Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(100)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/renderer/render_frame_impl.cc

Issue 2650653006: PlzNavigate; fix UAF in RenderFrameImpl::OnCommitNavigation (Closed)
Patch Set: Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/renderer/render_frame_impl.h" 5 #include "content/renderer/render_frame_impl.h"
6 6
7 #include <map> 7 #include <map>
8 #include <string> 8 #include <string>
9 #include <utility> 9 #include <utility>
10 #include <vector> 10 #include <vector>
(...skipping 5157 matching lines...) Expand 10 before | Expand all | Expand 10 after
5168 stream_override->response = response; 5168 stream_override->response = response;
5169 stream_override->redirects = request_params.redirects; 5169 stream_override->redirects = request_params.redirects;
5170 stream_override->redirect_responses = request_params.redirect_response; 5170 stream_override->redirect_responses = request_params.redirect_response;
5171 5171
5172 // If the request was initiated in the context of a user gesture then make 5172 // If the request was initiated in the context of a user gesture then make
5173 // sure that the navigation also executes in the context of a user gesture. 5173 // sure that the navigation also executes in the context of a user gesture.
5174 std::unique_ptr<blink::WebScopedUserGesture> gesture( 5174 std::unique_ptr<blink::WebScopedUserGesture> gesture(
5175 request_params.has_user_gesture ? new blink::WebScopedUserGesture(frame_) 5175 request_params.has_user_gesture ? new blink::WebScopedUserGesture(frame_)
5176 : nullptr); 5176 : nullptr);
5177 5177
5178 browser_side_navigation_pending_ = false;
5179
5178 NavigateInternal(common_params, StartNavigationParams(), request_params, 5180 NavigateInternal(common_params, StartNavigationParams(), request_params,
5179 std::move(stream_override)); 5181 std::move(stream_override));
5180 5182
5181 browser_side_navigation_pending_ = false; 5183 // Don't add code after this since NavigateInternal may have destroyed this
5184 // RenderFrameImpl.
5182 } 5185 }
5183 5186
5184 // PlzNavigate 5187 // PlzNavigate
5185 void RenderFrameImpl::OnFailedNavigation( 5188 void RenderFrameImpl::OnFailedNavigation(
5186 const CommonNavigationParams& common_params, 5189 const CommonNavigationParams& common_params,
5187 const RequestNavigationParams& request_params, 5190 const RequestNavigationParams& request_params,
5188 bool has_stale_copy_in_cache, 5191 bool has_stale_copy_in_cache,
5189 int error_code) { 5192 int error_code) {
5190 DCHECK(IsBrowserSideNavigationEnabled()); 5193 DCHECK(IsBrowserSideNavigationEnabled());
5191 bool is_reload = IsReload(common_params.navigation_type); 5194 bool is_reload = IsReload(common_params.navigation_type);
(...skipping 1670 matching lines...) Expand 10 before | Expand all | Expand 10 after
6862 // event target. Potentially a Pepper plugin will receive the event. 6865 // event target. Potentially a Pepper plugin will receive the event.
6863 // In order to tell whether a plugin gets the last mouse event and which it 6866 // In order to tell whether a plugin gets the last mouse event and which it
6864 // is, we set |pepper_last_mouse_event_target_| to null here. If a plugin gets 6867 // is, we set |pepper_last_mouse_event_target_| to null here. If a plugin gets
6865 // the event, it will notify us via DidReceiveMouseEvent() and set itself as 6868 // the event, it will notify us via DidReceiveMouseEvent() and set itself as
6866 // |pepper_last_mouse_event_target_|. 6869 // |pepper_last_mouse_event_target_|.
6867 pepper_last_mouse_event_target_ = nullptr; 6870 pepper_last_mouse_event_target_ = nullptr;
6868 #endif 6871 #endif
6869 } 6872 }
6870 6873
6871 } // namespace content 6874 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698