[Extension Bindings] Check context validity in APIBindingBridge

APIBindingBridge calls back into JS to allow custom JS bindings to
register any hooks needed. Check context validity before executing
JS, and gracefully throw an error if the context is invalid.

Add unittests for the same.

Bug: 819968

Change-Id: Ibb724537c4bf3d320a6f4a80b9f19fe413e00840
Reviewed-on: https://chromium-review.googlesource.com/958296Reviewed-by: Jeremy Roman <jbroman@chromium.org>
Commit-Queue: Devlin <rdevlin.cronin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#543332}

extensions/renderer/BUILD.gn

@@ -394,6 +394,7 @@ source_set("unit_tests") {
   sources = [
     "activity_log_converter_strategy_unittest.cc",
     "api_activity_logger_unittest.cc",
+    "bindings/api_binding_bridge_unittest.cc",
     "bindings/api_binding_hooks_test_delegate.cc",
     "bindings/api_binding_hooks_test_delegate.h",
     "bindings/api_binding_js_util_unittest.cc",

extensions/renderer/bindings/api_binding_bridge.cc

@@ -6,6 +6,7 @@
 
 #include "base/values.h"
 #include "extensions/renderer/bindings/api_binding_hooks.h"
+#include "extensions/renderer/bindings/api_binding_util.h"
 #include "extensions/renderer/bindings/js_runner.h"
 #include "gin/converter.h"
 #include "gin/object_template_builder.h"
@@ -61,6 +62,9 @@ void APIBindingBridge::RegisterCustomHook(v8::Isolate* isolate,
   // The object and arguments here are meant to match those passed to the hook
   // functions in binding.js.
   v8::Local<v8::Context> context = isolate->GetCurrentContext();
+  if (!binding::IsContextValidOrThrowError(context))
+    return;  // Context has been invalidated.
+
   v8::Local<v8::Object> hook_object = v8::Object::New(isolate);
   v8::Local<v8::Object> wrapper;
   if (!GetWrapper(isolate).ToLocal(&wrapper))

extensions/renderer/bindings/api_binding_bridge_unittest.cc

+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "extensions/renderer/bindings/api_binding_bridge.h"
+
+#include "extensions/renderer/bindings/api_binding_hooks.h"
+#include "extensions/renderer/bindings/api_binding_test.h"
+#include "extensions/renderer/bindings/api_binding_test_util.h"
+#include "gin/handle.h"
+
+namespace extensions {
+
+using APIBindingBridgeTest = APIBindingTest;
+
+TEST_F(APIBindingBridgeTest, TestUseAfterContextInvalidation) {
+  v8::HandleScope handle_scope(isolate());
+  v8::Local<v8::Context> context = MainContext();
+  v8::Context::Scope context_scope(context);
+
+  std::string extension_id(32, 'a');
+  std::string context_type = "context type";
+  v8::Local<v8::Object> api_object = v8::Object::New(isolate());
+
+  APIBindingHooks hooks("apiName");
+  gin::Handle<APIBindingBridge> bridge_handle = gin::CreateHandle(
+      context->GetIsolate(), new APIBindingBridge(&hooks, context, api_object,
+                                                  extension_id, context_type));
+  v8::Local<v8::Object> bridge_object = bridge_handle.ToV8().As<v8::Object>();
+
+  DisposeContext(context);
+
+  v8::Local<v8::Function> function = FunctionFromString(
+      context, "(function(obj) { obj.registerCustomHook(function() {}); })");
+  v8::Local<v8::Value> args[] = {bridge_object};
+  RunFunctionAndExpectError(function, context, arraysize(args), args,
+                            "Uncaught Error: Extension context invalidated.");
+}
+
+}  // namespace extensions