diff options
| author | wez@chromium.org <wez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-04 18:58:03 +0000 |
|---|---|---|
| committer | wez@chromium.org <wez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-04 18:58:03 +0000 |
| commit | f1e8af0b66c2dd27dc767bccf1179fbc9d4e7796 (patch) | |
| tree | 1a89d4acb47e6634344a7c5550ec401a32090586 /content/plugin/webplugin_delegate_stub.h | |
| parent | 310311c35845cdb7addc03473e4b6dc1d9e5264b (diff) | |
| download | chromium_src-f1e8af0b66c2dd27dc767bccf1179fbc9d4e7796.zip chromium_src-f1e8af0b66c2dd27dc767bccf1179fbc9d4e7796.tar.gz chromium_src-f1e8af0b66c2dd27dc767bccf1179fbc9d4e7796.tar.bz2 | |
Revert 130199 - Revert 128179 - Make sure the plugin scriptable object is released before NPP_Destroy.
We're reinstating this patch based on its impact on plugin crash rates between 20.0.1089.0 (with patch) and 20.0.1090.0 (without) builds.
When the we tear down a plugin instance the plugin process first invokes NPP_Destroy, and then tears down the IPC channel to the renderer, to give NPP_Destroy a chance to do last-minute scripting. When the IPC channel for the last instance is torn down we also clean up the IPC channels and stubs for any plugin-side NPObjects that remain.
We suspect that some plugins implement the scriptable object as part of the plugin instance, rather than independently ref-counted, so that our releasing the object after NPP_Destroy actually triggers the plugin process to crash.
This CL tears down the stub for the plugin's scriptable object before we call NPP_Destroy.
BUG=101968,119414
Original Review URL: http://codereview.chromium.org/9817023
Revert Review URL: https://chromiumcodereview.appspot.com/9959078
TBR=cpu@chromium.org
Review URL: https://chromiumcodereview.appspot.com/9979022
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@130698 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/plugin/webplugin_delegate_stub.h')
| -rw-r--r-- | content/plugin/webplugin_delegate_stub.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/content/plugin/webplugin_delegate_stub.h b/content/plugin/webplugin_delegate_stub.h index 8d7d3df..deddd49 100644 --- a/content/plugin/webplugin_delegate_stub.h +++ b/content/plugin/webplugin_delegate_stub.h @@ -1,4 +1,4 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -10,6 +10,7 @@ #include <vector> #include "base/memory/ref_counted.h" +#include "content/common/npobject_stub.h" #include "googleurl/src/gurl.h" #include "ipc/ipc_channel.h" #include "third_party/npapi/bindings/npapi.h" @@ -113,6 +114,7 @@ class WebPluginDelegateStub : public IPC::Channel::Listener, scoped_refptr<PluginChannel> channel_; + base::WeakPtr<NPObjectStub> plugin_scriptable_object_; webkit::npapi::WebPluginDelegateImpl* delegate_; WebPluginProxy* webplugin_; bool in_destructor_; |