Give the main frame a RenderWidget.

content/browser/security_exploit_browsertest.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/command_line.h"
 #include "base/containers/hash_tables.h"
 #include "base/strings/utf_string_conversions.h"
 #include "content/browser/dom_storage/dom_storage_context_wrapper.h"
 #include "content/browser/dom_storage/session_storage_namespace_impl.h"
 #include "content/browser/frame_host/navigator.h"
@@ skipping 178 matching lines @@
   terminated.Wait();
 }
 
 // This is a test for crbug.com/312016 attempting to create duplicate
 // RenderViewHosts. SetupForDuplicateHosts sets up this test case and leaves
 // it in a state with pending RenderViewHost. Before the commit of the new
 // pending RenderViewHost, this test case creates a new window through the new
 // process.
 IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest,
                        AttemptDuplicateRenderViewHost) {
-  int duplicate_routing_id = MSG_ROUTING_NONE;
+  int32 duplicate_routing_id = MSG_ROUTING_NONE;
   RenderViewHostImpl* pending_rvh =
       PrepareToDuplicateHosts(shell(), &duplicate_routing_id);
   EXPECT_NE(MSG_ROUTING_NONE, duplicate_routing_id);
 
   // Since this test executes on the UI thread and hopping threads might cause
   // different timing in the test, let's simulate a CreateNewWindow call coming
   // from the IO thread.
   ViewHostMsg_CreateWindow_Params params;
   DOMStorageContextWrapper* dom_storage_context =
       static_cast<DOMStorageContextWrapper*>(
           BrowserContext::GetStoragePartition(
               shell()->web_contents()->GetBrowserContext(),
               pending_rvh->GetSiteInstance())->GetDOMStorageContext());
   scoped_refptr<SessionStorageNamespaceImpl> session_storage(
       new SessionStorageNamespaceImpl(dom_storage_context));
   // Cause a deliberate collision in routing ids.
-  int main_frame_routing_id = duplicate_routing_id + 1;
-  pending_rvh->CreateNewWindow(duplicate_routing_id,
-                               main_frame_routing_id,
-                               params,
+  int32 main_frame_routing_id = duplicate_routing_id + 1;
+  int32 main_frame_widget_routing_id = duplicate_routing_id + 2;
+  pending_rvh->CreateNewWindow(duplicate_routing_id, main_frame_routing_id,
+                               main_frame_widget_routing_id, params,
                                session_storage.get());
 
   // If the above operation doesn't cause a crash, the test has succeeded!
 }
 
 // This is a test for crbug.com/312016. It tries to create two RenderWidgetHosts
 // with the same process and routing ids, which causes a collision. It is almost
 // identical to the AttemptDuplicateRenderViewHost test case.
 IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest,
                        AttemptDuplicateRenderWidgetHost) {
@@ skipping 197 matching lines @@
         RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT);
     IPC::IpcSecurityTestUtil::PwnMessageReceived(
         web_rfh->GetProcess()->GetChannel(),
         ResourceHostMsg_RequestResource(web_rfh->GetRoutingID(), 1,
                                         invalid_scheme_origin_msg));
     web_process_killed.Wait();
   }
 }
 
 }  // namespace content