content/renderer/mojo_bindings_controller.cc - Issue 2093423005: Fix nullptr dereference in MojoBindingsController

Side by Side Diff: content/renderer/mojo_bindings_controller.cc

Issue 2093423005: Fix nullptr dereference in MojoBindingsController (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « no previous file | no next file » | no next file with comments »

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/renderer/mojo_bindings_controller.h"	5 #include "content/renderer/mojo_bindings_controller.h"

6	6

7 #include "content/common/view_messages.h"	7 #include "content/common/view_messages.h"

8 #include "content/public/renderer/render_frame.h"	8 #include "content/public/renderer/render_frame.h"

9 #include "content/public/renderer/render_view.h"	9 #include "content/public/renderer/render_view.h"

10 #include "content/renderer/mojo_context_state.h"	10 #include "content/renderer/mojo_context_state.h"

(...skipping 20 matching lines...) Expand all Loading...
31 : RenderFrameObserver(render_frame),	31 : RenderFrameObserver(render_frame),

32 RenderFrameObserverTracker<MojoBindingsController>(render_frame),	32 RenderFrameObserverTracker<MojoBindingsController>(render_frame),

33 for_layout_tests_(for_layout_tests) {}	33 for_layout_tests_(for_layout_tests) {}

34	34

35 MojoBindingsController::~MojoBindingsController() {	35 MojoBindingsController::~MojoBindingsController() {

36 }	36 }

37	37

38 void MojoBindingsController::CreateContextState() {	38 void MojoBindingsController::CreateContextState() {

39 v8::HandleScope handle_scope(blink::mainThreadIsolate());	39 v8::HandleScope handle_scope(blink::mainThreadIsolate());

40 blink::WebLocalFrame* frame = render_frame()->GetWebFrame();	40 blink::WebLocalFrame* frame = render_frame()->GetWebFrame();

	41 if (!frame)

	42 return;

41 v8::Local<v8::Context> context = frame->mainWorldScriptContext();	43 v8::Local<v8::Context> context = frame->mainWorldScriptContext();

42 gin::PerContextData* context_data = gin::PerContextData::From(context);	44 gin::PerContextData* context_data = gin::PerContextData::From(context);

43 MojoContextStateData* data = new MojoContextStateData;	45 MojoContextStateData* data = new MojoContextStateData;

44 data->state.reset(new MojoContextState(frame, context, for_layout_tests_));	46 data->state.reset(new MojoContextState(frame, context, for_layout_tests_));

45 context_data->SetUserData(kMojoContextStateKey, data);	47 context_data->SetUserData(kMojoContextStateKey, data);

46 }	48 }

47	49

48 void MojoBindingsController::DestroyContextState(	50 void MojoBindingsController::DestroyContextState(

49 v8::Local<v8::Context> context) {	51 v8::Local<v8::Context> context) {

50 gin::PerContextData* context_data = gin::PerContextData::From(context);	52 gin::PerContextData* context_data = gin::PerContextData::From(context);

(...skipping 45 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
96	98

97 v8::HandleScope handle_scope(blink::mainThreadIsolate());	99 v8::HandleScope handle_scope(blink::mainThreadIsolate());

98 DestroyContextState(render_frame()->GetWebFrame()->mainWorldScriptContext());	100 DestroyContextState(render_frame()->GetWebFrame()->mainWorldScriptContext());

99 }	101 }

100	102

101 void MojoBindingsController::OnDestruct() {	103 void MojoBindingsController::OnDestruct() {

102 delete this;	104 delete this;

103 }	105 }

104	106

105 } // namespace content	107 } // namespace content

OLD	NEW