Avoid use-after-free of ProtocolHandlerRegistry

Change-Id: Ib84a80472a93f53f3675cb8c2db6fa377322b86b Reviewed-by: Michal Klocek <michal.klocek@qt.io>
author: Jüri Valdmann <juri.valdmann@qt.io> 2018-03-01 15:46:51 +0100
committer: Kai Koehne <kai.koehne@qt.io> 2018-03-08 14:41:13 +0000
commit: 0e94374ae00236ab94036e9aefb5a5abdf7d14e1 (patch)
tree: d6fc46c589391a1e06ab811cd6dd572da5bf1a13
parent: a03fb5fc7ac03c35739324d63eb29da756e1e908 (diff)
3 files changed, 23 insertions, 8 deletions
diff --git a/src/core/register_protocol_handler_permission_controller_impl.cpp b/src/core/register_protocol_handler_permission_controller_impl.cpp
index 96f2edb87..98d257e38 100644
--- a/src/core/register_protocol_handler_permission_controller_impl.cpp
+++ b/src/core/register_protocol_handler_permission_controller_impl.cpp
@@ -38,28 +38,41 @@
 ****************************************************************************/
 #include "register_protocol_handler_permission_controller_impl.h"
 
+#include "chrome/browser/custom_handlers/protocol_handler_registry_factory.h"
+#include "content/public/browser/web_contents.h"
 #include "type_conversion.h"
 
 namespace QtWebEngineCore {
 
 RegisterProtocolHandlerPermissionControllerImpl::RegisterProtocolHandlerPermissionControllerImpl(
-    ProtocolHandlerRegistry *registry,
+    content::WebContents *webContents,
     ProtocolHandler handler)
     : RegisterProtocolHandlerPermissionController(
         toQt(handler.url()),
         toQt(handler.protocol()))
-    , m_registry(registry)
+    , content::WebContentsObserver(webContents)
     , m_handler(handler)
 {}
 
+ProtocolHandlerRegistry *RegisterProtocolHandlerPermissionControllerImpl::protocolHandlerRegistry()
+{
+    content::WebContents *webContents = web_contents();
+    if (!webContents)
+        return nullptr;
+    content::BrowserContext *context = webContents->GetBrowserContext();
+    return ProtocolHandlerRegistryFactory::GetForBrowserContext(context);
+}
+
 void RegisterProtocolHandlerPermissionControllerImpl::accepted()
 {
-    m_registry->OnAcceptRegisterProtocolHandler(m_handler);
+    if (ProtocolHandlerRegistry *registry = protocolHandlerRegistry())
+        registry->OnAcceptRegisterProtocolHandler(m_handler);
 }
 
 void RegisterProtocolHandlerPermissionControllerImpl::rejected()
 {
-    m_registry->OnIgnoreRegisterProtocolHandler(m_handler);
+    if (ProtocolHandlerRegistry *registry = protocolHandlerRegistry())
+        registry->OnIgnoreRegisterProtocolHandler(m_handler);
 }
 
 } // namespace QtWebEngineCore
diff --git a/src/core/register_protocol_handler_permission_controller_impl.h b/src/core/register_protocol_handler_permission_controller_impl.h
index 57a094fd9..739b320c0 100644
--- a/src/core/register_protocol_handler_permission_controller_impl.h
+++ b/src/core/register_protocol_handler_permission_controller_impl.h
@@ -44,15 +44,17 @@
 
 #include "chrome/browser/custom_handlers/protocol_handler_registry.h"
 #include "chrome/common/custom_handlers/protocol_handler.h"
+#include "content/public/browser/web_contents_observer.h"
 
 class ProtocolHandlerRegistry;
 
 namespace QtWebEngineCore {
 
-class RegisterProtocolHandlerPermissionControllerImpl final : public RegisterProtocolHandlerPermissionController {
+class RegisterProtocolHandlerPermissionControllerImpl final : public RegisterProtocolHandlerPermissionController,
+                                                              private content::WebContentsObserver {
 public:
     RegisterProtocolHandlerPermissionControllerImpl(
-        ProtocolHandlerRegistry *registry,
+        content::WebContents *webContents,
         ProtocolHandler handler);
 
 protected:
@@ -60,7 +62,7 @@ protected:
     void rejected() override;
 
 private:
-    ProtocolHandlerRegistry *m_registry;
+    ProtocolHandlerRegistry *protocolHandlerRegistry();
     ProtocolHandler m_handler;
 };
 
diff --git a/src/core/web_contents_delegate_qt.cpp b/src/core/web_contents_delegate_qt.cpp
index bec4d5d2f..2cbb9e477 100644
--- a/src/core/web_contents_delegate_qt.cpp
+++ b/src/core/web_contents_delegate_qt.cpp
@@ -655,7 +655,7 @@ void WebContentsDelegateQt::RegisterProtocolHandler(content::WebContents *webCon
         return;
 
     QSharedPointer<RegisterProtocolHandlerPermissionController> controller(
-        new RegisterProtocolHandlerPermissionControllerImpl(registry, handler));
+        new RegisterProtocolHandlerPermissionControllerImpl(webContents, handler));
     m_viewClient->runRegisterProtocolHandlerPermissionRequest(std::move(controller));
 }
author	Jüri Valdmann <juri.valdmann@qt.io>	2018-03-01 15:46:51 +0100
committer	Kai Koehne <kai.koehne@qt.io>	2018-03-08 14:41:13 +0000
commit	0e94374ae00236ab94036e9aefb5a5abdf7d14e1 (patch)
tree	d6fc46c589391a1e06ab811cd6dd572da5bf1a13
parent	a03fb5fc7ac03c35739324d63eb29da756e1e908 (diff)