Fix dangerous pointer use in UserScriptMaster

chrome/browser/extensions/user_script_master.h

Index: chrome/browser/extensions/user_script_master.h
diff --git a/chrome/browser/extensions/user_script_master.h b/chrome/browser/extensions/user_script_master.h
index 13eb6fc01b9a00af08d84870d2b1f62c21e291f0..3252a8417fc1a998064890b729fedc9db2b538b2 100644
--- a/chrome/browser/extensions/user_script_master.h
+++ b/chrome/browser/extensions/user_script_master.h
@@ -10,6 +10,7 @@
 
 #include "base/compiler_specific.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/memory/weak_ptr.h"
 #include "base/scoped_observer.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/notification_observer.h"
@@ -19,6 +20,10 @@
 #include "extensions/common/extension_set.h"
 #include "extensions/common/user_script.h"
 
+namespace base {
+class SharedMemory;
+}
+
 namespace content {
 class RenderProcessHost;
 }
@@ -35,11 +40,19 @@ typedef std::map<std::string, ExtensionSet::ExtensionPathAndDefaultLocale>
 
 // Manages a segment of shared memory that contains the user scripts the user
 // has installed.  Lives on the UI thread.
-class UserScriptMaster : public base::RefCountedThreadSafe<UserScriptMaster>,
-                         public content::NotificationObserver,
+class UserScriptMaster : public content::NotificationObserver,
                          public ExtensionRegistryObserver {
  public:
+  // Parses the includes out of |script| and returns them in |includes|.
+  static bool ParseMetadataHeader(const base::StringPiece& script_text,
+                                  UserScript* script);
+
+  // A wrapper around the method to load user scripts, which is normally run on
+  // the file thread. Exposed only for tests.
+  static void LoadScriptsForTest(UserScriptList* user_scripts);
+
   explicit UserScriptMaster(Profile* profile);
+  virtual ~UserScriptMaster();
 
   // Kicks off a process on the file thread to reload scripts from disk
   // into a new chunk of shared memory and notify renderers.
@@ -50,91 +63,9 @@ class UserScriptMaster : public base::RefCountedThreadSafe<UserScriptMaster>,
     return shared_memory_.get();
   }
 
-  // Called by the script reloader when new scripts have been loaded.
-  void NewScriptsAvailable(scoped_ptr<base::SharedMemory> handle);
-
   // Return true if we have any scripts ready.
   bool ScriptsReady() const { return shared_memory_.get() != NULL; }
 
-  // Returns the content verifier for our browser context.
-  ContentVerifier* content_verifier();
-
- protected:
-  friend class base::RefCountedThreadSafe<UserScriptMaster>;
-
-  virtual ~UserScriptMaster();
-
- public:
-  // We reload user scripts on the file thread to prevent blocking the UI.
-  // ScriptReloader lives on the file thread and does the reload
-  // work, and then sends a message back to its master with a new SharedMemory*.
-  // ScriptReloader is the worker that manages running the script load
-  // on the file thread. It must be created on, and its public API must only be
-  // called from, the master's thread.
-  class ScriptReloader
-      : public base::RefCountedThreadSafe<UserScriptMaster::ScriptReloader> {
-   public:
-    // Parses the includes out of |script| and returns them in |includes|.
-    static bool ParseMetadataHeader(const base::StringPiece& script_text,
-                                    UserScript* script);
-
-    explicit ScriptReloader(UserScriptMaster* master);
-
-    // Start loading of scripts.
-    // Will always send a message to the master upon completion.
-    void StartLoad(const UserScriptList& external_scripts,
-                   const ExtensionsInfo& extensions_info);
-
-    // The master is going away; don't call it back.
-    void DisownMaster() {
-      master_ = NULL;
-    }
-
-   private:
-    FRIEND_TEST_ALL_PREFIXES(UserScriptMasterTest, SkipBOMAtTheBeginning);
-    FRIEND_TEST_ALL_PREFIXES(UserScriptMasterTest, LeaveBOMNotAtTheBeginning);
-    friend class base::RefCountedThreadSafe<UserScriptMaster::ScriptReloader>;
-
-    ~ScriptReloader();
-
-    // Where functions are run:
-    //    master          file
-    //   StartLoad   ->  RunLoad
-    //                     LoadUserScripts()
-    // NotifyMaster  <-  RunLoad
-
-    // Runs on the master thread.
-    // Notify the master that new scripts are available.
-    void NotifyMaster(scoped_ptr<base::SharedMemory> memory);
-
-    // Runs on the File thread.
-    // Load the specified user scripts, calling NotifyMaster when done.
-    // |user_scripts| is intentionally passed by value so its lifetime isn't
-    // tied to the caller.
-    void RunLoad(const UserScriptList& user_scripts);
-
-    void LoadUserScripts(UserScriptList* user_scripts);
-
-    // Uses extensions_info_ to build a map of localization messages.
-    // Returns NULL if |extension_id| is invalid.
-    SubstitutionMap* GetLocalizationMessages(const std::string& extension_id);
-
-    // A pointer back to our master.
-    // May be NULL if DisownMaster() is called.
-    UserScriptMaster* master_;
-
-    // Maps extension info needed for localization to an extension ID.
-    ExtensionsInfo extensions_info_;
-
-    // The message loop to call our master back on.
-    // Expected to always outlive us.
-    content::BrowserThread::ID master_thread_id_;
-
-    scoped_refptr<ContentVerifier> verifier_;
-
-    DISALLOW_COPY_AND_ASSIGN(ScriptReloader);
-  };
-
  private:
   // content::NotificationObserver implementation.
   virtual void Observe(int type,
@@ -149,6 +80,10 @@ class UserScriptMaster : public base::RefCountedThreadSafe<UserScriptMaster>,
       const Extension* extension,
       UnloadedExtensionInfo::Reason reason) OVERRIDE;
 
