OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/render_frame_impl.h" | 5 #include "content/renderer/render_frame_impl.h" |
6 | 6 |
7 #include <map> | 7 #include <map> |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/auto_reset.h" | 10 #include "base/auto_reset.h" |
(...skipping 294 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
305 return ds->originalRequest().url(); | 305 return ds->originalRequest().url(); |
306 } | 306 } |
307 | 307 |
308 NOINLINE void CrashIntentionally() { | 308 NOINLINE void CrashIntentionally() { |
309 // NOTE(shess): Crash directly rather than using NOTREACHED() so | 309 // NOTE(shess): Crash directly rather than using NOTREACHED() so |
310 // that the signature is easier to triage in crash reports. | 310 // that the signature is easier to triage in crash reports. |
311 volatile int* zero = NULL; | 311 volatile int* zero = NULL; |
312 *zero = 0; | 312 *zero = 0; |
313 } | 313 } |
314 | 314 |
| 315 NOINLINE void BadCastCrashIntentionally() { |
| 316 class A { |
| 317 virtual void f() {} |
| 318 }; |
| 319 |
| 320 class B { |
| 321 virtual void f() {} |
| 322 }; |
| 323 |
| 324 A a; |
| 325 (void)(B*)&a; |
| 326 } |
| 327 |
315 #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) | 328 #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) |
316 NOINLINE void MaybeTriggerAsanError(const GURL& url) { | 329 NOINLINE void MaybeTriggerAsanError(const GURL& url) { |
317 // NOTE(rogerm): We intentionally perform an invalid heap access here in | 330 // NOTE(rogerm): We intentionally perform an invalid heap access here in |
318 // order to trigger an Address Sanitizer (ASAN) error report. | 331 // order to trigger an Address Sanitizer (ASAN) error report. |
319 const char kCrashDomain[] = "crash"; | 332 const char kCrashDomain[] = "crash"; |
320 const char kHeapOverflow[] = "/heap-overflow"; | 333 const char kHeapOverflow[] = "/heap-overflow"; |
321 const char kHeapUnderflow[] = "/heap-underflow"; | 334 const char kHeapUnderflow[] = "/heap-underflow"; |
322 const char kUseAfterFree[] = "/use-after-free"; | 335 const char kUseAfterFree[] = "/use-after-free"; |
323 #if defined(SYZYASAN) | 336 #if defined(SYZYASAN) |
324 const char kCorruptHeapBlock[] = "/corrupt-heap-block"; | 337 const char kCorruptHeapBlock[] = "/corrupt-heap-block"; |
(...skipping 19 matching lines...) Expand all Loading... |
344 } else if (crash_type == kCorruptHeap) { | 357 } else if (crash_type == kCorruptHeap) { |
345 base::debug::AsanCorruptHeap(); | 358 base::debug::AsanCorruptHeap(); |
346 #endif | 359 #endif |
347 } | 360 } |
348 } | 361 } |
349 #endif // ADDRESS_SANITIZER || SYZYASAN | 362 #endif // ADDRESS_SANITIZER || SYZYASAN |
350 | 363 |
351 void MaybeHandleDebugURL(const GURL& url) { | 364 void MaybeHandleDebugURL(const GURL& url) { |
352 if (!url.SchemeIs(kChromeUIScheme)) | 365 if (!url.SchemeIs(kChromeUIScheme)) |
353 return; | 366 return; |
354 if (url == GURL(kChromeUICrashURL)) { | 367 if (url == GURL(kChromeUIBadCastCrashURL)) { |
| 368 BadCastCrashIntentionally(); |
| 369 } else if (url == GURL(kChromeUICrashURL)) { |
355 CrashIntentionally(); | 370 CrashIntentionally(); |
356 } else if (url == GURL(kChromeUIDumpURL)) { | 371 } else if (url == GURL(kChromeUIDumpURL)) { |
357 // This URL will only correctly create a crash dump file if content is | 372 // This URL will only correctly create a crash dump file if content is |
358 // hosted in a process that has correctly called | 373 // hosted in a process that has correctly called |
359 // base::debug::SetDumpWithoutCrashingFunction. Refer to the documentation | 374 // base::debug::SetDumpWithoutCrashingFunction. Refer to the documentation |
360 // of base::debug::DumpWithoutCrashing for more details. | 375 // of base::debug::DumpWithoutCrashing for more details. |
361 base::debug::DumpWithoutCrashing(); | 376 base::debug::DumpWithoutCrashing(); |
362 } else if (url == GURL(kChromeUIKillURL)) { | 377 } else if (url == GURL(kChromeUIKillURL)) { |
363 base::Process::Current().Terminate(1, false); | 378 base::Process::Current().Terminate(1, false); |
364 } else if (url == GURL(kChromeUIHangURL)) { | 379 } else if (url == GURL(kChromeUIHangURL)) { |
(...skipping 4690 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5055 void RenderFrameImpl::RegisterMojoServices() { | 5070 void RenderFrameImpl::RegisterMojoServices() { |
5056 // Only main frame have ImageDownloader service. | 5071 // Only main frame have ImageDownloader service. |
5057 if (!frame_->parent()) { | 5072 if (!frame_->parent()) { |
5058 GetServiceRegistry()->AddService<image_downloader::ImageDownloader>( | 5073 GetServiceRegistry()->AddService<image_downloader::ImageDownloader>( |
5059 base::Bind(&ImageDownloaderImpl::CreateMojoService, | 5074 base::Bind(&ImageDownloaderImpl::CreateMojoService, |
5060 base::Unretained(this))); | 5075 base::Unretained(this))); |
5061 } | 5076 } |
5062 } | 5077 } |
5063 | 5078 |
5064 } // namespace content | 5079 } // namespace content |
OLD | NEW |