Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/appcache/appcache_backend_impl.cc

Issue 1418783005: Fix possible map::end() dereference in AppCacheUpdateJob triggered by a compromised renderer. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Move check to host, add unittest Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | content/browser/appcache/appcache_host.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/appcache/appcache_backend_impl.h" 5 #include "content/browser/appcache/appcache_backend_impl.h"
6 6
7 #include "base/stl_util.h" 7 #include "base/stl_util.h"
8 #include "content/browser/appcache/appcache.h" 8 #include "content/browser/appcache/appcache.h"
9 #include "content/browser/appcache/appcache_group.h" 9 #include "content/browser/appcache/appcache_group.h"
10 #include "content/browser/appcache/appcache_service_impl.h" 10 #include "content/browser/appcache/appcache_service_impl.h"
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
61 host->SetSpawningHostId(process_id_, spawning_host_id); 61 host->SetSpawningHostId(process_id_, spawning_host_id);
62 return true; 62 return true;
63 } 63 }
64 64
65 bool AppCacheBackendImpl::SelectCache( 65 bool AppCacheBackendImpl::SelectCache(
66 int host_id, 66 int host_id,
67 const GURL& document_url, 67 const GURL& document_url,
68 const int64 cache_document_was_loaded_from, 68 const int64 cache_document_was_loaded_from,
69 const GURL& manifest_url) { 69 const GURL& manifest_url) {
70 AppCacheHost* host = GetHost(host_id); 70 AppCacheHost* host = GetHost(host_id);
71 if (!host || host->was_select_cache_called()) 71 if (!host)
72 return false; 72 return false;
73 73
74 host->SelectCache(document_url, cache_document_was_loaded_from, 74 return host->SelectCache(document_url, cache_document_was_loaded_from,
75 manifest_url); 75 manifest_url);
76 return true;
77 } 76 }
78 77
79 bool AppCacheBackendImpl::SelectCacheForWorker( 78 bool AppCacheBackendImpl::SelectCacheForWorker(
80 int host_id, int parent_process_id, int parent_host_id) { 79 int host_id, int parent_process_id, int parent_host_id) {
81 AppCacheHost* host = GetHost(host_id); 80 AppCacheHost* host = GetHost(host_id);
82 if (!host || host->was_select_cache_called()) 81 if (!host)
83 return false; 82 return false;
84 83
85 host->SelectCacheForWorker(parent_process_id, parent_host_id); 84 return host->SelectCacheForWorker(parent_process_id, parent_host_id);
86 return true;
87 } 85 }
88 86
89 bool AppCacheBackendImpl::SelectCacheForSharedWorker( 87 bool AppCacheBackendImpl::SelectCacheForSharedWorker(
90 int host_id, int64 appcache_id) { 88 int host_id, int64 appcache_id) {
91 AppCacheHost* host = GetHost(host_id); 89 AppCacheHost* host = GetHost(host_id);
92 if (!host || host->was_select_cache_called()) 90 if (!host)
93 return false; 91 return false;
94 92
95 host->SelectCacheForSharedWorker(appcache_id); 93 return host->SelectCacheForSharedWorker(appcache_id);
96 return true;
97 } 94 }
98 95
99 bool AppCacheBackendImpl::MarkAsForeignEntry( 96 bool AppCacheBackendImpl::MarkAsForeignEntry(
100 int host_id, 97 int host_id,
101 const GURL& document_url, 98 const GURL& document_url,
102 int64 cache_document_was_loaded_from) { 99 int64 cache_document_was_loaded_from) {
103 AppCacheHost* host = GetHost(host_id); 100 AppCacheHost* host = GetHost(host_id);
104 if (!host) 101 if (!host)
105 return false; 102 return false;
106 103
107 host->MarkAsForeignEntry(document_url, cache_document_was_loaded_from); 104 return host->MarkAsForeignEntry(document_url, cache_document_was_loaded_from);
108 return true;
109 } 105 }
110 106
111 bool AppCacheBackendImpl::GetStatusWithCallback( 107 bool AppCacheBackendImpl::GetStatusWithCallback(
112 int host_id, const GetStatusCallback& callback, void* callback_param) { 108 int host_id, const GetStatusCallback& callback, void* callback_param) {
113 AppCacheHost* host = GetHost(host_id); 109 AppCacheHost* host = GetHost(host_id);
114 if (!host) 110 if (!host)
115 return false; 111 return false;
116 112
117 host->GetStatusWithCallback(callback, callback_param); 113 host->GetStatusWithCallback(callback, callback_param);
118 return true; 114 return true;
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after
173 } 169 }
174 170
175 delete found->second; 171 delete found->second;
176 172
177 // We take onwership. 173 // We take onwership.
178 host->CompleteTransfer(new_host_id, frontend_); 174 host->CompleteTransfer(new_host_id, frontend_);
179 found->second = host.release(); 175 found->second = host.release();
180 } 176 }
181 177
182 } // namespace content 178 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | content/browser/appcache/appcache_host.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698