summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortommycli <tommycli@chromium.org>2016-03-25 15:06:33 -0700
committerCommit bot <commit-bot@chromium.org>2016-03-25 22:09:37 +0000
commit12c8005e13fb59b925f5c9fddec7b4edbcf35a5a (patch)
treee2fc641061a19c8c07ce752e31c9ebf0b912f68c
parent02d355d4a23e20555f17279a6153ec75ee21bd9a (diff)
downloadchromium_src-12c8005e13fb59b925f5c9fddec7b4edbcf35a5a.zip
chromium_src-12c8005e13fb59b925f5c9fddec7b4edbcf35a5a.tar.gz
chromium_src-12c8005e13fb59b925f5c9fddec7b4edbcf35a5a.tar.bz2
Plugins: Add a CHECK to PepperWebPluginImpl::destroy to solve crash.
PepperWebPluginImpl seems to be double-destroyed in some renderer crashes. However, I have not been able to track it down, since the destruction occurs in a DeleteSoon queue. This adds an explicit boolean to the destroy() method that should trigger a CHECK if it is indeed double-destroyed. BUG=588624 Review URL: https://codereview.chromium.org/1838613002 Cr-Commit-Position: refs/heads/master@{#383377}
-rw-r--r--content/renderer/pepper/pepper_webplugin_impl.cc5
-rw-r--r--content/renderer/pepper/pepper_webplugin_impl.h4
2 files changed, 9 insertions, 0 deletions
diff --git a/content/renderer/pepper/pepper_webplugin_impl.cc b/content/renderer/pepper/pepper_webplugin_impl.cc
index 622bfbe..edf96ee 100644
--- a/content/renderer/pepper/pepper_webplugin_impl.cc
+++ b/content/renderer/pepper/pepper_webplugin_impl.cc
@@ -67,6 +67,7 @@ PepperWebPluginImpl::PepperWebPluginImpl(
throttler_(std::move(throttler)),
instance_object_(PP_MakeUndefined()),
container_(NULL),
+ destroyed_(false),
weak_factory_(this) {
DCHECK(plugin_module);
init_data_->module = plugin_module;
@@ -150,6 +151,10 @@ bool PepperWebPluginImpl::initialize(WebPluginContainer* container) {
}
void PepperWebPluginImpl::destroy() {
+ // TODO(tommycli): Remove once we fix https://crbug.com/588624.
+ CHECK(!destroyed_);
+ destroyed_ = true;
+
// Tell |container_| to clear references to this plugin's script objects.
if (container_)
container_->clearScriptObjects();
diff --git a/content/renderer/pepper/pepper_webplugin_impl.h b/content/renderer/pepper/pepper_webplugin_impl.h
index 65641ea..406bf4d 100644
--- a/content/renderer/pepper/pepper_webplugin_impl.h
+++ b/content/renderer/pepper/pepper_webplugin_impl.h
@@ -100,6 +100,10 @@ class PepperWebPluginImpl : public blink::WebPlugin {
gfx::Rect plugin_rect_;
PP_Var instance_object_;
blink::WebPluginContainer* container_;
+
+ // TODO(tommycli): Remove once we fix https://crbug.com/588624.
+ bool destroyed_;
+
base::WeakPtrFactory<PepperWebPluginImpl> weak_factory_;
DISALLOW_COPY_AND_ASSIGN(PepperWebPluginImpl);