Add helper method to check for invalid message source.

content/browser/web_contents/web_contents_impl.cc

Index: content/browser/web_contents/web_contents_impl.cc
diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
index f8b723ff8395f5427612f85c26003b8a1b09951a..c79cde884e33d038de59f99aa44ec3549cf1b3e5 100644
--- a/content/browser/web_contents/web_contents_impl.cc
+++ b/content/browser/web_contents/web_contents_impl.cc
@@ -568,6 +568,16 @@ bool WebContentsImpl::OnMessageReceived(RenderViewHost* render_view_host,
   return handled;
 }
 
+bool WebContentsImpl::HasValidFrameSource() {
+  if (!render_frame_message_source_) {

[Charlie Reis, 2015/01/27 23:16:17]

nit: As long as we're making this a helper method, let's make the motivation for
killing the top-level process a little clearer by adding:

DCHECK(render_view_message_source_);

(I think DCHECK is better than CHECK here, since it's mainly documenting that we
don't expect this to fail, without needing it to be strictly enforced.)

[nasko, 2015/01/28 02:20:10]

Done.

+    RecordAction(base::UserMetricsAction("BadMessageTerminate_WC"));
+    GetRenderProcessHost()->ReceivedBadMessage();
+    return false;
+  }
+
+  return true;
+}
+
 void WebContentsImpl::RunFileChooser(
     RenderViewHost* render_view_host,
     const FileChooserParams& params) {
@@ -2764,11 +2774,8 @@ void WebContentsImpl::OnDidRunInsecureContent(
 }
 
 void WebContentsImpl::OnDocumentLoadedInFrame() {
-  if (!render_frame_message_source_) {
-    RecordAction(base::UserMetricsAction("BadMessageTerminate_WC"));
-    GetRenderProcessHost()->ReceivedBadMessage();
+  if (!HasValidFrameSource())
     return;
-  }
 
   RenderFrameHostImpl* rfh =
       static_cast<RenderFrameHostImpl*>(render_frame_message_source_);
@@ -2777,11 +2784,8 @@ void WebContentsImpl::OnDocumentLoadedInFrame() {
 }
 
 void WebContentsImpl::OnDidFinishLoad(const GURL& url) {
-  if (!render_frame_message_source_) {
-    RecordAction(base::UserMetricsAction("BadMessageTerminate_WC"));
-    GetRenderProcessHost()->ReceivedBadMessage();
+  if (!HasValidFrameSource())
     return;
-  }
 
   GURL validated_url(url);
   RenderProcessHost* render_process_host =
@@ -2795,6 +2799,9 @@ void WebContentsImpl::OnDidFinishLoad(const GURL& url) {
 }
 
 void WebContentsImpl::OnDidStartLoading(bool to_different_document) {
+  if (!HasValidFrameSource())
+    return;
+
   RenderFrameHostImpl* rfh =
       static_cast<RenderFrameHostImpl*>(render_frame_message_source_);
   int64 render_frame_id = rfh->frame_tree_node()->frame_tree_node_id();
@@ -2837,6 +2844,9 @@ void WebContentsImpl::OnDidStartLoading(bool to_different_document) {
 }
 
 void WebContentsImpl::OnDidStopLoading() {
+  if (!HasValidFrameSource())
+    return;
+
   RenderFrameHostImpl* rfh =
       static_cast<RenderFrameHostImpl*>(render_frame_message_source_);
   int64 render_frame_id = rfh->frame_tree_node()->frame_tree_node_id();
@@ -2865,6 +2875,9 @@ void WebContentsImpl::OnDidStopLoading() {
 }
 
 void WebContentsImpl::OnDidChangeLoadProgress(double load_progress) {
+  if (!HasValidFrameSource())
+    return;
+
   RenderFrameHostImpl* rfh =
       static_cast<RenderFrameHostImpl*>(render_frame_message_source_);
   int64 render_frame_id = rfh->frame_tree_node()->frame_tree_node_id();
@@ -3001,9 +3014,9 @@ void WebContentsImpl::OnOpenColorChooser(
     int color_chooser_id,
     SkColor color,
     const std::vector<ColorSuggestion>& suggestions) {
-  // Protect against malicious renderer. See http://crbug.com/449777
-  if (!render_frame_message_source_)
+  if (!HasValidFrameSource())
     return;
+
   ColorChooser* new_color_chooser = delegate_ ?
       delegate_->OpenColorChooser(this, color, suggestions) :
       NULL;
@@ -4412,6 +4425,9 @@ void WebContentsImpl::OnPreferredSizeChanged(const gfx::Size& old_size) {
 
 void WebContentsImpl::AddMediaPlayerEntry(int64 player_cookie,
                                           ActiveMediaPlayerMap* player_map) {
+  if (!HasValidFrameSource())
+    return;
+
   const uintptr_t key =
       reinterpret_cast<uintptr_t>(render_frame_message_source_);
   DCHECK(std::find((*player_map)[key].begin(),
@@ -4422,6 +4438,9 @@ void WebContentsImpl::AddMediaPlayerEntry(int64 player_cookie,
 
 void WebContentsImpl::RemoveMediaPlayerEntry(int64 player_cookie,
                                              ActiveMediaPlayerMap* player_map) {
+  if (!HasValidFrameSource())
+    return;
+
   const uintptr_t key =
       reinterpret_cast<uintptr_t>(render_frame_message_source_);
   ActiveMediaPlayerMap::iterator it = player_map->find(key);