diff options
| author | piman@chromium.org <piman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-18 22:26:06 +0000 |
|---|---|---|
| committer | piman@chromium.org <piman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-18 22:26:06 +0000 |
| commit | 7c23cfc44c6fa5d224acd7cae942dc7310138c7b (patch) | |
| tree | ae569425056ebb156ee551cdc53c181dbbeac608 | |
| parent | ac85724fdcee9a6de40fe5f953f9e5787621af23 (diff) | |
| download | chromium_src-7c23cfc44c6fa5d224acd7cae942dc7310138c7b.zip chromium_src-7c23cfc44c6fa5d224acd7cae942dc7310138c7b.tar.gz chromium_src-7c23cfc44c6fa5d224acd7cae942dc7310138c7b.tar.bz2 | |
linux/mac: fix another race condition with the plugin channel
http://codereview.chromium.org/165280 helped a lot, but it turns out that the ResourceClientProxy keep a reference to the channel, and it's hard to clean those in time.
To be on the safe side, remove the name->FD mapping when the channel is removed from the name->channel map.
Also remove it when a channel error occurs. Again, to be on the safe side, the channel is unusable at this point (the other side may have closed it already), so it's better to drop it.
BUG=18521
Review URL: http://codereview.chromium.org/171100
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@23666 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/plugin/plugin_channel.cc | 1 | ||||
| -rw-r--r-- | chrome/plugin/plugin_channel_base.cc | 14 | ||||
| -rw-r--r-- | chrome/renderer/plugin_channel_host.cc | 7 |
3 files changed, 14 insertions, 8 deletions
diff --git a/chrome/plugin/plugin_channel.cc b/chrome/plugin/plugin_channel.cc index 7234e16..04d9afc 100644 --- a/chrome/plugin/plugin_channel.cc +++ b/chrome/plugin/plugin_channel.cc @@ -58,7 +58,6 @@ PluginChannel::~PluginChannel() { if (renderer_handle_) base::CloseProcessHandle(renderer_handle_); #if defined(OS_POSIX) - IPC::RemoveAndCloseChannelSocket(channel_name()); // If we still have the renderer FD, close it. if (renderer_fd_ != -1) { close(renderer_fd_); diff --git a/chrome/plugin/plugin_channel_base.cc b/chrome/plugin/plugin_channel_base.cc index 4ef42ae..73a32e6 100644 --- a/chrome/plugin/plugin_channel_base.cc +++ b/chrome/plugin/plugin_channel_base.cc @@ -8,6 +8,10 @@ #include "chrome/common/child_process.h" #include "ipc/ipc_sync_message.h" +#if defined(OS_POSIX) +#include "ipc/ipc_channel_posix.h" +#endif + typedef base::hash_map<std::string, scoped_refptr<PluginChannelBase> > PluginChannelMap; @@ -167,6 +171,11 @@ void PluginChannelBase::RemoveRoute(int route_id) { PluginChannelMap::iterator iter = g_plugin_channels_.begin(); while (iter != g_plugin_channels_.end()) { if (iter->second == this) { +#if defined(OS_POSIX) + if (channel_valid()) { + IPC::RemoveAndCloseChannelSocket(channel_name()); + } +#endif g_plugin_channels_.erase(iter); return; } @@ -184,6 +193,11 @@ void PluginChannelBase::OnControlMessageReceived(const IPC::Message& msg) { } void PluginChannelBase::OnChannelError() { +#if defined(OS_POSIX) + if (channel_valid()) { + IPC::RemoveAndCloseChannelSocket(channel_name()); + } +#endif channel_valid_ = false; } diff --git a/chrome/renderer/plugin_channel_host.cc b/chrome/renderer/plugin_channel_host.cc index 04d7b4f..e010c56 100644 --- a/chrome/renderer/plugin_channel_host.cc +++ b/chrome/renderer/plugin_channel_host.cc @@ -6,10 +6,6 @@ #include "chrome/common/plugin_messages.h" -#if defined(OS_POSIX) -#include "ipc/ipc_channel_posix.h" -#endif - // A simple MessageFilter that will ignore all messages and respond to sync // messages with an error when is_listening_ is false. class IsListeningFilter : public IPC::ChannelProxy::MessageFilter { @@ -80,9 +76,6 @@ PluginChannelHost::PluginChannelHost() { } PluginChannelHost::~PluginChannelHost() { -#if defined(OS_POSIX) - IPC::RemoveAndCloseChannelSocket(channel_name()); -#endif } bool PluginChannelHost::Init(MessageLoop* ipc_message_loop, |