Move FrameHost::m_subframeCount to Page

third_party/WebKit/Source/core/page/Page.h

Index: third_party/WebKit/Source/core/page/Page.h
diff --git a/third_party/WebKit/Source/core/page/Page.h b/third_party/WebKit/Source/core/page/Page.h
index ac118b6733cedac954175e24743bb703c68f61e6..04ef00a7432244aa1598f2409b95512aa891de04 100644
--- a/third_party/WebKit/Source/core/page/Page.h
+++ b/third_party/WebKit/Source/core/page/Page.h
@@ -231,6 +231,18 @@ class CORE_EXPORT Page final : public GarbageCollectedFinalized<Page>,
   bool isCursorVisible() const;
   void setIsCursorVisible(bool isVisible) { m_isCursorVisible = isVisible; }
 
+  // Don't allow more than a certain number of frames in a page.
+  // This seems like a reasonable upper bound, and otherwise mutually
+  // recursive frameset pages can quickly bring the program to its knees
+  // with exponential growth in the number of frames.
+  static const int maxNumberOfFrames = 1000;
+  void incrementSubframeCount() { ++m_subframeCount; }
+  void decrementSubframeCount() {
+    DCHECK(m_subframeCount);

[joelhockey, 2017/03/10 00:25:43]

This is a question of chromium coding style rather than a comment.  Is this
better expressed as:

DCHECK_GT(m_subframeCount, 0);

Are either acceptable, or is there a specific preference for one over the other?

[sashab, 2017/03/10 00:56:21]

Great catch! I'd definitely say DCHECK_GT is better; changed it, thanks.

+    --m_subframeCount;
+  }
+  int subframeCount() const;
+
   void setDefaultPageScaleLimits(float minScale, float maxScale);
   void setUserAgentPageScaleConstraints(
       const PageScaleConstraints& newConstraints);
@@ -321,6 +333,8 @@ class CORE_EXPORT Page final : public GarbageCollectedFinalized<Page>,
   bool m_isPainting = false;
 #endif
 
+  int m_subframeCount;
+
   // A pointer to all the interfaces provided to in-process Frames for this
   // Page.
   // FIXME: Most of the members of Page should move onto FrameHost.