Pin dictionaries from being deleted while request is outstanding.

net/filter/sdch_filter.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/filter/sdch_filter.h"
 
 #include <ctype.h>
 #include <limits.h>
 
 #include <algorithm>
 
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
 #include "base/values.h"
 #include "net/base/sdch_manager.h"
 #include "net/base/sdch_net_log_params.h"
+#include "net/base/sdch_problem_codes.h"
 #include "net/url_request/url_request_context.h"
 
 #include "sdch/open-vcdiff/src/google/vcdecoder.h"
 
 namespace net {
 
 namespace {
 
 // Disambiguate various types of responses that trigger a meta-refresh,
 // failure, or fallback to pass-through.
@@ skipping 216 matching lines @@
       DCHECK_EQ(DECODING_ERROR, decoding_status_);
       DCHECK_EQ(0u, dest_buffer_excess_index_);
       DCHECK(dest_buffer_excess_.empty());
       // This is where we try very hard to do error recovery, and make this
       // protocol robust in the face of proxies that do many different things.
       // If we decide that things are looking very bad (too hard to recover),
       // we may even issue a "meta-refresh" to reload the page without an SDCH
       // advertisement (so that we are sure we're not hurting anything).
       //
       // Watch out for an error page inserted by the proxy as part of a 40x
-      // error response.  When we see such content molestation, we certainly
+      // error response. When we see such content molestation, we certainly
       // need to fall into the meta-refresh case.
       ResponseCorruptionDetectionCause cause = RESPONSE_NONE;
       if (filter_context_.GetResponseCode() == 404) {
         // We could be more generous, but for now, only a "NOT FOUND" code will
-        // cause a pass through.  All other bad codes will fall into a
+        // cause a pass through. All other bad codes will fall into a
         // meta-refresh.
         LogSdchProblem(SDCH_PASS_THROUGH_404_CODE);
         cause = RESPONSE_404;
         decoding_status_ = PASS_THROUGH;
       } else if (filter_context_.GetResponseCode() != 200) {
         // We need to meta-refresh, with SDCH disabled.
         cause = RESPONSE_NOT_200;
       } else if (filter_context_.IsCachedContent()
                  && !dictionary_hash_is_plausible_) {
         // We must have hit the back button, and gotten content that was fetched
         // before we *really* advertised SDCH and a dictionary.
         LogSdchProblem(SDCH_PASS_THROUGH_OLD_CACHED);
         decoding_status_ = PASS_THROUGH;
         cause = RESPONSE_OLD_UNENCODED;
       } else if (possible_pass_through_) {
         // This is the potentially most graceful response. There really was no
         // error. We were just overly cautious when we added a TENTATIVE_SDCH.
         // We added the sdch coding tag, and it should not have been added.
         // This can happen in server experiments, where the server decides
-        // not to use sdch, even though there is a dictionary.  To be
+        // not to use sdch, even though there is a dictionary. To be
         // conservative, we locally added the tentative sdch (fearing that a
         // proxy stripped it!) and we must now recant (pass through).
         //
         // However.... just to be sure we don't get burned by proxies that
         // re-compress with gzip or other system, we can sniff to see if this
-        // is compressed data etc.  For now, we do nothing, which gets us into
+        // is compressed data etc. For now, we do nothing, which gets us into
         // the meta-refresh result.
         // TODO(jar): Improve robustness by sniffing for valid text that we can
         // actual use re: decoding_status_ = PASS_THROUGH;
         cause = RESPONSE_TENTATIVE_SDCH;
       } else if (dictionary_hash_is_plausible_) {
         // We need a meta-refresh since we don't have the dictionary.
         // The common cause is a restart of the browser, where we try to render
         // cached content that was saved when we had a dictionary.
         cause = RESPONSE_NO_DICTIONARY;
-      } else if (filter_context_.SdchResponseExpected()) {
-        // This is a very corrupt SDCH request response.  We can't decode it.
+      } else if (filter_context_.SdchDictionariesAdvertised()) {
+        // This is a very corrupt SDCH request response. We can't decode it.
         // We'll use a meta-refresh, and get content without asking for SDCH.
         // This will also progressively disable SDCH for this domain.
         cause = RESPONSE_CORRUPT_SDCH;
       } else {
         // One of the first 9 bytes precluded consideration as a hash.
         // This can't be an SDCH payload, even though the server said it was.
         // This is a major error, as the server or proxy tagged this SDCH even
         // though it is not!
         // Meta-refresh won't help, as we didn't advertise an SDCH dictionary!!
         // Worse yet, meta-refresh could lead to an infinite refresh loop.
@@ skipping 63 matching lines @@
   available_space -= amount;
   DCHECK_GE(available_space, 0);
 
   if (available_space <= 0)
     return FILTER_OK;
   DCHECK(dest_buffer_excess_.empty());
   DCHECK_EQ(0u, dest_buffer_excess_index_);
 
   if (decoding_status_ != DECODING_IN_PROGRESS) {
     if (META_REFRESH_RECOVERY == decoding_status_) {
-      // Absorb all input data.  We've already output page reload HTML.
+      // Absorb all input data. We've already output page reload HTML.
       next_stream_data_ = NULL;
       stream_data_len_ = 0;
       return FILTER_NEED_MORE_DATA;
     }
     if (PASS_THROUGH == decoding_status_) {
       // We must pass in available_space, but it will be changed to bytes_used.
       FilterStatus result = CopyOut(dest_buffer, &available_space);
       // Accumulate the returned count of bytes_used (a.k.a., available_space).
       *dest_len += available_space;
       return result;
@@ skipping 43 matching lines @@
   }
   dictionary_hash_.append(next_stream_data_, bytes_needed);
   DCHECK(kServerIdLength == dictionary_hash_.size());
   stream_data_len_ -= bytes_needed;
   DCHECK_LE(0, stream_data_len_);
   if (stream_data_len_ > 0)
     next_stream_data_ += bytes_needed;
   else
     next_stream_data_ = NULL;
 
