Add check for mismatching item and document sequence numbers.

When a PageState update is received from the renderer process, it must be for the current session history entry. This means that the sequence numbers associated with the FrameNavigationEntry should match the ones coming from the renderer process. This CL is adding explicit check for this and a DumpWithoutCrashing to help diagnose what cases can cause a mismatch. BUG=628677 Review-Url: https://codereview.chromium.org/2172123004 Cr-Commit-Position: refs/heads/master@{#407316}

Add check for mismatching item and document sequence numbers.
When a PageState update is received from the renderer process, it must be for the current session history entry. This means that the sequence numbers associated with the FrameNavigationEntry should match the ones coming from the renderer process. This CL is adding explicit check for this and a DumpWithoutCrashing to help diagnose what cases can cause a mismatch. BUG=628677 Review-Url: https://codereview.chromium.org/2172123004 Cr-Commit-Position: refs/heads/master@{#407316}
e3e35c2d · nasko · Commit bot · 3850a4d9 · e3e35c2d
Commit e3e35c2d authored Jul 22, 2016 by nasko Committed by Commit bot Jul 23, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 0 deletions

content/browser/web_contents/web_contents_impl.cc content/browser/web_contents/web_contents_impl.cc +21 -0

No files found.
--- a/content/browser/web_contents/web_contents_impl.cc
+++ b/content/browser/web_contents/web_contents_impl.cc
@@ -10,6 +10,7 @@
 #include <utility>

 #include "base/command_line.h"
+#include "base/debug/dump_without_crashing.h"
 #include "base/feature_list.h"
 #include "base/lazy_instance.h"
 #include "base/location.h"
@@ -81,6 +82,7 @@
 #include "content/common/input/web_input_event_traits.h"
 #include "content/common/input_messages.h"
 #include "content/common/page_messages.h"
+#include "content/common/page_state_serialization.h"
 #include "content/common/site_isolation_policy.h"
 #include "content/common/ssl_status_serialization.h"
 #include "content/common/view_messages.h"
@@ -4475,6 +4477,25 @@ void WebContentsImpl::UpdateStateForFrame(RenderFrameHost* render_frame_host,
  if (page_state == frame_entry->page_state())
    return;  // Nothing to update.

+  // The document_sequence_number and item_sequence_number recorded in the
+  // FrameNavigationEntry should not differ from the one coming with the update,
+  // since it must come from the same document.
+  ExplodedPageState exploded_state;
+  if (!DecodePageState(page_state.ToEncodedData(), &exploded_state))
+    return;
+
+  if (exploded_state.top.document_sequence_number !=
+          frame_entry->document_sequence_number() ||
+      exploded_state.top.item_sequence_number !=
+          frame_entry->item_sequence_number()) {
+    // Generate a minidump, which can be debugged to understand the root cause
+    // this unexpected update.
+    // TODO(nasko): Remove once https://crbug.com/628677 is understood.
+    base::debug::Alias(&page_state);
+    base::debug::DumpWithoutCrashing();
+    return;
+  }
+
  frame_entry->set_page_state(page_state);
  controller_.NotifyEntryChanged(entry);
 }