[win] Enable ModuleDatabase behind a flag.

chrome/renderer/chrome_content_renderer_client.cc

Index: chrome/renderer/chrome_content_renderer_client.cc
diff --git a/chrome/renderer/chrome_content_renderer_client.cc b/chrome/renderer/chrome_content_renderer_client.cc
index b109db87df50f0c059a996d26e2f631192eaedc1..d8c7c14fee6a95cbb9778956d3e499e2e5108514 100644
--- a/chrome/renderer/chrome_content_renderer_client.cc
+++ b/chrome/renderer/chrome_content_renderer_client.cc
@@ -294,6 +294,31 @@ class MediaLoadDeferrer : public content::RenderFrameObserver {
   DISALLOW_COPY_AND_ASSIGN(MediaLoadDeferrer);
 };
 
+#if defined(OS_WIN)
+// Dispatches a module |event| to the provided |module_database| interface.

[grt (UTC plus 2), 2017/01/06 09:44:58]

nit: module_database -> module_event_sink?

[chrisha, 2017/01/10 21:01:46]

Done.

+void OnModuleEventImpl(mojom::ModuleEventSinkPtr* module_event_sink,

[grt (UTC plus 2), 2017/01/06 09:44:58]

this will trigger a UAF if a ChromeContentRendererClient can be destroyed after
OnModuleEvent is called but before the IO thread picks up OnModuleEventImpl, no
(mojom::ModuleEventSinkPtr will have been destroyed)? is this possible?

[chrisha, 2017/01/10 21:01:46]

Great catch. ChromeContentRendererClient is a lazy initialized singleton that is
leaked, so this is not an issue. It lives here:

https://cs.chromium.org/chromium/src/chrome/app/chrome_main_delegate.cc?q=Chr...

I'll add comments that make this explicit.

+                       const ModuleWatcher::ModuleEvent& event) {
+  // Simply the send the module load address. The browser can validate this and

[grt (UTC plus 2), 2017/01/06 09:44:58]

nix extra " the"

[chrisha, 2017/01/10 21:01:46]

Done.

+  // look up the module details on its own.
+  (*module_event_sink)
+      ->OnModuleEvent(event.event_type,
+                      reinterpret_cast<uintptr_t>(event.module_load_address));
+}
+
+// Receives notifications from the ModuleWatcher on any thread. Bounces these
+// over to the provided |task_runner| where they are subsequently dispatched to
+// the |module_database| interface.
+void OnModuleEvent(scoped_refptr<base::SingleThreadTaskRunner> task_runner,
+                   mojom::ModuleEventSinkPtr* module_event_sink,
+                   const ModuleWatcher::ModuleEvent& event) {
+  // The Mojo interface can only be used from a single thread. Bounce tasks
+  // over to it.
+  task_runner->PostTask(FROM_HERE,
+                        base::Bind(&OnModuleEventImpl,

[grt (UTC plus 2), 2017/01/06 09:44:58]

nit: OnModuleEventImpl -> HandleModuleEventOnIOThread?

[chrisha, 2017/01/10 21:01:46]

Done.

+                                   base::Unretained(module_event_sink), event));
+}
+#endif
+
 }  // namespace
 
 ChromeContentRendererClient::ChromeContentRendererClient()
@@ -328,6 +353,15 @@ void ChromeContentRendererClient::RenderThreadStarted() {
     startup_metric_host->RecordRendererMainEntryTime(main_entry_time_);
   }
 
+#if defined(OS_WIN)
+  if (base::FeatureList::IsEnabled(features::kModuleDatabase)) {
+    thread->GetRemoteInterfaces()->GetInterface(&module_event_sink_);
+    module_watcher_ = ModuleWatcher::Create(
+        base::Bind(&OnModuleEvent, thread->GetIOTaskRunner(),
+                   base::Unretained(&module_event_sink_)));
+  }
+#endif
+
   chrome_observer_.reset(new ChromeRenderThreadObserver());
   web_cache_impl_.reset(new web_cache::WebCacheImpl());