Add helper method to check for invalid message source.

content/browser/web_contents/web_contents_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/web_contents/web_contents_impl.h"
 
 #include <utility>
 
 #include "base/command_line.h"
 #include "base/debug/trace_event.h"
@@ skipping 550 matching lines @@
                         OnOpenDateTimeDialog)
 #endif
     IPC_MESSAGE_UNHANDLED(handled = false)
   IPC_END_MESSAGE_MAP()
   render_view_message_source_ = NULL;
   render_frame_message_source_ = NULL;
 
   return handled;
 }
 
+bool WebContentsImpl::HasValidFrameSource() {
+  if (!render_frame_message_source_) {

[Charlie Reis, 2015/01/27 23:16:17]

nit: As long as we're making this a helper method, let's make the motivation for
killing the top-level process a little clearer by adding:

DCHECK(render_view_message_source_);

(I think DCHECK is better than CHECK here, since it's mainly documenting that we
don't expect this to fail, without needing it to be strictly enforced.)

[nasko, 2015/01/28 02:20:10]

Done.

+    RecordAction(base::UserMetricsAction("BadMessageTerminate_WC"));
+    GetRenderProcessHost()->ReceivedBadMessage();
+    return false;
+  }
+
+  return true;
+}
+
 void WebContentsImpl::RunFileChooser(
     RenderViewHost* render_view_host,
     const FileChooserParams& params) {
   if (delegate_)
     delegate_->RunFileChooser(this, params);
 }
 
 NavigationControllerImpl& WebContentsImpl::GetController() {
   return controller_;
 }
@@ skipping 2176 matching lines @@
   RecordAction(base::UserMetricsAction("SSL.RanInsecureContent"));
   if (EndsWith(security_origin, kDotGoogleDotCom, false))
     RecordAction(base::UserMetricsAction("SSL.RanInsecureContentGoogle"));
   controller_.ssl_manager()->DidRunInsecureContent(security_origin);
   displayed_insecure_content_ = true;
   SSLManager::NotifySSLInternalStateChanged(
       GetController().GetBrowserContext());
 }
 
 void WebContentsImpl::OnDocumentLoadedInFrame() {
-  if (!render_frame_message_source_) {
-    RecordAction(base::UserMetricsAction("BadMessageTerminate_WC"));
-    GetRenderProcessHost()->ReceivedBadMessage();
+  if (!HasValidFrameSource())
     return;
-  }
 
   RenderFrameHostImpl* rfh =
       static_cast<RenderFrameHostImpl*>(render_frame_message_source_);
   FOR_EACH_OBSERVER(
       WebContentsObserver, observers_, DocumentLoadedInFrame(rfh));
 }
 
 void WebContentsImpl::OnDidFinishLoad(const GURL& url) {
-  if (!render_frame_message_source_) {
-    RecordAction(base::UserMetricsAction("BadMessageTerminate_WC"));
-    GetRenderProcessHost()->ReceivedBadMessage();
+  if (!HasValidFrameSource())
     return;
-  }
 
   GURL validated_url(url);
   RenderProcessHost* render_process_host =
       render_frame_message_source_->GetProcess();
   render_process_host->FilterURL(false, &validated_url);
 
   RenderFrameHostImpl* rfh =
       static_cast<RenderFrameHostImpl*>(render_frame_message_source_);
   FOR_EACH_OBSERVER(
       WebContentsObserver, observers_, DidFinishLoad(rfh, validated_url));
 }
 
 void WebContentsImpl::OnDidStartLoading(bool to_different_document) {
+  if (!HasValidFrameSource())
+    return;
+
   RenderFrameHostImpl* rfh =
       static_cast<RenderFrameHostImpl*>(render_frame_message_source_);
   int64 render_frame_id = rfh->frame_tree_node()->frame_tree_node_id();
 
   // Any main frame load to a new document should reset the load progress, since
   // it will replace the current page and any frames.
   if (to_different_document && !rfh->GetParent()) {
     ResetLoadProgressState();
     loading_frames_in_progress_ = 0;
     rfh->frame_tree_node()->set_is_loading(false);
@@ skipping 22 matching lines @@
   rfh->frame_tree_node()->set_is_loading(true);
 
