Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(646)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/web_contents/web_contents_impl.cc

Issue 133123006: Validate vector lengths in ImageHostMsg_DidDownloadImage (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Kill the renderer on a bad message Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/web_contents/web_contents_impl.h" 5 #include "content/browser/web_contents/web_contents_impl.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/debug/trace_event.h" 10 #include "base/debug/trace_event.h"
(...skipping 2493 matching lines...) Expand 10 before | Expand all | Expand 10 after
2504 browser_plugin_embedder_.reset(BrowserPluginEmbedder::Create(this)); 2504 browser_plugin_embedder_.reset(BrowserPluginEmbedder::Create(this));
2505 browser_plugin_embedder_->OnMessageReceived(message); 2505 browser_plugin_embedder_->OnMessageReceived(message);
2506 } 2506 }
2507 2507
2508 void WebContentsImpl::OnDidDownloadImage( 2508 void WebContentsImpl::OnDidDownloadImage(
2509 int id, 2509 int id,
2510 int http_status_code, 2510 int http_status_code,
2511 const GURL& image_url, 2511 const GURL& image_url,
2512 const std::vector<SkBitmap>& bitmaps, 2512 const std::vector<SkBitmap>& bitmaps,
2513 const std::vector<gfx::Size>& original_bitmap_sizes) { 2513 const std::vector<gfx::Size>& original_bitmap_sizes) {
2514 if (bitmaps.size() != original_bitmap_sizes.size()) {
2515 GetRenderProcessHost()->ReceivedBadMessage();
2516 return;
2517 }
2518
2514 ImageDownloadMap::iterator iter = image_download_map_.find(id); 2519 ImageDownloadMap::iterator iter = image_download_map_.find(id);
2515 if (iter == image_download_map_.end()) { 2520 if (iter == image_download_map_.end()) {
2516 // Currently WebContents notifies us of ANY downloads so that it is 2521 // Currently WebContents notifies us of ANY downloads so that it is
2517 // possible to get here. 2522 // possible to get here.
2518 return; 2523 return;
2519 } 2524 }
2520 if (!iter->second.is_null()) { 2525 if (!iter->second.is_null()) {
2521 iter->second.Run( 2526 iter->second.Run(
2522 id, http_status_code, image_url, bitmaps, original_bitmap_sizes); 2527 id, http_status_code, image_url, bitmaps, original_bitmap_sizes);
2523 } 2528 }
(...skipping 1315 matching lines...) Expand 10 before | Expand all | Expand 10 after
3839 } 3844 }
3840 3845
3841 void WebContentsImpl::OnFrameRemoved( 3846 void WebContentsImpl::OnFrameRemoved(
3842 RenderViewHostImpl* render_view_host, 3847 RenderViewHostImpl* render_view_host,
3843 int64 frame_id) { 3848 int64 frame_id) {
3844 FOR_EACH_OBSERVER(WebContentsObserver, observers_, 3849 FOR_EACH_OBSERVER(WebContentsObserver, observers_,
3845 FrameDetached(render_view_host, frame_id)); 3850 FrameDetached(render_view_host, frame_id));
3846 } 3851 }
3847 3852
3848 } // namespace content 3853 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698