Maintain a local/global stack for the global WebPluginDelegateImpl instance pointer. Based on the crash dump, the crash occurs in the windows message filter hook, used for tracking whether the plugin enters a modal loop. The global plugin instance pointer gets reset to NULL in the windowed plugin wndproc and HandleEvent. If these events occur in nested order, then it is quite possible for the plugin instance pointer to get set to NULL incorrectly.

Added a check for whether this pointer is NULL in the message filter hook along with a NOTREACHED statement.

We maintain a local global stack to ensure that the plugin instance pointer gets set/reset correctly.

The bug is http://code.google.com/p/chromium/issues/detail?id=6703

The other issue being fixed is to set the modal_loop_pump_messages_event coming in from the plugin
in WebPluginDelegateProxy correctly. This caused the plugin to not receive events when it enters a modal loop like a context menu.

Bug=6703

Review URL: http://codereview.chromium.org/19444

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@8914 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 7 insertions, 1 deletions

diff --git a/chrome/renderer/webplugin_delegate_proxy.cc b/chrome/renderer/webplugin_delegate_proxy.cc
index 0cb2f1f..705a65d 100644
--- a/chrome/renderer/webplugin_delegate_proxy.cc
+++ b/chrome/renderer/webplugin_delegate_proxy.cc
@@ -581,7 +581,13 @@ void WebPluginDelegateProxy::OnSetWindow(
     plugin_->SetWindow(window, modal_loop_pump_messages_event);
 
   DCHECK(modal_loop_pump_messages_event_ == NULL);
-  modal_loop_pump_messages_event_.reset();
+
+  if (modal_loop_pump_messages_event) {
+    modal_loop_pump_messages_event_.reset(
+        new base::WaitableEvent(modal_loop_pump_messages_event));
+  } else {
+    modal_loop_pump_messages_event_.reset();
+  }
 }
 
 void WebPluginDelegateProxy::OnCancelResource(int id) {