-  DCHECK(!dictionary_.get());
+  DCHECK(!dictionary_);
   dictionary_hash_is_plausible_ = true;  // Assume plausible, but check.
 
   SdchProblemCode rv = SDCH_OK;
   if ('\0' == dictionary_hash_[kServerIdLength - 1]) {
-    SdchManager* manager(url_request_context_->sdch_manager());
-    rv = manager->GetVcdiffDictionary(
-        std::string(dictionary_hash_, 0, kServerIdLength - 1), url_,
-        &dictionary_);
-    if (rv == SDCH_DICTIONARY_HASH_NOT_FOUND) {
-      DCHECK(dictionary_hash_.size() == kServerIdLength);
-      // Since dictionary was not found, check to see if hash was even
-      // plausible.
-      for (size_t i = 0; i < kServerIdLength - 1; ++i) {
-        char base64_char = dictionary_hash_[i];
-        if (!isalnum(base64_char) && '-' != base64_char && '_' != base64_char) {
-          rv = SDCH_DICTIONARY_HASH_MALFORMED;
-          dictionary_hash_is_plausible_ = false;
-          break;
+    std::string server_hash(dictionary_hash_, 0, kServerIdLength - 1);
+    SdchManager::DictionarySet* handle =
+        filter_context_.SdchDictionariesAdvertised();
+    if (handle)
+      dictionary_ = handle->GetDictionary(server_hash);
+    if (!dictionary_) {
+      // This is a hack. Naively, the dictionaries available for
+      // decoding should be only the ones advertised. However, there are
+      // cases, specifically resources encoded with old dictionaries living
+      // in the cache, that mean the full set of dictionaries should be made
+      // available for decoding. It's not known how often this happens;
+      // if it happens rarely enough, this code can be removed.
+      //
+      // TODO(rdsmith): Long-term, a better solution is necessary, since
+      // an entry in the cache being encoded with the dictionary doesn't
+      // guarantee that the dictionary is present. That solution probably
+      // involves storing unencoded resources in the cache, but might
+      // involve evicting encoded resources on dictionary removal.
+      // See http://crbug.com/383405.
+      unexpected_dictionary_handle_ =
+          url_request_context_->sdch_manager()->GetDictionarySetByHash(
+              url_, server_hash, &rv);
+      if (unexpected_dictionary_handle_) {
+        dictionary_ = unexpected_dictionary_handle_->GetDictionary(server_hash);
+        // Override SDCH_OK rv; this is still worth logging.
+        rv = (filter_context_.IsCachedContent() ?
+              SDCH_UNADVERTISED_DICTIONARY_USED_CACHED :
+              SDCH_UNADVERTISED_DICTIONARY_USED);
+      } else {
+        // Since dictionary was not found, check to see if hash was
+        // even plausible.
+        DCHECK(dictionary_hash_.size() == kServerIdLength);
+        rv = SDCH_DICTIONARY_HASH_NOT_FOUND;
+        for (size_t i = 0; i < kServerIdLength - 1; ++i) {
+          char base64_char = dictionary_hash_[i];
+          if (!isalnum(base64_char) &&
+              '-' != base64_char && '_' != base64_char) {
+            dictionary_hash_is_plausible_ = false;
+            rv = SDCH_DICTIONARY_HASH_MALFORMED;
+            break;
+          }
         }
       }
     }
   } else {
     dictionary_hash_is_plausible_ = false;
     rv = SDCH_DICTIONARY_HASH_MALFORMED;
   }
-  if (rv != SDCH_OK) {
+
+  if (rv != SDCH_OK)
     LogSdchProblem(rv);
+
+  if (!dictionary_) {
     decoding_status_ = DECODING_ERROR;
     return FILTER_ERROR;
   }
-  DCHECK(dictionary_.get());
+
   vcdiff_streaming_decoder_.reset(new open_vcdiff::VCDiffStreamingDecoder);
   vcdiff_streaming_decoder_->SetAllowVcdTarget(false);
   vcdiff_streaming_decoder_->StartDecoding(dictionary_->text().data(),
                                            dictionary_->text().size());
   decoding_status_ = DECODING_IN_PROGRESS;
   return FILTER_OK;
 }
 
 int SdchFilter::OutputBufferExcess(char* const dest_buffer,
                                    size_t available_space) {
@@ skipping 14 matching lines @@
 }
 
 void SdchFilter::LogSdchProblem(SdchProblemCode problem) {
   SdchManager::SdchErrorRecovery(problem);
   filter_context_.GetNetLog().AddEvent(
       NetLog::TYPE_SDCH_DECODING_ERROR,
       base::Bind(&NetLogSdchResourceProblemCallback, problem));
 }
 
 }  // namespace net