diff options
| author | wez@chromium.org <wez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-02 20:33:55 +0000 |
|---|---|---|
| committer | wez@chromium.org <wez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-02 20:33:55 +0000 |
| commit | 3892085db6bd1a63f8c7b0270c8a31e66e12c2b3 (patch) | |
| tree | e9595c4b162e41285d78b2139bc8cc939420779c /content/plugin | |
| parent | 106c88d5071d0ef94a0422545d78af820bf6d742 (diff) | |
| download | chromium_src-3892085db6bd1a63f8c7b0270c8a31e66e12c2b3.zip chromium_src-3892085db6bd1a63f8c7b0270c8a31e66e12c2b3.tar.gz chromium_src-3892085db6bd1a63f8c7b0270c8a31e66e12c2b3.tar.bz2 | |
Revert 128179 - Make sure the plugin scriptable object is released before NPP_Destroy.
We're temporarily reverting this change to gather more data on its impact on plugin crash rates.
When the we tear down a plugin instance the plugin process first invokes NPP_Destroy, and then tears down the IPC channel to the renderer, to give NPP_Destroy a chance to do last-minute scripting. When the IPC channel for the last instance is torn down we also clean up the IPC channels and stubs for any plugin-side NPObjects that remain.
We suspect that some plugins implement the scriptable object as part of the plugin instance, rather than independently ref-counted, so that our releasing the object after NPP_Destroy actually triggers the plugin process to crash.
This CL tears down the stub for the plugin's scriptable object before we call NPP_Destroy.
As per crbug.com/119414, we will remove this code if it doesn't significantly impact crashes.
BUG=101968
Review URL: http://codereview.chromium.org/9817023
TBR=cpu@chromium.org
Review URL: https://chromiumcodereview.appspot.com/9959078
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@130199 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/plugin')
| -rw-r--r-- | content/plugin/webplugin_delegate_stub.cc | 23 | ||||
| -rw-r--r-- | content/plugin/webplugin_delegate_stub.h | 4 |
2 files changed, 8 insertions, 19 deletions
diff --git a/content/plugin/webplugin_delegate_stub.cc b/content/plugin/webplugin_delegate_stub.cc index c74f07b1..bc130b2 100644 --- a/content/plugin/webplugin_delegate_stub.cc +++ b/content/plugin/webplugin_delegate_stub.cc @@ -9,6 +9,7 @@ #include "base/bind.h" #include "base/command_line.h" #include "base/string_number_conversions.h" +#include "content/common/npobject_stub.h" #include "content/common/plugin_messages.h" #include "content/plugin/plugin_channel.h" #include "content/plugin/plugin_thread.h" @@ -30,13 +31,7 @@ using webkit::npapi::WebPlugin; using webkit::npapi::WebPluginResourceClient; static void DestroyWebPluginAndDelegate( - base::WeakPtr<NPObjectStub> scriptable_object, - webkit::npapi::WebPluginDelegateImpl* delegate, - WebPlugin* webplugin) { - // The plugin may not expect us to try to release the scriptable object - // after calling NPP_Destroy on the instance, so delete the stub now. - if (scriptable_object.get()) - scriptable_object->DeleteSoon(); + webkit::npapi::WebPluginDelegateImpl* delegate, WebPlugin* webplugin) { // WebPlugin must outlive WebPluginDelegate. if (delegate) delegate->PluginDestroyed(); @@ -63,12 +58,10 @@ WebPluginDelegateStub::~WebPluginDelegateStub() { // The delegate or an npobject is in the callstack, so don't delete it // right away. MessageLoop::current()->PostNonNestableTask(FROM_HERE, - base::Bind(&DestroyWebPluginAndDelegate, plugin_scriptable_object_, - delegate_, webplugin_)); + base::Bind(&DestroyWebPluginAndDelegate, delegate_, webplugin_)); } else { // Safe to delete right away. - DestroyWebPluginAndDelegate( - plugin_scriptable_object_, delegate_, webplugin_); + DestroyWebPluginAndDelegate(delegate_, webplugin_); } } @@ -289,13 +282,11 @@ void WebPluginDelegateStub::OnGetPluginScriptableObject(int* route_id) { } *route_id = channel_->GenerateRouteID(); - // We will delete the stub immediately before calling PluginDestroyed on the - // delegate. It will delete itself sooner if the proxy tells it that it has - // been released, or if the channel to the proxy is closed. - NPObjectStub* scriptable_stub = new NPObjectStub( + // The stub will delete itself when the proxy tells it that it's released, or + // otherwise when the channel is closed. + new NPObjectStub( object, channel_.get(), *route_id, webplugin_->containing_window(), page_url_); - plugin_scriptable_object_ = scriptable_stub->AsWeakPtr(); // Release ref added by GetPluginScriptableObject (our stub holds its own). WebBindings::releaseObject(object); diff --git a/content/plugin/webplugin_delegate_stub.h b/content/plugin/webplugin_delegate_stub.h index deddd49..8d7d3df 100644 --- a/content/plugin/webplugin_delegate_stub.h +++ b/content/plugin/webplugin_delegate_stub.h @@ -1,4 +1,4 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -10,7 +10,6 @@ #include <vector> #include "base/memory/ref_counted.h" -#include "content/common/npobject_stub.h" #include "googleurl/src/gurl.h" #include "ipc/ipc_channel.h" #include "third_party/npapi/bindings/npapi.h" @@ -114,7 +113,6 @@ class WebPluginDelegateStub : public IPC::Channel::Listener, scoped_refptr<PluginChannel> channel_; - base::WeakPtr<NPObjectStub> plugin_scriptable_object_; webkit::npapi::WebPluginDelegateImpl* delegate_; WebPluginProxy* webplugin_; bool in_destructor_; |