diff options
| author | teravest@chromium.org <teravest@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-08-05 06:41:00 +0000 |
|---|---|---|
| committer | teravest@chromium.org <teravest@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-08-05 06:41:00 +0000 |
| commit | f693a594f48a2fcc31ca73417de744287a103a83 (patch) | |
| tree | a3d07a54c376bb74c84ee7b22003cf8629435d66 /components/nacl | |
| parent | 89eaeab398d3b8887df7da68b5730c0f5d709895 (diff) | |
| download | chromium_src-f693a594f48a2fcc31ca73417de744287a103a83.zip chromium_src-f693a594f48a2fcc31ca73417de744287a103a83.tar.gz chromium_src-f693a594f48a2fcc31ca73417de744287a103a83.tar.bz2 | |
Pepper: Fix renderer crash on plugin destruction.
The FileDownloader refactor caused callbacks to be more tightly bound to
PnaclCoordinator than they were previously. Before the refactor, callbacks that
were invoked as the pexe was downloaded (or the cached translated nexe was
received) were generated through the CompletionCallbackFactory interface, which
would cause them to be cancelled when PnaclCoordinator was destroyed.
This change checks that the plugin instance is still alive before calling any
of the callbacks in the PPP_PexeStreamHandler interface.
I tried conducting some local testing, but didn't manage to hit quite the same
codepath as the one reported in the bug.
BUG=400171
Review URL: https://codereview.chromium.org/433633003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@287472 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'components/nacl')
| -rw-r--r-- | components/nacl/renderer/ppb_nacl_private_impl.cc | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/components/nacl/renderer/ppb_nacl_private_impl.cc b/components/nacl/renderer/ppb_nacl_private_impl.cc index 5c7b9f9..ca14cdc 100644 --- a/components/nacl/renderer/ppb_nacl_private_impl.cc +++ b/components/nacl/renderer/ppb_nacl_private_impl.cc @@ -1535,6 +1535,8 @@ void SetPNaClStartTime(PP_Instance instance) { load_manager->set_pnacl_start_time(base::Time::Now()); } +// PexeDownloader is responsible for deleting itself when the download +// finishes. class PexeDownloader : public blink::WebURLLoaderClient { public: PexeDownloader(PP_Instance instance, @@ -1602,6 +1604,11 @@ class PexeDownloader : public blink::WebURLLoaderClient { virtual void didGetNexeFd(int32_t pp_error, bool cache_hit, PP_FileHandle file_handle) { + if (!content::PepperPluginInstance::Get(instance_)) { + delete this; + return; + } + HistogramEnumerate("NaCl.Perf.PNaClCache.IsHit", cache_hit, 2); if (cache_hit) { stream_handler_->DidCacheHit(stream_handler_user_data_, file_handle); @@ -1623,17 +1630,21 @@ class PexeDownloader : public blink::WebURLLoaderClient { const char* data, int data_length, int encoded_data_length) { - // Stream the data we received to the stream callback. - stream_handler_->DidStreamData(stream_handler_user_data_, - data, - data_length); + if (content::PepperPluginInstance::Get(instance_)) { + // Stream the data we received to the stream callback. + stream_handler_->DidStreamData(stream_handler_user_data_, + data, + data_length); + } } virtual void didFinishLoading(blink::WebURLLoader* loader, double finish_time, int64_t total_encoded_data_length) { int32_t result = success_ ? PP_OK : PP_ERROR_FAILED; - stream_handler_->DidFinishStream(stream_handler_user_data_, result); + + if (content::PepperPluginInstance::Get(instance_)) + stream_handler_->DidFinishStream(stream_handler_user_data_, result); delete this; } |