+  // Called once we have finished loading the scripts on the file thread.
+  void OnScriptsLoaded(scoped_ptr<UserScriptList> user_scripts,
+                       scoped_ptr<base::SharedMemory> shared_memory);
+
   // Sends the renderer process a new set of user scripts. If
   // |changed_extensions| is not empty, this signals that only the scripts from
   // those extensions should be updated. Otherwise, all extensions will be
@@ -157,17 +92,19 @@ class UserScriptMaster : public base::RefCountedThreadSafe<UserScriptMaster>,
                   base::SharedMemory* shared_memory,
                   const std::set<std::string>& changed_extensions);
 
+  bool is_loading() const {
+    // Ownership of |user_scripts_| is passed to the file thread when loading.
+    return user_scripts_.get() == NULL;
+  }
+
   // Manages our notification registrations.
   content::NotificationRegistrar registrar_;
 
-  // We hang on to our pointer to know if we've already got one running.
-  scoped_refptr<ScriptReloader> script_reloader_;
-
   // Contains the scripts that were found the last time scripts were updated.
   scoped_ptr<base::SharedMemory> shared_memory_;
 
   // List of scripts from currently-installed extensions we should load.
-  UserScriptList user_scripts_;
+  scoped_ptr<UserScriptList> user_scripts_;
 
   // Maps extension info needed for localization to an extension ID.
   ExtensionsInfo extensions_info_;
@@ -176,6 +113,11 @@ class UserScriptMaster : public base::RefCountedThreadSafe<UserScriptMaster>,
   // the renderer.
   std::set<std::string> changed_extensions_;
 
+  // The mutually-exclusive sets of extensions that were added or removed since
+  // the last script load.
+  std::set<std::string> added_extensions_;
+  std::set<std::string> removed_extensions_;
+
   // If the extensions service has finished loading its initial set of
   // extensions.
   bool extensions_service_ready_;
@@ -185,6 +127,9 @@ class UserScriptMaster : public base::RefCountedThreadSafe<UserScriptMaster>,
   // finishes.  This boolean tracks whether another load is pending.
   bool pending_load_;
 
+  // Whether or not we are currently loading.
+  bool is_loading_;
+
   // The profile for which the scripts managed here are installed.
   Profile* profile_;
 
@@ -192,6 +137,8 @@ class UserScriptMaster : public base::RefCountedThreadSafe<UserScriptMaster>,
   ScopedObserver<ExtensionRegistry, ExtensionRegistryObserver>
       extension_registry_observer_;
 
+  base::WeakPtrFactory<UserScriptMaster> weak_factory_;
+
   DISALLOW_COPY_AND_ASSIGN(UserScriptMaster);
 };