diff options
| author | kinaba@chromium.org <kinaba@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-10-16 02:33:08 +0000 |
|---|---|---|
| committer | kinaba@chromium.org <kinaba@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-10-16 02:33:08 +0000 |
| commit | b55aa698026e29b120bd7a6880479cfb017a7678 (patch) | |
| tree | 84afe57c1e8e1a2d18c17edc0677906bde9b41cf /content/renderer | |
| parent | 1314f5f673e337ec559c973be90abf5db7ebf17e (diff) | |
| download | chromium_src-b55aa698026e29b120bd7a6880479cfb017a7678.zip chromium_src-b55aa698026e29b120bd7a6880479cfb017a7678.tar.gz chromium_src-b55aa698026e29b120bd7a6880479cfb017a7678.tar.bz2 | |
Fix use-after-free in PepperPluginDelegateImpl::GetTextInputType.
BUG=100153
TEST=manual
This patch is to correctly nullify a dangling reference to a deleted plugin instance.
Review URL: http://codereview.chromium.org/8298020
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@105708 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/renderer')
| -rw-r--r-- | content/renderer/pepper_plugin_delegate_impl.cc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/content/renderer/pepper_plugin_delegate_impl.cc b/content/renderer/pepper_plugin_delegate_impl.cc index 5790970..09df070 100644 --- a/content/renderer/pepper_plugin_delegate_impl.cc +++ b/content/renderer/pepper_plugin_delegate_impl.cc @@ -984,6 +984,8 @@ void PepperPluginDelegateImpl::InstanceDeleted( } if (last_mouse_event_target_ == instance) last_mouse_event_target_ = NULL; + if (focused_plugin_ == instance) + PluginFocusChanged(instance, false); } SkBitmap* PepperPluginDelegateImpl::GetSadPluginBitmap() { |