL(url_);
 }
 
 void ExtensionHost::Observe(NotificationType type,
                             const NotificationSource& source,
                             const NotificationDetails& details) {
   switch (type.value) {
     case NotificationType::EXTENSION_BACKGROUND_PAGE_READY:
       DCHECK(profile_->GetExtensionService()->
-           IsBackgroundPageReady(extension_));
+          IsBackgroundPageReady(extension_));
       NavigateToURL(url_);
       break;
     case NotificationType::RENDERER_PROCESS_CREATED:
       NotificationService::current()->Notify(
           NotificationType::EXTENSION_PROCESS_CREATED,
           Source<Profile>(profile_),
           Details<ExtensionHost>(this));
       break;
     case NotificationType::EXTENSION_UNLOADED:
       // The extension object will be deleted after this notification has been
@@ skipping 62 matching lines @@
 
   // This catches two bogus use cases:
   // (1) URLs that look like chrome-extension://somethingbogus or
   //     chrome-extension://nosuchid/, in other words, no Extension would
   //     be found.
   // (2) URLs that refer to a different extension than this one.
   // In both cases, we preserve the old URL and reset the EFD to NULL.  This
   // will leave the host in kind of a bad state with poor UI and errors, but
   // it's better than the alternative.
   // TODO(erikkay) Perhaps we should display errors in developer mode.
-  if (params.url.host() != extension_->id()) {
+  if (params.url.host() != id()) {
     extension_function_dispatcher_.reset(NULL);
     return;
   }
 
   url_ = params.url;
   extension_function_dispatcher_.reset(
       ExtensionFunctionDispatcher::Create(render_view_host_, this, url_));
 }
 
 void ExtensionHost::InsertInfobarCSS() {
@@ skipping 471 matching lines @@
   return window_id;
 }
 
 void ExtensionHost::OnRunFileChooser(
     const ViewHostMsg_RunFileChooser_Params& params) {
   if (file_select_helper_.get() == NULL)
     file_select_helper_.reset(new FileSelectHelper(profile()));
   file_select_helper_->RunFileChooser(render_view_host_,
                                       associated_tab_contents(), params);
 }