diff options
| author | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-23 21:01:50 +0000 |
|---|---|---|
| committer | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-23 21:01:50 +0000 |
| commit | 086f367d5bd6e044d296a4ff80fc9af6e3ca5bf1 (patch) | |
| tree | 512589ecf8914bc44a3eaf9ab5702059e0992e19 /chrome_frame/chrome_frame_activex_base.h | |
| parent | 916dbc5ceb08f52091e825c1b6201d676586ab14 (diff) | |
| download | chromium_src-086f367d5bd6e044d296a4ff80fc9af6e3ca5bf1.zip chromium_src-086f367d5bd6e044d296a4ff80fc9af6e3ca5bf1.tar.gz chromium_src-086f367d5bd6e044d296a4ff80fc9af6e3ca5bf1.tar.bz2 | |
Continuing fixes for chrome frame test pure virtual function call crashes. One of these fixes is in the ChromeFrame ActiveX
where we were invoking the onload/onmessage handlers on a NULL interface pointer. The other fix is in the chrome frame test
code where we need to protect against reentrancy while in the context of an outgoing COM interface call.
Fixes http://code.google.com/p/chromium/issues/detail?id=41980
Bug=41980
Review URL: http://codereview.chromium.org/1691012
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@45481 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame/chrome_frame_activex_base.h')
| -rw-r--r-- | chrome_frame/chrome_frame_activex_base.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/chrome_frame/chrome_frame_activex_base.h b/chrome_frame/chrome_frame_activex_base.h index c382f95..30d67de 100644 --- a/chrome_frame/chrome_frame_activex_base.h +++ b/chrome_frame/chrome_frame_activex_base.h @@ -895,7 +895,8 @@ END_MSG_MAP() DCHECK_GE(param_count, 0); DCHECK(params); - if (V_VT(&script_object) != VT_DISPATCH) { + if (V_VT(&script_object) != VT_DISPATCH || + script_object.pdispVal == NULL) { return S_FALSE; } |