diff options
author | tommycli <tommycli@chromium.org> | 2016-03-25 15:06:33 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-03-25 22:09:37 +0000 |
commit | 12c8005e13fb59b925f5c9fddec7b4edbcf35a5a (patch) | |
tree | e2fc641061a19c8c07ce752e31c9ebf0b912f68c | |
parent | 02d355d4a23e20555f17279a6153ec75ee21bd9a (diff) | |
download | chromium_src-12c8005e13fb59b925f5c9fddec7b4edbcf35a5a.zip chromium_src-12c8005e13fb59b925f5c9fddec7b4edbcf35a5a.tar.gz chromium_src-12c8005e13fb59b925f5c9fddec7b4edbcf35a5a.tar.bz2 |
Plugins: Add a CHECK to PepperWebPluginImpl::destroy to solve crash.
PepperWebPluginImpl seems to be double-destroyed in some renderer
crashes. However, I have not been able to track it down, since the
destruction occurs in a DeleteSoon queue.
This adds an explicit boolean to the destroy() method that should
trigger a CHECK if it is indeed double-destroyed.
BUG=588624
Review URL: https://codereview.chromium.org/1838613002
Cr-Commit-Position: refs/heads/master@{#383377}
-rw-r--r-- | content/renderer/pepper/pepper_webplugin_impl.cc | 5 | ||||
-rw-r--r-- | content/renderer/pepper/pepper_webplugin_impl.h | 4 |
2 files changed, 9 insertions, 0 deletions
diff --git a/content/renderer/pepper/pepper_webplugin_impl.cc b/content/renderer/pepper/pepper_webplugin_impl.cc index 622bfbe..edf96ee 100644 --- a/content/renderer/pepper/pepper_webplugin_impl.cc +++ b/content/renderer/pepper/pepper_webplugin_impl.cc @@ -67,6 +67,7 @@ PepperWebPluginImpl::PepperWebPluginImpl( throttler_(std::move(throttler)), instance_object_(PP_MakeUndefined()), container_(NULL), + destroyed_(false), weak_factory_(this) { DCHECK(plugin_module); init_data_->module = plugin_module; @@ -150,6 +151,10 @@ bool PepperWebPluginImpl::initialize(WebPluginContainer* container) { } void PepperWebPluginImpl::destroy() { + // TODO(tommycli): Remove once we fix https://crbug.com/588624. + CHECK(!destroyed_); + destroyed_ = true; + // Tell |container_| to clear references to this plugin's script objects. if (container_) container_->clearScriptObjects(); diff --git a/content/renderer/pepper/pepper_webplugin_impl.h b/content/renderer/pepper/pepper_webplugin_impl.h index 65641ea..406bf4d 100644 --- a/content/renderer/pepper/pepper_webplugin_impl.h +++ b/content/renderer/pepper/pepper_webplugin_impl.h @@ -100,6 +100,10 @@ class PepperWebPluginImpl : public blink::WebPlugin { gfx::Rect plugin_rect_; PP_Var instance_object_; blink::WebPluginContainer* container_; + + // TODO(tommycli): Remove once we fix https://crbug.com/588624. + bool destroyed_; + base::WeakPtrFactory<PepperWebPluginImpl> weak_factory_; DISALLOW_COPY_AND_ASSIGN(PepperWebPluginImpl); |