Kill bad apps.

extensions/browser/guest_view/app_view/app_view_guest.cc

Index: extensions/browser/guest_view/app_view/app_view_guest.cc
diff --git a/extensions/browser/guest_view/app_view/app_view_guest.cc b/extensions/browser/guest_view/app_view/app_view_guest.cc
index 108b9b3e2c0092de4954d070dff88d7ec48d277f..0b7bc1c4feb33c9bc2baaf9de1b2468404ee8fe6 100644
--- a/extensions/browser/guest_view/app_view/app_view_guest.cc
+++ b/extensions/browser/guest_view/app_view/app_view_guest.cc
@@ -6,11 +6,13 @@
 
 #include "base/command_line.h"
 #include "components/guest_view/browser/guest_view_manager.h"
-#include "content/public/browser/render_view_host.h"
+#include "content/public/browser/render_process_host.h"
+#include "content/public/browser/user_metrics.h"
 #include "content/public/common/renderer_preferences.h"
 #include "extensions/browser/api/app_runtime/app_runtime_api.h"
 #include "extensions/browser/api/extensions_api_client.h"
 #include "extensions/browser/app_window/app_delegate.h"
+#include "extensions/browser/bad_message.h"
 #include "extensions/browser/event_router.h"
 #include "extensions/browser/extension_host.h"
 #include "extensions/browser/extension_registry.h"
@@ -63,20 +65,30 @@ bool AppViewGuest::CompletePendingRequest(
     content::BrowserContext* browser_context,
     const GURL& url,
     int guest_instance_id,
-    const std::string& guest_extension_id) {
+    const std::string& guest_extension_id,
+    int guest_render_process_host_id) {

[Devlin, 2015/06/30 19:54:10]

It seems odd to pass this as an int, when all you're going to ever do is look it
up again.  Why not just pass in the RenderProcessHost*, and avoid type-safety
headaches?

[EhsanK, 2015/07/02 19:15:13]

Noted. Modified everything accordingly.

   PendingResponseMap* response_map = pending_response_map.Pointer();
   PendingResponseMap::iterator it = response_map->find(guest_instance_id);
+  // Kill the requesting process if it is not the real guest.
   if (it == response_map->end()) {
-    // TODO(fsamuel): An app is sending invalid responses. We should probably
-    // kill it.
+    // The requester used an invalid |guest_instance_id|.
+    bad_message::ReceivedBadMessage(
+        content::RenderProcessHost::FromID(guest_render_process_host_id),
+        bad_message::AVG_BAD_INST_ID);
     return false;
   }
 
   linked_ptr<ResponseInfo> response_info = it->second;
   if (!response_info->app_view_guest ||
       (response_info->guest_extension->id() != guest_extension_id)) {
-    // TODO(fsamuel): An app is trying to respond to an <appview> that didn't
-    // initiate communication with it. We should kill the app here.
+    // The app is trying to communicate with an <appview> not assigned to it, or
+    // the <appview> is already dead "nullptr".
+    bad_message::BadMessageReason reason = !response_info->app_view_guest
+                                               ? bad_message::AVG_NULL_AVG
+                                               : bad_message::AVG_BAD_EXT_ID;
+    bad_message::ReceivedBadMessage(
+        content::RenderProcessHost::FromID(guest_render_process_host_id),
+        reason);
     return false;
   }
 
@@ -270,4 +282,13 @@ void AppViewGuest::SetAppDelegateForTest(AppDelegate* delegate) {
   app_delegate_.reset(delegate);
 }
 
+std::vector<int> AppViewGuest::GetAllRegisteredInstanceIdsForTesting() {
+  std::vector<int> instances;
+  for (auto it = pending_response_map.Get().begin();
+       it != pending_response_map.Get().end(); ++it) {
+    instances.push_back(it->first);
+  }
+  return instances;
+}
+
 }  // namespace extensions