Google Git
Sign in
chromium / chromium / src / 3d6d6765267a2c3fa6772e307afd78e95e7132f7^! / . / chrome / browser / extensions / tab_helper.h
commit3d6d6765267a2c3fa6772e307afd78e95e7132f7[log] [tgz]
author[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Mon Oct 14 20:44:55 2013
committer[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Mon Oct 14 20:44:55 2013
treea01d28cc7b8382de1494b2829b0c2a293063bfcd
parent1cef2cce37ac9a9c63bc4d0f1792b7977f8ce0a0 [diff] [blame]
Fix WebstoreInlineInstaller ASAN bugs

Certain code paths which called back onto a raw pointer to a
WebstoreInlineInstaller could not guarantee the object's existence at
callback time.

Additional ref counts have been added to ensure that this is no longer the case.

This is a continuation of the reverted https://codereview.chromium.org/24839002/
due to a previously missed test case.

BUG=236513, 241431, 241432, 247774, 263004

Review URL: https://codereview.chromium.org/27034008

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@228522 0039d316-1c4b-4281-b951-d872f2087c98

diff --git a/chrome/browser/extensions/tab_helper.h b/chrome/browser/extensions/tab_helper.h
index dfd7c94..e3538cf5 100644
--- a/chrome/browser/extensions/tab_helper.h
+++ b/chrome/browser/extensions/tab_helper.h

@@ -10,6 +10,7 @@
 #include <vector>
 
 #include "base/memory/ref_counted.h"
+#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/observer_list.h"
 #include "chrome/browser/extensions/active_tab_permission_granter.h"
@@ -36,6 +37,7 @@
 class ScriptBadgeController;
 class ScriptBubbleController;
 class ScriptExecutor;
+class WebstoreInlineInstallerFactory;
 
 // Per-tab extension helper. Also handles non-extension apps.
 class TabHelper : public content::WebContentsObserver,
@@ -155,6 +157,11 @@
   // INVALIDATE_TYPE_TITLE navigation state change to trigger repaint of title.
   void SetAppIcon(const SkBitmap& app_icon);
 
+  // Sets the factory used to create inline webstore item installers.
+  // Used for testing. Takes ownership of the factory instance.
+  void SetWebstoreInlineInstallerFactoryForTests(
+      WebstoreInlineInstallerFactory* factory);
+
  private:
   explicit TabHelper(content::WebContents* web_contents);
   friend class content::WebContentsUserData<TabHelper>;
@@ -263,6 +270,9 @@
   // Vend weak pointers that can be invalidated to stop in-progress loads.
   base::WeakPtrFactory<TabHelper> image_loader_ptr_factory_;
 
+  // Creates WebstoreInlineInstaller instances for inline install triggers.
+  scoped_ptr<WebstoreInlineInstallerFactory> webstore_inline_installer_factory_;
+
   DISALLOW_COPY_AND_ASSIGN(TabHelper);
 };