diff options
| author | iyengar@google.com <iyengar@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-09-19 06:21:55 +0000 |
|---|---|---|
| committer | iyengar@google.com <iyengar@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-09-19 06:21:55 +0000 |
| commit | fea2b5c458b1d15a0b81849186b0d4ebd0a11e5d (patch) | |
| tree | d6e5cc0cfaceda38257b75ed125cbea1b4ce8ba7 /webkit/glue | |
| parent | 84f89cacc8f09a2fbc1fd82b30af13dd35624869 (diff) | |
| download | chromium_src-fea2b5c458b1d15a0b81849186b0d4ebd0a11e5d.zip chromium_src-fea2b5c458b1d15a0b81849186b0d4ebd0a11e5d.tar.gz chromium_src-fea2b5c458b1d15a0b81849186b0d4ebd0a11e5d.tar.bz2 | |
This fixes the NPAPI ui test failures in single-process mode.These tests fail because of a crash in chrome.exe. This occurs because of an attempt to access member variables in the PluginStream object after it gets deleted in the context of NPP_NewStream. This crash only occurs in single-process mode as the NPN_GetURLNotify call executes
synchronously. Added a mechanism to track if the PluginStream object is deleted in the context of NPP_NewStream.
TBR=jam
Review URL: http://codereview.chromium.org/2984
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@2401 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit/glue')
| -rw-r--r-- | webkit/glue/plugins/plugin_stream.cc | 15 | ||||
| -rw-r--r-- | webkit/glue/plugins/plugin_stream.h | 6 |
2 files changed, 19 insertions, 2 deletions
diff --git a/webkit/glue/plugins/plugin_stream.cc b/webkit/glue/plugins/plugin_stream.cc index 29cc99a..33a40b8 100644 --- a/webkit/glue/plugins/plugin_stream.cc +++ b/webkit/glue/plugins/plugin_stream.cc @@ -29,13 +29,17 @@ PluginStream::PluginStream( requested_plugin_mode_(NP_NORMAL), temp_file_handle_(INVALID_HANDLE_VALUE), seekable_stream_(false), - data_offset_(0) { + data_offset_(0), + object_deleted_(NULL) { memset(&stream_, 0, sizeof(stream_)); stream_.url = _strdup(url); temp_file_name_[0] = '\0'; } PluginStream::~PluginStream() { + if (object_deleted_) { + *object_deleted_ = true; + } // always cleanup our temporary files. CleanupTempFile(); free(const_cast<char*>(stream_.url)); @@ -78,6 +82,9 @@ bool PluginStream::Open(const std::string &mime_type, char_mime_type = temp_mime_type.c_str(); } + bool object_deleted = false; + object_deleted_ = &object_deleted; + // Silverlight expects a valid mime type DCHECK(strlen(char_mime_type) != 0); NPError err = instance_->NPP_NewStream((NPMIMEType)char_mime_type, @@ -86,12 +93,16 @@ bool PluginStream::Open(const std::string &mime_type, if (err != NPERR_NO_ERROR) return false; + if (object_deleted) { + return true; + } + + object_deleted_ = NULL; opened_ = true; if (requested_plugin_mode_ == NP_SEEK) { seekable_stream_ = true; } - // If the plugin has requested certain modes, then we need a copy // of this file on disk. Open it and save it as we go. if (requested_plugin_mode_ == NP_ASFILEONLY || diff --git a/webkit/glue/plugins/plugin_stream.h b/webkit/glue/plugins/plugin_stream.h index be9a594..c5c8226 100644 --- a/webkit/glue/plugins/plugin_stream.h +++ b/webkit/glue/plugins/plugin_stream.h @@ -120,6 +120,12 @@ class PluginStream : public base::RefCounted<PluginStream> { bool seekable_stream_; std::string mime_type_; DISALLOW_EVIL_CONSTRUCTORS(PluginStream); + // This pointer can be used to track if the stream object + // got deleted while we call out to the plugin. To use + // this set this pointer to point to a variable for the duration + // of the call. If this pointer is valid we set the underlying + // variable to true in the destructor of the stream object. + bool* object_deleted_; }; } // namespace NPAPI |