diff options
| author | teravest@chromium.org <teravest@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-12 22:56:08 +0000 |
|---|---|---|
| committer | teravest@chromium.org <teravest@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-12 22:56:08 +0000 |
| commit | e915ef3bd2c388e0b41057e8edadfabbbe6342cf (patch) | |
| tree | 6ead516bc3066642d302373999f04776b16fae00 /content/renderer/pepper/pepper_plugin_instance_impl.h | |
| parent | a25fbe84c1bf0f6d475f754cbae148ac6d604740 (diff) | |
| download | chromium_src-e915ef3bd2c388e0b41057e8edadfabbbe6342cf.zip chromium_src-e915ef3bd2c388e0b41057e8edadfabbbe6342cf.tar.gz chromium_src-e915ef3bd2c388e0b41057e8edadfabbbe6342cf.tar.bz2 | |
Pepper: Tighten GetLiveModule in PluginRegistry.
On PepperPluginInstanceImpl::Delete(), we send a synchronous DidDestroy message
to the plugin. The plugin can exit() in response to this message.
While the renderer is waiting for a response (and holding a reference to
PepperPluginInstanceImpl on the stack), another plugin for the page could
create an instance of a plugin using the same path as the deleted instance.
This can cause a PluginModule to be reused on the host for a plugin which is no
longer live. In this case, sending DidCreate will fail.
Alternatively, the lifetime of PluginModule could be cleaned up, but there are
many uses of PepperPluginInstanceImpl::module() throughout the codebase. I'm
happy to look at seeing if that can be cleaned up in another change.
BUG=
R=dmichael@chromium.org, teravest@google.com
Review URL: https://codereview.chromium.org/69363002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@234659 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/renderer/pepper/pepper_plugin_instance_impl.h')
| -rw-r--r-- | content/renderer/pepper/pepper_plugin_instance_impl.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/content/renderer/pepper/pepper_plugin_instance_impl.h b/content/renderer/pepper/pepper_plugin_instance_impl.h index 32d0959..d94b802 100644 --- a/content/renderer/pepper/pepper_plugin_instance_impl.h +++ b/content/renderer/pepper/pepper_plugin_instance_impl.h @@ -146,6 +146,9 @@ class CONTENT_EXPORT PepperPluginInstanceImpl // the WebPlugin implementation when WebKit is about to remove the plugin. void Delete(); + // Returns true if Delete() has been called on this object. + bool is_deleted() const; + // Paints the current backing store to the web page. void Paint(blink::WebCanvas* canvas, const gfx::Rect& plugin_rect, @@ -847,6 +850,8 @@ class CONTENT_EXPORT PepperPluginInstanceImpl scoped_ptr<MouseLockDispatcher::LockTarget> lock_target_; + bool is_deleted_; + // We use a weak ptr factory for scheduling DidChangeView events so that we // can tell whether updates are pending and consolidate them. When there's // already a weak ptr pending (HasWeakPtrs is true), code should update the |