Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(179)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/renderer/mus/render_widget_window_tree_client_factory.cc

Issue 2268603002: Avoid UAF on ConnectionFilter impls (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/public/common/connection_filter.h ('k') | services/navigation/navigation.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/renderer/mus/render_widget_window_tree_client_factory.h" 5 #include "content/renderer/mus/render_widget_window_tree_client_factory.h"
6 6
7 #include <stdint.h> 7 #include <stdint.h>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/macros.h" 10 #include "base/macros.h"
11 #include "base/memory/ptr_util.h" 11 #include "base/memory/ptr_util.h"
12 #include "base/memory/ref_counted.h" 12 #include "base/memory/ref_counted.h"
13 #include "base/memory/weak_ptr.h"
13 #include "base/sequenced_task_runner.h" 14 #include "base/sequenced_task_runner.h"
14 #include "base/threading/thread_task_runner_handle.h" 15 #include "base/threading/thread_task_runner_handle.h"
15 #include "content/common/render_widget_window_tree_client_factory.mojom.h" 16 #include "content/common/render_widget_window_tree_client_factory.mojom.h"
16 #include "content/public/common/connection_filter.h" 17 #include "content/public/common/connection_filter.h"
17 #include "content/public/common/mojo_shell_connection.h" 18 #include "content/public/common/mojo_shell_connection.h"
18 #include "content/renderer/mus/render_widget_mus_connection.h" 19 #include "content/renderer/mus/render_widget_mus_connection.h"
19 #include "mojo/public/cpp/bindings/binding_set.h" 20 #include "mojo/public/cpp/bindings/binding_set.h"
20 #include "services/shell/public/cpp/interface_factory.h" 21 #include "services/shell/public/cpp/interface_factory.h"
21 #include "services/shell/public/cpp/service.h" 22 #include "services/shell/public/cpp/service.h"
22 #include "services/ui/public/interfaces/window_tree.mojom.h" 23 #include "services/ui/public/interfaces/window_tree.mojom.h"
23 #include "url/gurl.h" 24 #include "url/gurl.h"
24 25
25 namespace content { 26 namespace content {
26 27
27 namespace { 28 namespace {
28 29
29 void BindMusConnectionOnMainThread( 30 void BindMusConnectionOnMainThread(
30 uint32_t routing_id, 31 uint32_t routing_id,
31 ui::mojom::WindowTreeClientRequest request) { 32 ui::mojom::WindowTreeClientRequest request) {
32 RenderWidgetMusConnection* connection = 33 RenderWidgetMusConnection* connection =
33 RenderWidgetMusConnection::GetOrCreate(routing_id); 34 RenderWidgetMusConnection::GetOrCreate(routing_id);
34 connection->Bind(std::move(request)); 35 connection->Bind(std::move(request));
35 } 36 }
36 37
37 // This object's lifetime is managed by MojoShellConnection because it's a 38 // This object's lifetime is managed by MojoShellConnection because it's a
38 // registered with it. 39 // registered with it.
39 class RenderWidgetWindowTreeClientFactoryImpl 40 class RenderWidgetWindowTreeClientFactoryImpl
40 : public ConnectionFilter, 41 : public ConnectionFilter,
41 public shell::InterfaceFactory<
42 mojom::RenderWidgetWindowTreeClientFactory>,
43 public mojom::RenderWidgetWindowTreeClientFactory { 42 public mojom::RenderWidgetWindowTreeClientFactory {
44 public: 43 public:
45 RenderWidgetWindowTreeClientFactoryImpl() { 44 RenderWidgetWindowTreeClientFactoryImpl() : weak_factory_(this) {
46 main_thread_task_runner_ = base::ThreadTaskRunnerHandle::Get(); 45 main_thread_task_runner_ = base::ThreadTaskRunnerHandle::Get();
47 } 46 }
48 47
49 ~RenderWidgetWindowTreeClientFactoryImpl() override {} 48 ~RenderWidgetWindowTreeClientFactoryImpl() override {}
50 49
51 private: 50 private:
52 // ConnectionFilter implementation: 51 // ConnectionFilter implementation:
53 bool OnConnect(const shell::Identity& remote_identity, 52 bool OnConnect(const shell::Identity& remote_identity,
54 shell::InterfaceRegistry* registry, 53 shell::InterfaceRegistry* registry,
55 shell::Connector* connector) override { 54 shell::Connector* connector) override {
56 registry->AddInterface<mojom::RenderWidgetWindowTreeClientFactory>(this); 55 registry->AddInterface(
56 base::Bind(&RenderWidgetWindowTreeClientFactoryImpl::CreateFactory,
57 weak_factory_.GetWeakPtr()));
57 return true; 58 return true;
58 } 59 }
59 60
60 // shell::InterfaceFactory<mojom::RenderWidgetWindowTreeClientFactory>:
61 void Create(const shell::Identity& remote_identity,
62 mojo::InterfaceRequest<mojom::RenderWidgetWindowTreeClientFactory>
63 request) override {
64 bindings_.AddBinding(this, std::move(request));
65 }
66
67 // mojom::RenderWidgetWindowTreeClientFactory implementation. 61 // mojom::RenderWidgetWindowTreeClientFactory implementation.
68 void CreateWindowTreeClientForRenderWidget( 62 void CreateWindowTreeClientForRenderWidget(
69 uint32_t routing_id, 63 uint32_t routing_id,
70 ui::mojom::WindowTreeClientRequest request) override { 64 ui::mojom::WindowTreeClientRequest request) override {
71 main_thread_task_runner_->PostTask( 65 main_thread_task_runner_->PostTask(
72 FROM_HERE, base::Bind(&BindMusConnectionOnMainThread, routing_id, 66 FROM_HERE, base::Bind(&BindMusConnectionOnMainThread, routing_id,
73 base::Passed(&request))); 67 base::Passed(&request)));
74 } 68 }
75 69
70 void CreateFactory(
71 mojom::RenderWidgetWindowTreeClientFactoryRequest request) {
72 bindings_.AddBinding(this, std::move(request));
73 }
74
76 scoped_refptr<base::SequencedTaskRunner> main_thread_task_runner_; 75 scoped_refptr<base::SequencedTaskRunner> main_thread_task_runner_;
77 mojo::BindingSet<mojom::RenderWidgetWindowTreeClientFactory> bindings_; 76 mojo::BindingSet<mojom::RenderWidgetWindowTreeClientFactory> bindings_;
77 base::WeakPtrFactory<RenderWidgetWindowTreeClientFactoryImpl> weak_factory_;
78 78
79 DISALLOW_COPY_AND_ASSIGN(RenderWidgetWindowTreeClientFactoryImpl); 79 DISALLOW_COPY_AND_ASSIGN(RenderWidgetWindowTreeClientFactoryImpl);
80 }; 80 };
81 81
82 } // namespace 82 } // namespace
83 83
84 void CreateRenderWidgetWindowTreeClientFactory( 84 void CreateRenderWidgetWindowTreeClientFactory(
85 MojoShellConnection* connection) { 85 MojoShellConnection* connection) {
86 connection->AddConnectionFilter( 86 connection->AddConnectionFilter(
87 base::MakeUnique<RenderWidgetWindowTreeClientFactoryImpl>()); 87 base::MakeUnique<RenderWidgetWindowTreeClientFactoryImpl>());
88 } 88 }
89 89
90 } // namespace content 90 } // namespace content
OLDNEW
« no previous file with comments | « content/public/common/connection_filter.h ('k') | services/navigation/navigation.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698