diff options
| author | iyengar@google.com <iyengar@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-09-20 00:09:09 +0000 |
|---|---|---|
| committer | iyengar@google.com <iyengar@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-09-20 00:09:09 +0000 |
| commit | c328da8db8cb5c8d9366874c6e23533e9fa82c7e (patch) | |
| tree | 402d5417d26adf51f2d0660aa229f8e758deb758 /chrome/plugin/npobject_proxy.cc | |
| parent | 9fc8ebd5b437e78b32ac13d570e9d26c18f482b8 (diff) | |
| download | chromium_src-c328da8db8cb5c8d9366874c6e23533e9fa82c7e.zip chromium_src-c328da8db8cb5c8d9366874c6e23533e9fa82c7e.tar.gz chromium_src-c328da8db8cb5c8d9366874c6e23533e9fa82c7e.tar.bz2 | |
This fixes the following bugs:-
1.http://code.google.com/p/chromium/issues/detail?id=292
This was a painting issue in the XStandard plugin. The bug
occurs in a windowed instance of the plugin. We handle
window repositions in the plugin process until the window
becomes visible. We set the SWP_NOREDRAW flag in the
SetWindowPos call. This turns off client/non-client
paints. After the SetWindowPos call we invalidate the
client area. The plugin only receives WM_PAINT as a
result. The plugin relies on the WM_NCPAINT message
being received as well. In any case the SWP_NOREDRAW flag
does not buy us much as we invalidate immediately after.
The fix is to take out this flag.
2.http://code.google.com/p/chromium/issues/detail?id=2556
The plugin invoked the NPN_GetValue function to retreive
the window script object. This call fails in this case
probably because the plugin instance in the renderer
process is in the process of shutting down. We return a
failure from the call.
The plugin fails to check the return code and ends up
invoking NPN_GetProperty on a NULL NPObject which causes a
crash in chrome when we try to create a proxy for the
same.
The fix is to add NULL NPObject checks in the
NPObjectProxy members and return early.
Bug=292,2556
R=jam
Review URL: http://codereview.chromium.org/3176
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@2429 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/plugin/npobject_proxy.cc')
| -rw-r--r-- | chrome/plugin/npobject_proxy.cc | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/chrome/plugin/npobject_proxy.cc b/chrome/plugin/npobject_proxy.cc index 40c9e92..1b464e0 100644 --- a/chrome/plugin/npobject_proxy.cc +++ b/chrome/plugin/npobject_proxy.cc @@ -209,6 +209,16 @@ bool NPObjectProxy::NPHasProperty(NPObject *obj, bool NPObjectProxy::NPGetProperty(NPObject *obj, NPIdentifier name, NPVariant *np_result) { + // Please refer to http://code.google.com/p/chromium/issues/detail?id=2556, + // which was a crash in the XStandard plugin during plugin shutdown. The + // crash occured because the plugin requests the plugin script object, + // which fails. The plugin does not check the result of the operation and + // invokes NPN_GetProperty on a NULL object which lead to the crash. If + // we observe similar crashes in other methods in the future, these null + // checks may have to be replicated in the other methods in this class. + if (obj == NULL) + return false; + bool result = false; NPObjectProxy* proxy = GetProxy(obj); if (!proxy) { |