Fixes for Safe Browsing with unrelated pending navigations.

chrome/browser/safe_browsing/client_side_detection_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/safe_browsing/client_side_detection_host.h"
 
 #include <vector>
 
 #include "base/logging.h"
 #include "base/memory/ref_counted.h"
@@ skipping 387 matching lines @@
       base::Bind(&ClientSideDetectionHost::OnPhishingPreClassificationDone,
                  weak_factory_.GetWeakPtr()),
       base::Bind(&ClientSideDetectionHost::OnMalwarePreClassificationDone,
                  weak_factory_.GetWeakPtr()),
       web_contents(), csd_service_, database_manager_.get(), this);
   classification_request_->Start();
 }
 
 void ClientSideDetectionHost::OnSafeBrowsingHit(
     const SafeBrowsingUIManager::UnsafeResource& resource) {
-  if (!web_contents() || !web_contents()->GetController().GetActiveEntry())
+  if (!web_contents())
     return;
 
   // Check that the hit is either malware or phishing.
   if (resource.threat_type != SB_THREAT_TYPE_URL_PHISHING &&
       resource.threat_type != SB_THREAT_TYPE_URL_MALWARE)
     return;
 
   // Check that this notification is really for us.
   content::RenderViewHost* hit_rvh = content::RenderViewHost::FromID(
       resource.render_process_host_id, resource.render_view_id);
   if (!hit_rvh ||
       web_contents() != content::WebContents::FromRenderViewHost(hit_rvh))
     return;
 
+  NavigationEntry *entry = resource.GetNavigationEntryForResource();
+  if (!entry)
+    return;
+
   // Store the unique page ID for later.
-  unsafe_unique_page_id_ =
-      web_contents()->GetController().GetActiveEntry()->GetUniqueID();
+  unsafe_unique_page_id_ = entry->GetUniqueID();
 
   // We also keep the resource around in order to be able to send the
   // malicious URL to the server.
   unsafe_resource_.reset(new SafeBrowsingUIManager::UnsafeResource(resource));
   unsafe_resource_->callback.Reset();  // Don't do anything stupid.
 }
 
 scoped_refptr<SafeBrowsingDatabaseManager>
 ClientSideDetectionHost::database_manager() {
   return database_manager_;
@@ skipping 230 matching lines @@
                    details.method,
                    details.referrer,
                    details.resource_type);
   }
 }
 
 bool ClientSideDetectionHost::DidShowSBInterstitial() const {
   if (unsafe_unique_page_id_ <= 0 || !web_contents()) {
     return false;
   }
+  // DidShowSBInterstitial is called after client side detection is finished to
+  // see if a SB interstitial was shown on the same page. Client Side Detection
+  // only runs on the currently committed page, so an unconditional
+  // GetLastCommittedEntry is correct here. GetNavigationEntryForResource cannot
+  // be used since it may no longer by valid (eg, if the UnsafeResource was for

[Charlie Reis, 2015/12/17 19:24:18]

nit: s/by/be/

[mattm, 2015/12/18 21:41:04]

Done.

+  // a blocking main page load which was then proceeded through).
   const NavigationEntry* nav_entry =
-      web_contents()->GetController().GetActiveEntry();
+      web_contents()->GetController().GetLastCommittedEntry();
   return (nav_entry && nav_entry->GetUniqueID() == unsafe_unique_page_id_);
 }
 
 void ClientSideDetectionHost::set_client_side_detection_service(
     ClientSideDetectionService* service) {
   csd_service_ = service;
 }
 
 void ClientSideDetectionHost::set_safe_browsing_managers(
     SafeBrowsingUIManager* ui_manager,
     SafeBrowsingDatabaseManager* database_manager) {
   if (ui_manager_.get())
     ui_manager_->RemoveObserver(this);
 
   ui_manager_ = ui_manager;
   if (ui_manager)
     ui_manager_->AddObserver(this);
 
   database_manager_ = database_manager;
 }
 
 }  // namespace safe_browsing