| Index: android_webview/native/intercepted_request_data_impl.cc
|
| diff --git a/android_webview/native/intercepted_request_data_impl.cc b/android_webview/native/intercepted_request_data_impl.cc
|
| index dc5fe225b2f4e1be2447a176d320ccbb2c76f6fb..926867c20391b5807ac9129276d1a39373068722 100644
|
| --- a/android_webview/native/intercepted_request_data_impl.cc
|
| +++ b/android_webview/native/intercepted_request_data_impl.cc
|
| @@ -18,46 +18,70 @@ namespace android_webview {
|
|
|
| namespace {
|
|
|
| -class StreamReaderJobDelegateImpl :
|
| - public AndroidStreamReaderURLRequestJob::Delegate {
|
| +class StreamReaderJobDelegateImpl
|
| + : public AndroidStreamReaderURLRequestJob::Delegate {
|
| public:
|
| - StreamReaderJobDelegateImpl(
|
| - const InterceptedRequestDataImpl* intercepted_request_data)
|
| - : intercepted_request_data_impl_(intercepted_request_data) {
|
| - DCHECK(intercepted_request_data_impl_);
|
| - }
|
| -
|
| - virtual scoped_ptr<InputStream> OpenInputStream(
|
| - JNIEnv* env,
|
| - const GURL& url) OVERRIDE {
|
| - return intercepted_request_data_impl_->GetInputStream(env).Pass();
|
| - }
|
| -
|
| - virtual void OnInputStreamOpenFailed(net::URLRequest* request,
|
| - bool* restart) OVERRIDE {
|
| - *restart = false;
|
| - }
|
| -
|
| - virtual bool GetMimeType(JNIEnv* env,
|
| - net::URLRequest* request,
|
| - android_webview::InputStream* stream,
|
| - std::string* mime_type) OVERRIDE {
|
| - return intercepted_request_data_impl_->GetMimeType(env, mime_type);
|
| - }
|
| -
|
| - virtual bool GetCharset(JNIEnv* env,
|
| - net::URLRequest* request,
|
| - android_webview::InputStream* stream,
|
| - std::string* charset) OVERRIDE {
|
| - return intercepted_request_data_impl_->GetCharset(env, charset);
|
| - }
|
| + StreamReaderJobDelegateImpl(
|
| + scoped_refptr<InterceptedRequestData::Holder> holder)
|
| + : holder_(holder) {
|
| + DCHECK(holder.get());
|
| + }
|
| +
|
| + virtual void OnStart() OVERRIDE {
|
| + if (!holder_.get()) return;
|
| +
|
| + // This is called on the IO thread so there is no risk of a race when
|
| + // transferring ownership of the InterceptedRequestData |data| member.
|
| + intercepted_request_data_impl_.reset(
|
| + static_cast<InterceptedRequestDataImpl*>(holder_->data.release()));
|
| + holder_ = NULL;
|
| + }
|
| +
|
| + virtual scoped_ptr<InputStream> OpenInputStream(JNIEnv* env,
|
| + const GURL& url) OVERRIDE {
|
| + if (!intercepted_request_data_impl_) return scoped_ptr<InputStream>();
|
| + return intercepted_request_data_impl_->GetInputStream(env).Pass();
|
| + }
|
| +
|
| + virtual void OnInputStreamOpenFailed(net::URLRequest* request,
|
| + bool* restart) OVERRIDE {
|
| + *restart = false;
|
| + }
|
| +
|
| + virtual bool GetMimeType(JNIEnv* env,
|
| + net::URLRequest* request,
|
| + android_webview::InputStream* stream,
|
| + std::string* mime_type) OVERRIDE {
|
| + if (!intercepted_request_data_impl_) return false;
|
| + return intercepted_request_data_impl_->GetMimeType(env, mime_type);
|
| + }
|
| +
|
| + virtual bool GetCharset(JNIEnv* env,
|
| + net::URLRequest* request,
|
| + android_webview::InputStream* stream,
|
| + std::string* charset) OVERRIDE {
|
| + if (!intercepted_request_data_impl_) return false;
|
| + return intercepted_request_data_impl_->GetCharset(env, charset);
|
| + }
|
|
|
| private:
|
| - const InterceptedRequestDataImpl* intercepted_request_data_impl_;
|
| + scoped_refptr<InterceptedRequestData::Holder> holder_;
|
| + scoped_ptr<InterceptedRequestDataImpl> intercepted_request_data_impl_;
|
| };
|
|
|
| } // namespace
|
|
|
| +// static
|
| +net::URLRequestJob* InterceptedRequestData::CreateJobFor(
|
| + scoped_refptr<InterceptedRequestData::Holder> holder,
|
| + net::URLRequest* request,
|
| + net::NetworkDelegate* network_delegate) {
|
| + scoped_ptr<AndroidStreamReaderURLRequestJob::Delegate>
|
| + stream_reader_job_delegate_impl(new StreamReaderJobDelegateImpl(holder));
|
| + return new AndroidStreamReaderURLRequestJob(
|
| + request, network_delegate, stream_reader_job_delegate_impl.Pass());
|
| +}
|
| +
|
| InterceptedRequestDataImpl::InterceptedRequestDataImpl(
|
| const base::android::JavaRef<jobject>& obj)
|
| : java_object_(obj) {
|
| @@ -99,13 +123,4 @@ bool RegisterInterceptedRequestData(JNIEnv* env) {
|
| return RegisterNativesImpl(env);
|
| }
|
|
|
| -net::URLRequestJob* InterceptedRequestDataImpl::CreateJobFor(
|
| - net::URLRequest* request,
|
| - net::NetworkDelegate* network_delegate) const {
|
| - scoped_ptr<AndroidStreamReaderURLRequestJob::Delegate>
|
| - stream_reader_job_delegate_impl(new StreamReaderJobDelegateImpl(this));
|
| - return new AndroidStreamReaderURLRequestJob(
|
| - request, network_delegate, stream_reader_job_delegate_impl.Pass());
|
| -}
|
| -
|
| } // namespace android_webview
|
|
|
Chromium Code Reviews
Issue 59903011:
[android_webview] Fix UAF in request interception code. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src