DescriptionMerge 185956
> Fix a crash seen in ChromeFrame when opening a non CF top level tab from a CF page.
>
> This was a regression caused by the fix for bug http://code.google.com/p/chromium/issues/detail?id=168308
> which was to not invalidate the protocol sink mapping for CF pages which are switched in from IE.
>
> The crash in this case occurs because the protocol sink mapping is removed in the call to IInternetProtocol::Terminate
> as this is treated as a ChromeFrame request. This is only a temporary CF url which eventually transitions to
> the actual URL which is opened in IE. For the curious we intercept IInternetProtocol::LockRequest and for
> the special gcf://attach_external_tab requests we addref the protocol data and return without calling the original
> LockRequest API. When UnlockRequest is invoked we rely on the protocol data mapping to exist to release the
> protocol data and return without calling the original UnlockRequest API.
>
> In this case the sequence is IInternetProtocol::LockRequest, IInternetProtocolRoot::Terminate followed by
> IInternetProtocol::UnlockRequest. In our terminate handler we remove the protocol data mapping for the attach tab
> request. When UnlockRequest is called we call the original API and end up crashing.
>
> Fix is to not invalidate the protocol data mapping for attach tab requests.
>
> A test for this is in the works by robertshield.
>
> BUG=178415
> R=robertshield
> Review URL: https://chromiumcodereview.appspot.com/12395021
TBR=ananta@chromium.org
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=186289
Patch Set 1 #
Messages
Total messages: 2 (0 generated)
|