Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(328)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/security_exploit_browsertest.cc

Issue 504273002: Remove implicit conversions from scoped_refptr to T* in content/ (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/quota/quota_reservation_manager_unittest.cc ('k') | content/browser/speech/speech_recognition_browsertest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/command_line.h" 5 #include "base/command_line.h"
6 #include "base/containers/hash_tables.h" 6 #include "base/containers/hash_tables.h"
7 #include "content/browser/dom_storage/dom_storage_context_wrapper.h" 7 #include "content/browser/dom_storage/dom_storage_context_wrapper.h"
8 #include "content/browser/dom_storage/session_storage_namespace_impl.h" 8 #include "content/browser/dom_storage/session_storage_namespace_impl.h"
9 #include "content/browser/frame_host/navigator.h" 9 #include "content/browser/frame_host/navigator.h"
10 #include "content/browser/renderer_host/render_view_host_factory.h" 10 #include "content/browser/renderer_host/render_view_host_factory.h"
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after
132 ViewHostMsg_CreateWindow_Params params; 132 ViewHostMsg_CreateWindow_Params params;
133 DOMStorageContextWrapper* dom_storage_context = 133 DOMStorageContextWrapper* dom_storage_context =
134 static_cast<DOMStorageContextWrapper*>( 134 static_cast<DOMStorageContextWrapper*>(
135 BrowserContext::GetStoragePartition( 135 BrowserContext::GetStoragePartition(
136 shell()->web_contents()->GetBrowserContext(), 136 shell()->web_contents()->GetBrowserContext(),
137 pending_rvh->GetSiteInstance())->GetDOMStorageContext()); 137 pending_rvh->GetSiteInstance())->GetDOMStorageContext());
138 scoped_refptr<SessionStorageNamespaceImpl> session_storage( 138 scoped_refptr<SessionStorageNamespaceImpl> session_storage(
139 new SessionStorageNamespaceImpl(dom_storage_context)); 139 new SessionStorageNamespaceImpl(dom_storage_context));
140 // Cause a deliberate collision in routing ids. 140 // Cause a deliberate collision in routing ids.
141 int main_frame_routing_id = duplicate_routing_id + 1; 141 int main_frame_routing_id = duplicate_routing_id + 1;
142 pending_rvh->CreateNewWindow( 142 pending_rvh->CreateNewWindow(duplicate_routing_id,
143 duplicate_routing_id, main_frame_routing_id, params, session_storage); 143 main_frame_routing_id,
144 params,
145 session_storage.get());
144 146
145 // If the above operation doesn't cause a crash, the test has succeeded! 147 // If the above operation doesn't cause a crash, the test has succeeded!
146 } 148 }
147 149
148 // This is a test for crbug.com/312016. It tries to create two RenderWidgetHosts 150 // This is a test for crbug.com/312016. It tries to create two RenderWidgetHosts
149 // with the same process and routing ids, which causes a collision. It is almost 151 // with the same process and routing ids, which causes a collision. It is almost
150 // identical to the AttemptDuplicateRenderViewHost test case. 152 // identical to the AttemptDuplicateRenderViewHost test case.
151 IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, 153 IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest,
152 AttemptDuplicateRenderWidgetHost) { 154 AttemptDuplicateRenderWidgetHost) {
153 int duplicate_routing_id = MSG_ROUTING_NONE; 155 int duplicate_routing_id = MSG_ROUTING_NONE;
154 RenderViewHostImpl* pending_rvh = 156 RenderViewHostImpl* pending_rvh =
155 PrepareToDuplicateHosts(shell(), &duplicate_routing_id); 157 PrepareToDuplicateHosts(shell(), &duplicate_routing_id);
156 EXPECT_NE(MSG_ROUTING_NONE, duplicate_routing_id); 158 EXPECT_NE(MSG_ROUTING_NONE, duplicate_routing_id);
157 159
158 // Since this test executes on the UI thread and hopping threads might cause 160 // Since this test executes on the UI thread and hopping threads might cause
159 // different timing in the test, let's simulate a CreateNewWidget call coming 161 // different timing in the test, let's simulate a CreateNewWidget call coming
160 // from the IO thread. Use the existing window routing id to cause a 162 // from the IO thread. Use the existing window routing id to cause a
161 // deliberate collision. 163 // deliberate collision.
162 pending_rvh->CreateNewWidget(duplicate_routing_id, blink::WebPopupTypeSelect); 164 pending_rvh->CreateNewWidget(duplicate_routing_id, blink::WebPopupTypeSelect);
163 165
164 // If the above operation doesn't crash, the test has succeeded! 166 // If the above operation doesn't crash, the test has succeeded!
165 } 167 }
166 168
167 } // namespace content 169 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/quota/quota_reservation_manager_unittest.cc ('k') | content/browser/speech/speech_recognition_browsertest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698