diff options
| author | jhorwich@chromium.org <jhorwich@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-27 20:15:27 +0000 |
|---|---|---|
| committer | jhorwich@chromium.org <jhorwich@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-27 20:15:27 +0000 |
| commit | 800628f2306f5cbe44065093c8ac49c351e2c1f6 (patch) | |
| tree | 35d518adc370d7178ab165e44759efb7d2711874 /ppapi/proxy/plugin_var_tracker_unittest.cc | |
| parent | 029a50535ea7a9b9a8ac0ba6a7ccda2ae8d9d21f (diff) | |
| download | chromium_src-800628f2306f5cbe44065093c8ac49c351e2c1f6.zip chromium_src-800628f2306f5cbe44065093c8ac49c351e2c1f6.tar.gz chromium_src-800628f2306f5cbe44065093c8ac49c351e2c1f6.tar.bz2 | |
Invoke PluginImplementedObjectDestroyed for ppp_class deallocate
Deallocate on the plugin's GetInstanceObject ScriptableObject gets invoked
twice during plugin destruction, typically resulting in a crash, for proxied
plugins that expose a scriptable object. Once by PPP_ClassProxy::OnMsgDeallocate
and once by PluginVarTracker::DidDeleteInstance. This patch removes the object
from the var tracker when it is destroyed in PPP_Class_Proxy.
It also tweaks a unittest to verify Deallocate is invoked only once during the
test.
BUG=133950
TEST=Run gmail, reload page (ctrl-r) and observe for plugin crashes
TEST=Run ppapi_example out-of-process, reload page, observe for plugn crashes
TEST=ppapi_unittests --gtest_filter="PluginVar*"
Review URL: https://chromiumcodereview.appspot.com/10678007
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144531 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'ppapi/proxy/plugin_var_tracker_unittest.cc')
| -rw-r--r-- | ppapi/proxy/plugin_var_tracker_unittest.cc | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/ppapi/proxy/plugin_var_tracker_unittest.cc b/ppapi/proxy/plugin_var_tracker_unittest.cc index 089888c..10a7c50 100644 --- a/ppapi/proxy/plugin_var_tracker_unittest.cc +++ b/ppapi/proxy/plugin_var_tracker_unittest.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -21,10 +21,10 @@ PP_Var MakeObject(int32 object_id) { return ret; } -// A Deallocate() function for PPP_Class that just writes 1 to the given -// pointer so we know when Deallocate was called. +// A Deallocate() function for PPP_Class that just increments the integer +// referenced by the pointer so we know how often Deallocate was called. void MarkOnDeallocate(void* object) { - *static_cast<int*>(object) = 1; + (*static_cast<int*>(object))++; } // A class that just implements MarkOnDeallocate on destruction. @@ -203,11 +203,11 @@ TEST_F(PluginVarTrackerTest, PluginObjectInstanceDeleted) { // we won't get a destroy call. object = NULL; var_tracker().ReleaseVar(plugin_var); - EXPECT_FALSE(deallocate_called); + EXPECT_EQ(0, deallocate_called); // Synthesize an instance destuction, this should call Deallocate. var_tracker().DidDeleteInstance(pp_instance); - EXPECT_TRUE(deallocate_called); + EXPECT_EQ(1, deallocate_called); } // Tests what happens when a plugin keeps a ref to a plugin-implemented @@ -229,16 +229,16 @@ TEST_F(PluginVarTrackerTest, PluginObjectLeaked) { &mark_on_deallocate_class, user_data); - // Destroy the innstance. This should not call deallocate since the plugin + // Destroy the instance. This should not call deallocate since the plugin // still has a ref. var_tracker().DidDeleteInstance(pp_instance); - EXPECT_FALSE(deallocate_called); + EXPECT_EQ(0, deallocate_called); // Release the plugin ref to the var. Since the instance is gone this should // call deallocate. object = NULL; var_tracker().ReleaseVar(plugin_var); - EXPECT_TRUE(deallocate_called); + EXPECT_EQ(1, deallocate_called); } } // namespace proxy |