   // Notify the RenderFrameHostManager of the event.
   rfh->frame_tree_node()->render_manager()->OnDidStartLoading();
 
   loading_progresses_[render_frame_id] = kMinimumLoadingProgress;
   SendLoadProgressChanged();
 }
 
 void WebContentsImpl::OnDidStopLoading() {
+  if (!HasValidFrameSource())
+    return;
+
   RenderFrameHostImpl* rfh =
       static_cast<RenderFrameHostImpl*>(render_frame_message_source_);
   int64 render_frame_id = rfh->frame_tree_node()->frame_tree_node_id();
   rfh->frame_tree_node()->set_is_loading(false);
 
   if (loading_progresses_.find(render_frame_id) != loading_progresses_.end()) {
     // Load stopped while we were still tracking load.  Make sure we update
     // progress based on this frame's completion.
     loading_progresses_[render_frame_id] = 1.0;
     SendLoadProgressChanged();
     // Then we clean-up our states.
     if (loading_total_progress_ == 1.0)
       ResetLoadProgressState();
   }
 
   // Notify the RenderFrameHostManager of the event.
   rfh->frame_tree_node()->render_manager()->OnDidStopLoading();
 
   // TODO(japhet): This should be a DCHECK, but the pdf plugin sometimes
   // calls DidStopLoading() without a matching DidStartLoading().
   if (loading_frames_in_progress_ == 0)
     return;
   --loading_frames_in_progress_;
   if (loading_frames_in_progress_ == 0)
     DidStopLoading(rfh);
 }
 
 void WebContentsImpl::OnDidChangeLoadProgress(double load_progress) {
+  if (!HasValidFrameSource())
+    return;
+
   RenderFrameHostImpl* rfh =
       static_cast<RenderFrameHostImpl*>(render_frame_message_source_);
   int64 render_frame_id = rfh->frame_tree_node()->frame_tree_node_id();
 
   loading_progresses_[render_frame_id] = load_progress;
 
   // We notify progress change immediately for the first and last updates.
   // Also, since the message loop may be pretty busy when a page is loaded, it
   // might not execute a posted task in a timely manner so we make sure to
   // immediately send progress report if enough time has passed.
@@ skipping 116 matching lines @@
                                          bool blocked_by_policy) {
   // Notify observers about navigation.
   FOR_EACH_OBSERVER(WebContentsObserver, observers_,
                     AppCacheAccessed(manifest_url, blocked_by_policy));
 }
 
 void WebContentsImpl::OnOpenColorChooser(
     int color_chooser_id,
     SkColor color,
     const std::vector<ColorSuggestion>& suggestions) {
-  // Protect against malicious renderer. See http://crbug.com/449777
-  if (!render_frame_message_source_)
+  if (!HasValidFrameSource())
     return;
+
   ColorChooser* new_color_chooser = delegate_ ?
       delegate_->OpenColorChooser(this, color, suggestions) :
       NULL;
   if (!new_color_chooser)
     return;
   if (color_chooser_info_.get())
     color_chooser_info_->chooser->End();
 
   color_chooser_info_.reset(new ColorChooserInfo(
       render_frame_message_source_->GetProcess()->GetID(),
@@ skipping 1388 matching lines @@
 void WebContentsImpl::OnPreferredSizeChanged(const gfx::Size& old_size) {
   if (!delegate_)
     return;
   const gfx::Size new_size = GetPreferredSize();
   if (new_size != old_size)
     delegate_->UpdatePreferredSize(this, new_size);
 }
 
 void WebContentsImpl::AddMediaPlayerEntry(int64 player_cookie,
                                           ActiveMediaPlayerMap* player_map) {
+  if (!HasValidFrameSource())
+    return;
+
   const uintptr_t key =
       reinterpret_cast<uintptr_t>(render_frame_message_source_);
   DCHECK(std::find((*player_map)[key].begin(),
                    (*player_map)[key].end(),
                    player_cookie) == (*player_map)[key].end());
   (*player_map)[key].push_back(player_cookie);
 }
 
 void WebContentsImpl::RemoveMediaPlayerEntry(int64 player_cookie,
                                              ActiveMediaPlayerMap* player_map) {
+  if (!HasValidFrameSource())
+    return;
+
   const uintptr_t key =
       reinterpret_cast<uintptr_t>(render_frame_message_source_);
   ActiveMediaPlayerMap::iterator it = player_map->find(key);
   if (it == player_map->end())
     return;
 
   // Remove the player.
   PlayerList::iterator player_it =
       std::find(it->second.begin(), it->second.end(), player_cookie);
   if (player_it != it->second.end())
@@ skipping 19 matching lines @@
   node->render_manager()->ResumeResponseDeferredAtStart();
 }
 
 void WebContentsImpl::SetForceDisableOverscrollContent(bool force_disable) {
   force_disable_overscroll_content_ = force_disable;
   if (view_)
     view_->SetOverscrollControllerEnabled(CanOverscrollContent());
 }
 
 }  // namespace content