diff options
| author | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-18 05:20:38 +0000 |
|---|---|---|
| committer | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-18 05:20:38 +0000 |
| commit | 4fd7740a0af51ef1f43ee9e898177301f7918ebf (patch) | |
| tree | a173a2090668fa9ec4e153d56e223e9c7364ebeb | |
| parent | dc7b1c369e5fffa520d33a70df05015682ded2b8 (diff) | |
| download | chromium_src-4fd7740a0af51ef1f43ee9e898177301f7918ebf.zip chromium_src-4fd7740a0af51ef1f43ee9e898177301f7918ebf.tar.gz chromium_src-4fd7740a0af51ef1f43ee9e898177301f7918ebf.tar.bz2 | |
The WebPluginImpl::paint function can be invoked when the delegate_ member is NULL. This scenario
can happen if a plugin is reinitialized, in which case the plugin instance is torn down and a new one
is initialized. If the second initialization fails, we have a plugin instance in the renderer which has
a NULL delegate_.
Fix is to add a NULL check for the delegate in the paint function.
Fixes http://code.google.com/p/chromium/issues/detail?id=22196
Bug=22196
Review URL: http://codereview.chromium.org/215018
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@26552 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | webkit/glue/webplugin_impl.cc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/webkit/glue/webplugin_impl.cc b/webkit/glue/webplugin_impl.cc index 7951237..dc1627c 100644 --- a/webkit/glue/webplugin_impl.cc +++ b/webkit/glue/webplugin_impl.cc @@ -236,6 +236,8 @@ NPObject* WebPluginImpl::scriptableObject() { } void WebPluginImpl::paint(WebCanvas* canvas, const WebRect& paint_rect) { + if (!delegate_) + return; // Note that |context| is only used when in windowless mode. #if WEBKIT_USING_SKIA gfx::NativeDrawingContext context = canvas->beginPlatformPaint(); |