Maintain a local/global stack for the global WebPluginDelegateImpl instance pointer. Based on the crash dump, the crash occurs in the windows message filter hook, used for tracking whether the plugin enters a modal loop. The global plugin instance pointer gets reset to NULL in the windowed plugin wndproc and HandleEvent. If these events occur in nested order, then it is quite possible for the plugin instance pointer to get set to NULL incorrectly.

Added a check for whether this pointer is NULL in the message filter hook along with a NOTREACHED statement. We maintain a local global stack to ensure that the plugin instance pointer gets set/reset correctly. The bug is http://code.google.com/p/chromium/issues/detail?id=6703 The other issue being fixed is to set the modal_loop_pump_messages_event coming in from the plugin in WebPluginDelegateProxy correctly. This caused the plugin to not receive events when it enters a modal loop like a context menu. Bug=6703 Review URL: http://codereview.chromium.org/19444 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@8914 0039d316-1c4b-4281-b951-d872f2087c98
author: ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-01-29 21:53:38 +0000
committer: ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-01-29 21:53:38 +0000
commit: 5ebeb1191489135b549a38e1490b5b944776a50d (patch)
tree: 827a72f2f938fef8885ef2a7f12bc055b07b0391
parent: 0c4055044da98ab3ec9c778220f5852ba53dc2d7 (diff)
download: chromium_src-5ebeb1191489135b549a38e1490b5b944776a50d.zip
chromium_src-5ebeb1191489135b549a38e1490b5b944776a50d.tar.gz
chromium_src-5ebeb1191489135b549a38e1490b5b944776a50d.tar.bz2
2 files changed, 24 insertions, 7 deletions
diff --git a/chrome/renderer/webplugin_delegate_proxy.cc b/chrome/renderer/webplugin_delegate_proxy.cc
index 0cb2f1f..705a65d 100644
--- a/chrome/renderer/webplugin_delegate_proxy.cc
+++ b/chrome/renderer/webplugin_delegate_proxy.cc
@@ -581,7 +581,13 @@ void WebPluginDelegateProxy::OnSetWindow(
     plugin_->SetWindow(window, modal_loop_pump_messages_event);
 
   DCHECK(modal_loop_pump_messages_event_ == NULL);
-  modal_loop_pump_messages_event_.reset();
+
+  if (modal_loop_pump_messages_event) {
+    modal_loop_pump_messages_event_.reset(
+        new base::WaitableEvent(modal_loop_pump_messages_event));
+  } else {
+    modal_loop_pump_messages_event_.reset();
+  }
 }
 
 void WebPluginDelegateProxy::OnCancelResource(int id) {
diff --git a/webkit/glue/plugins/webplugin_delegate_impl.cc b/webkit/glue/plugins/webplugin_delegate_impl.cc
index 12333ae..b1fc5ae 100644
--- a/webkit/glue/plugins/webplugin_delegate_impl.cc
+++ b/webkit/glue/plugins/webplugin_delegate_impl.cc
@@ -120,9 +120,11 @@ bool WebPluginDelegateImpl::IsDummyActivationWindow(HWND window) {
 
 LRESULT CALLBACK WebPluginDelegateImpl::HandleEventMessageFilterHook(
     int code, WPARAM wParam, LPARAM lParam) {
-
-  DCHECK(g_current_plugin_instance);
-  g_current_plugin_instance->OnModalLoopEntered();
+  if (g_current_plugin_instance) {
+    g_current_plugin_instance->OnModalLoopEntered();
+  } else {
+    NOTREACHED();
+  }
   return CallNextHookEx(NULL, code, wParam, lParam);
 }
 
@@ -827,6 +829,10 @@ LRESULT CALLBACK WebPluginDelegateImpl::NativeWndProc(
     return FALSE;
   }
 
+  // Maintain a local/global stack for the g_current_plugin_instance variable
+  // as this may be a nested invocation.
+  WebPluginDelegateImpl* last_plugin_instance = g_current_plugin_instance;
+
   g_current_plugin_instance = delegate;
 
   switch (message) {
@@ -846,7 +852,7 @@ LRESULT CALLBACK WebPluginDelegateImpl::NativeWndProc(
       if (delegate->quirks() & PLUGIN_QUIRK_THROTTLE_WM_USER_PLUS_ONE) {
         WebPluginDelegateImpl::ThrottleMessage(delegate->plugin_wnd_proc_, hwnd,
                                                message, wparam, lparam);
-        g_current_plugin_instance = NULL;
+        g_current_plugin_instance = last_plugin_instance;
         return FALSE;
       }
       break;
@@ -873,7 +879,7 @@ LRESULT CALLBACK WebPluginDelegateImpl::NativeWndProc(
   LRESULT result = CallWindowProc(delegate->plugin_wnd_proc_, hwnd, message,
                                   wparam, lparam);
   delegate->is_calling_wndproc = false;
-  g_current_plugin_instance = NULL;
+  g_current_plugin_instance = last_plugin_instance;
   return result;
 }
 
@@ -1015,6 +1021,11 @@ bool WebPluginDelegateImpl::HandleEvent(NPEvent* event,
   bool old_task_reentrancy_state =
       MessageLoop::current()->NestableTasksAllowed();
 
+
+  // Maintain a local/global stack for the g_current_plugin_instance variable
+  // as this may be a nested invocation.
+  WebPluginDelegateImpl* last_plugin_instance = g_current_plugin_instance;
+
   g_current_plugin_instance = this;
 
   handle_event_depth_++;
@@ -1041,7 +1052,7 @@ bool WebPluginDelegateImpl::HandleEvent(NPEvent* event,
 
   handle_event_depth_--;
 
-  g_current_plugin_instance = NULL;
+  g_current_plugin_instance = last_plugin_instance;
 
   MessageLoop::current()->SetNestableTasksAllowed(old_task_reentrancy_state);
author	ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-01-29 21:53:38 +0000
committer	ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-01-29 21:53:38 +0000
commit	5ebeb1191489135b549a38e1490b5b944776a50d (patch)
tree	827a72f2f938fef8885ef2a7f12bc055b07b0391
parent	0c4055044da98ab3ec9c778220f5852ba53dc2d7 (diff)
download	chromium_src-5ebeb1191489135b549a38e1490b5b944776a50d.zip chromium_src-5ebeb1191489135b549a38e1490b5b944776a50d.tar.gz chromium_src-5ebeb1191489135b549a38e1490b5b944776a50d.tar.bz2