Replace NPObject usage in ppapi with gin

This replaces usage of NPObject in pepper with gin-backed V8 objects. It is unfortunate that this CL is so large, but there isn't a nice way to have the old implementation and the new one side-by-side. There are 4 major parts to this CL: 1) Changing the HostVarTracker to track V8ObjectVars rather than NPObjectVars (host_var_tracker.cc). 2) Changing plugin elements (in plugin_object.cc) to be gin-backed objects. 3) Changing postMessage bindings (message_channel.cc) be gin-backed objects. 4) Changing the implementation of PPB_Var_Deprecated (ppb_var_deprecated_impl.cc) to call directly into V8. BUG=351636 Committed: https://chromium.googlesource.com/chromium/src/+/21f446ae855d60cc896b40cb9a3249ed07f150b3 Review URL: https://codereview.chromium.org/459553003 Cr-Commit-Position: refs/heads/master@{#292557}
author: raymes <raymes@chromium.org> 2014-08-28 19:45:42 -0700
committer: Commit bot <commit-bot@chromium.org> 2014-08-29 02:47:13 +0000
commit: b7e8c60b493a0c36938aba1ae895899d15daf37c (patch)
tree: 460da19e95753615affeb9e6874489eeb7d63041 /ppapi
parent: cd6c5704acdaa0f1779fe8c9e9dbeac0f33623ba (diff)
download: chromium_src-b7e8c60b493a0c36938aba1ae895899d15daf37c.zip
chromium_src-b7e8c60b493a0c36938aba1ae895899d15daf37c.tar.gz
chromium_src-b7e8c60b493a0c36938aba1ae895899d15daf37c.tar.bz2
4 files changed, 21 insertions, 15 deletions
diff --git a/ppapi/proxy/ppp_instance_private_proxy_unittest.cc b/ppapi/proxy/ppp_instance_private_proxy_unittest.cc
index abafa87..f9a54e4 100644
--- a/ppapi/proxy/ppp_instance_private_proxy_unittest.cc
+++ b/ppapi/proxy/ppp_instance_private_proxy_unittest.cc
@@ -21,14 +21,14 @@
 
 namespace ppapi {
 
-// A fake version of NPObjectVar for testing.
-class NPObjectVar : public ppapi::Var {
+// A fake version of V8ObjectVar for testing.
+class V8ObjectVar : public ppapi::Var {
  public:
-  NPObjectVar() {}
-  virtual ~NPObjectVar() {}
+  V8ObjectVar() {}
+  virtual ~V8ObjectVar() {}
 
   // Var overrides.
-  virtual NPObjectVar* AsNPObjectVar() OVERRIDE { return this; }
+  virtual V8ObjectVar* AsV8ObjectVar() OVERRIDE { return this; }
   virtual PP_VarType GetType() const OVERRIDE { return PP_VARTYPE_OBJECT; }
 };
 
@@ -111,7 +111,7 @@ PPP_Instance_1_0 ppp_instance_mock = { &DidCreate, &DidDestroy };
 PP_Var CreateObject(PP_Instance /*instance*/,
                     const PPP_Class_Deprecated* /*ppp_class*/,
                     void* /*ppp_class_data*/) {
-  NPObjectVar* obj_var = new NPObjectVar;
+  V8ObjectVar* obj_var = new V8ObjectVar;
   return obj_var->GetPPVar();
 }
 
diff --git a/ppapi/shared_impl/scoped_pp_var.cc b/ppapi/shared_impl/scoped_pp_var.cc
index 9574839..a6d1aa3 100644
--- a/ppapi/shared_impl/scoped_pp_var.cc
+++ b/ppapi/shared_impl/scoped_pp_var.cc
@@ -73,20 +73,18 @@ ScopedPPVarArray::~ScopedPPVarArray() {
 
 }
 
-PP_Var* ScopedPPVarArray::Release(const PassPPBMemoryAllocatedArray&,
-                                  size_t* size) {
+PP_Var* ScopedPPVarArray::Release(const PassPPBMemoryAllocatedArray&) {
   PP_Var* result = array_;
-  *size = size_;
   array_ = NULL;
   size_ = 0;
   return result;
 }
 
-void ScopedPPVarArray::Set(size_t index, PP_Var var) {
+void ScopedPPVarArray::Set(size_t index, const ScopedPPVar& var) {
   DCHECK(index < size_);
-  CallAddRef(var);
+  CallAddRef(var.get());
   CallRelease(array_[index]);
-  array_[index] = var;
+  array_[index] = var.get();
 }
 
 }  // namespace ppapi
diff --git a/ppapi/shared_impl/scoped_pp_var.h b/ppapi/shared_impl/scoped_pp_var.h
index f1e1347..e55674c 100644
--- a/ppapi/shared_impl/scoped_pp_var.h
+++ b/ppapi/shared_impl/scoped_pp_var.h
@@ -63,13 +63,13 @@ class PPAPI_SHARED_EXPORT ScopedPPVarArray {
 
   // Passes ownership of the vars and the underlying array memory to the caller.
   // Note that the memory has been allocated with PPB_Memory_Dev.
-  PP_Var* Release(const PassPPBMemoryAllocatedArray&, size_t* size);
+  PP_Var* Release(const PassPPBMemoryAllocatedArray&);
 
   PP_Var* get() { return array_; }
   size_t size() { return size_; }
 
-  // Adds a ref to |var|. The refcount of the existing var will be decremented.
-  void Set(size_t index, PP_Var var);
+  // Takes a ref to |var|. The refcount of the existing var will be decremented.
+  void Set(size_t index, const ScopedPPVar& var);
   const PP_Var& operator[](size_t index) { return array_[index]; }
 
  private:
diff --git a/ppapi/tests/test_post_message.cc b/ppapi/tests/test_post_message.cc
index 5413b54..6a415bb 100644
--- a/ppapi/tests/test_post_message.cc
+++ b/ppapi/tests/test_post_message.cc
@@ -172,6 +172,14 @@ TestPostMessage::~TestPostMessage() {
 bool TestPostMessage::Init() {
   bool success = CheckTestingInterface();
 
+  // Add a post condition to tests which caches the postMessage function and
+  // then calls it after the instance is destroyed. The ensures that no UAF
+  // occurs because the MessageChannel may still be alive after the plugin
+  // instance is destroyed (it will get garbage collected eventually).
+  instance_->EvalScript("window.pluginPostMessage = "
+                        "document.getElementById('plugin').postMessage");
+  instance_->AddPostCondition("window.pluginPostMessage('') === undefined");
+
   // Set up a special listener that only responds to a FINISHED_WAITING string.
   // This is for use by WaitForMessages.
   std::string js_code;
author	raymes <raymes@chromium.org>	2014-08-28 19:45:42 -0700
committer	Commit bot <commit-bot@chromium.org>	2014-08-29 02:47:13 +0000
commit	b7e8c60b493a0c36938aba1ae895899d15daf37c (patch)
tree	460da19e95753615affeb9e6874489eeb7d63041 /ppapi
parent	cd6c5704acdaa0f1779fe8c9e9dbeac0f33623ba (diff)
download	chromium_src-b7e8c60b493a0c36938aba1ae895899d15daf37c.zip chromium_src-b7e8c60b493a0c36938aba1ae895899d15daf37c.tar.gz chromium_src-b7e8c60b493a0c36938aba1ae895899d15daf37c.tar.bz2