Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(149)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/appcache/appcache_host.cc

Issue 1418783005: Fix possible map::end() dereference in AppCacheUpdateJob triggered by a compromised renderer. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Move check to host, add unittest Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/appcache/appcache_host.h ('k') | content/browser/appcache/appcache_host_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/appcache/appcache_host.cc
diff --git a/content/browser/appcache/appcache_host.cc b/content/browser/appcache/appcache_host.cc
index dbdaf308fcd9e2bce39e8dd5f34fde2db899a865..9ec45f6174f13bf95478b28ee02029bccbb96cbd 100644
--- a/content/browser/appcache/appcache_host.cc
+++ b/content/browser/appcache/appcache_host.cc
@@ -80,18 +80,21 @@ void AppCacheHost::RemoveObserver(Observer* observer) {
observers_.RemoveObserver(observer);
}
-void AppCacheHost::SelectCache(const GURL& document_url,
+bool AppCacheHost::SelectCache(const GURL& document_url,
const int64 cache_document_was_loaded_from,
const GURL& manifest_url) {
+ if (was_select_cache_called_)
+ return false;
+
DCHECK(pending_start_update_callback_.is_null() &&
pending_swap_cache_callback_.is_null() &&
pending_get_status_callback_.is_null() &&
- !is_selection_pending() && !was_select_cache_called_);
+ !is_selection_pending());
was_select_cache_called_ = true;
if (!is_cache_selection_enabled_) {
FinishCacheSelection(NULL, NULL);
- return;
+ return true;
}
origin_in_use_ = document_url.GetOrigin();
@@ -111,7 +114,7 @@ void AppCacheHost::SelectCache(const GURL& document_url,
if (cache_document_was_loaded_from != kAppCacheNoCacheId) {
LoadSelectedCache(cache_document_was_loaded_from);
- return;
+ return true;
}
if (!manifest_url.is_empty() &&
@@ -132,7 +135,7 @@ void AppCacheHost::SelectCache(const GURL& document_url,
0,
false /*is_cross_origin*/));
frontend_->OnContentBlocked(host_id_, manifest_url);
- return;
+ return true;
}
// Note: The client detects if the document was not loaded using HTTP GET
@@ -141,49 +144,62 @@ void AppCacheHost::SelectCache(const GURL& document_url,
set_preferred_manifest_url(manifest_url);
new_master_entry_url_ = document_url;
LoadOrCreateGroup(manifest_url);
- return;
+ return true;
}
// TODO(michaeln): If there was a manifest URL, the user agent may report
// to the user that it was ignored, to aid in application development.
FinishCacheSelection(NULL, NULL);
+ return true;
}
-void AppCacheHost::SelectCacheForWorker(int parent_process_id,
+bool AppCacheHost::SelectCacheForWorker(int parent_process_id,
int parent_host_id) {
+ if (was_select_cache_called_)
+ return false;
+
DCHECK(pending_start_update_callback_.is_null() &&
pending_swap_cache_callback_.is_null() &&
pending_get_status_callback_.is_null() &&
- !is_selection_pending() && !was_select_cache_called_);
+ !is_selection_pending());
was_select_cache_called_ = true;
parent_process_id_ = parent_process_id;
parent_host_id_ = parent_host_id;
FinishCacheSelection(NULL, NULL);
+ return true;
}
-void AppCacheHost::SelectCacheForSharedWorker(int64 appcache_id) {
+bool AppCacheHost::SelectCacheForSharedWorker(int64 appcache_id) {
+ if (was_select_cache_called_)
+ return false;
+
DCHECK(pending_start_update_callback_.is_null() &&
pending_swap_cache_callback_.is_null() &&
pending_get_status_callback_.is_null() &&
- !is_selection_pending() && !was_select_cache_called_);
+ !is_selection_pending());
was_select_cache_called_ = true;
if (appcache_id != kAppCacheNoCacheId) {
LoadSelectedCache(appcache_id);
- return;
+ return true;
}
FinishCacheSelection(NULL, NULL);
+ return true;
}
// TODO(michaeln): change method name to MarkEntryAsForeign for consistency
-void AppCacheHost::MarkAsForeignEntry(const GURL& document_url,
+bool AppCacheHost::MarkAsForeignEntry(const GURL& document_url,
int64 cache_document_was_loaded_from) {
+ if (was_select_cache_called_)
+ return false;
+
// The document url is not the resource url in the fallback case.
storage()->MarkEntryAsForeign(
main_resource_was_namespace_entry_ ? namespace_entry_url_ : document_url,
cache_document_was_loaded_from);
SelectCache(document_url, kAppCacheNoCacheId, GURL());
+ return true;
}
void AppCacheHost::GetStatusWithCallback(const GetStatusCallback& callback,
« no previous file with comments | « content/browser/appcache/appcache_host.h ('k') | content/browser/appcache/appcache_host_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698