Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(143)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: services/navigation/navigation.cc

Issue 2268603002: Avoid UAF on ConnectionFilter impls (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « services/navigation/navigation.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "services/navigation/navigation.h" 5 #include "services/navigation/navigation.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/message_loop/message_loop.h" 8 #include "base/message_loop/message_loop.h"
9 #include "base/threading/thread_task_runner_handle.h" 9 #include "base/threading/thread_task_runner_handle.h"
10 #include "services/navigation/view_impl.h" 10 #include "services/navigation/view_impl.h"
(...skipping 11 matching lines...) Expand all
22 std::unique_ptr<shell::ServiceContextRef> context_ref) { 22 std::unique_ptr<shell::ServiceContextRef> context_ref) {
23 // Owns itself. 23 // Owns itself.
24 new ViewImpl(std::move(connector), client_user_id, std::move(client), 24 new ViewImpl(std::move(connector), client_user_id, std::move(client),
25 std::move(request), std::move(context_ref)); 25 std::move(request), std::move(context_ref));
26 } 26 }
27 27
28 } // namespace 28 } // namespace
29 29
30 Navigation::Navigation() 30 Navigation::Navigation()
31 : view_task_runner_(base::ThreadTaskRunnerHandle::Get()), 31 : view_task_runner_(base::ThreadTaskRunnerHandle::Get()),
32 ref_factory_(base::MessageLoop::QuitWhenIdleClosure()) { 32 ref_factory_(base::MessageLoop::QuitWhenIdleClosure()),
33 weak_factory_(this) {
33 bindings_.set_connection_error_handler( 34 bindings_.set_connection_error_handler(
34 base::Bind(&Navigation::ViewFactoryLost, base::Unretained(this))); 35 base::Bind(&Navigation::ViewFactoryLost, base::Unretained(this)));
35 } 36 }
36 Navigation::~Navigation() {} 37 Navigation::~Navigation() {}
37 38
38 bool Navigation::OnConnect(const shell::Identity& remote_identity, 39 bool Navigation::OnConnect(const shell::Identity& remote_identity,
39 shell::InterfaceRegistry* registry, 40 shell::InterfaceRegistry* registry,
40 shell::Connector* connector) { 41 shell::Connector* connector) {
41 std::string remote_user_id = remote_identity.user_id(); 42 std::string remote_user_id = remote_identity.user_id();
42 if (!client_user_id_.empty() && client_user_id_ != remote_user_id) { 43 if (!client_user_id_.empty() && client_user_id_ != remote_user_id) {
43 LOG(ERROR) << "Must have a separate Navigation service instance for " 44 LOG(ERROR) << "Must have a separate Navigation service instance for "
44 << "different BrowserContexts."; 45 << "different BrowserContexts.";
45 return false; 46 return false;
46 } 47 }
47 client_user_id_ = remote_user_id; 48 client_user_id_ = remote_user_id;
48 49
49 registry->AddInterface<mojom::ViewFactory>(this); 50 registry->AddInterface(
51 base::Bind(&Navigation::CreateViewFactory, weak_factory_.GetWeakPtr()));
50 return true; 52 return true;
51 } 53 }
52 54
53 void Navigation::Create(const shell::Identity& remote_identity,
54 mojom::ViewFactoryRequest request) {
55 bindings_.AddBinding(this, std::move(request));
56 refs_.insert(ref_factory_.CreateRef());
57 }
58
59 void Navigation::CreateView(mojom::ViewClientPtr client, 55 void Navigation::CreateView(mojom::ViewClientPtr client,
60 mojom::ViewRequest request) { 56 mojom::ViewRequest request) {
61 std::unique_ptr<shell::Connector> new_connector = connector_->Clone(); 57 std::unique_ptr<shell::Connector> new_connector = connector_->Clone();
62 std::unique_ptr<shell::ServiceContextRef> context_ref = 58 std::unique_ptr<shell::ServiceContextRef> context_ref =
63 ref_factory_.CreateRef(); 59 ref_factory_.CreateRef();
64 view_task_runner_->PostTask( 60 view_task_runner_->PostTask(
65 FROM_HERE, 61 FROM_HERE,
66 base::Bind(&CreateViewOnViewTaskRunner, base::Passed(&new_connector), 62 base::Bind(&CreateViewOnViewTaskRunner, base::Passed(&new_connector),
67 client_user_id_, base::Passed(&client), base::Passed(&request), 63 client_user_id_, base::Passed(&client), base::Passed(&request),
68 base::Passed(&context_ref))); 64 base::Passed(&context_ref)));
69 } 65 }
70 66
67 void Navigation::CreateViewFactory(mojom::ViewFactoryRequest request) {
68 bindings_.AddBinding(this, std::move(request));
69 refs_.insert(ref_factory_.CreateRef());
70 }
71
71 void Navigation::ViewFactoryLost() { 72 void Navigation::ViewFactoryLost() {
72 refs_.erase(refs_.begin()); 73 refs_.erase(refs_.begin());
73 } 74 }
74 75
75 } // navigation 76 } // navigation
OLDNEW
« no previous file with comments | « services/navigation/navigation.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698