diff options
author | dmichael@google.com <dmichael@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-03-29 19:01:12 +0000 |
---|---|---|
committer | dmichael@google.com <dmichael@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-03-29 19:01:12 +0000 |
commit | cd90f04a98cb13a76f5c943eefa2cae6ebbf4b21 (patch) | |
tree | c28129fa0e06e70ca62307e52f4da99bebb8fad8 /webkit/plugins | |
parent | 0f64c1daccfc82eab19ad7ed1fb9d5a381ac8875 (diff) | |
download | chromium_src-cd90f04a98cb13a76f5c943eefa2cae6ebbf4b21.zip chromium_src-cd90f04a98cb13a76f5c943eefa2cae6ebbf4b21.tar.gz chromium_src-cd90f04a98cb13a76f5c943eefa2cae6ebbf4b21.tar.bz2 |
Fix up some reference counting when WebPluginImpl::scriptableObject is called.
BUG= http://code.google.com/p/chromium-os/issues/detail?id=13605
TEST=none
Review URL: http://codereview.chromium.org/6731051
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@79712 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit/plugins')
-rw-r--r-- | webkit/plugins/ppapi/message_channel.cc | 20 | ||||
-rw-r--r-- | webkit/plugins/ppapi/message_channel.h | 4 | ||||
-rw-r--r-- | webkit/plugins/ppapi/plugin_object.cc | 9 | ||||
-rw-r--r-- | webkit/plugins/ppapi/ppapi_webplugin_impl.cc | 12 |
4 files changed, 35 insertions, 10 deletions
diff --git a/webkit/plugins/ppapi/message_channel.cc b/webkit/plugins/ppapi/message_channel.cc index 684745a..b6f01d7 100644 --- a/webkit/plugins/ppapi/message_channel.cc +++ b/webkit/plugins/ppapi/message_channel.cc @@ -282,7 +282,8 @@ MessageChannel::MessageChannel(PluginInstance* instance) ALLOW_THIS_IN_INITIALIZER_LIST(method_factory_(this)) { VOID_TO_NPVARIANT(onmessage_invoker_); - // Now create an NPObject for receiving calls to postMessage. + // Now create an NPObject for receiving calls to postMessage. This sets the + // reference count to 1. We release it in the destructor. NPObject* obj = WebBindings::createObject(NULL, &message_channel_class); DCHECK(obj); np_object_ = static_cast<MessageChannel::MessageChannelNPObject*>(obj); @@ -381,9 +382,26 @@ void MessageChannel::PostMessageToNativeImpl(PP_Var message_data) { MessageChannel::~MessageChannel() { WebBindings::releaseObject(np_object_); + if (passthrough_object_) + WebBindings::releaseObject(passthrough_object_); WebBindings::releaseVariantValue(&onmessage_invoker_); } +void MessageChannel::SetPassthroughObject(NPObject* passthrough) { + // Retain the passthrough object; We need to ensure it lives as long as this + // MessageChannel. + WebBindings::retainObject(passthrough); + + // If we had a passthrough set already, release it. Note that we retain the + // incoming passthrough object first, so that we behave correctly if anyone + // invokes: + // SetPassthroughObject(passthrough_object()); + if (passthrough_object_) + WebBindings::releaseObject(passthrough_object_); + + passthrough_object_ = passthrough; +} + } // namespace ppapi } // namespace webkit diff --git a/webkit/plugins/ppapi/message_channel.h b/webkit/plugins/ppapi/message_channel.h index c1a5456..efe4568 100644 --- a/webkit/plugins/ppapi/message_channel.h +++ b/webkit/plugins/ppapi/message_channel.h @@ -59,9 +59,7 @@ class MessageChannel { NPObject* passthrough_object() { return passthrough_object_; } - void set_passthrough_object(NPObject* passthrough) { - passthrough_object_ = passthrough; - } + void SetPassthroughObject(NPObject* passthrough); NPObject* np_object() { return np_object_; } diff --git a/webkit/plugins/ppapi/plugin_object.cc b/webkit/plugins/ppapi/plugin_object.cc index d99ef80..d5b9865 100644 --- a/webkit/plugins/ppapi/plugin_object.cc +++ b/webkit/plugins/ppapi/plugin_object.cc @@ -290,7 +290,14 @@ PP_Var PluginObject::Create(PluginInstance* instance, // We can just use a normal ObjectVar to refer to this object from the // plugin. It will hold a ref to the underlying NPObject which will in turn // hold our pluginObject. - return ObjectVar::NPObjectToPPVar(instance, wrapper); + PP_Var obj_var(ObjectVar::NPObjectToPPVar(instance, wrapper)); + + // Note that the ObjectVar constructor incremented the reference count, and so + // did WebBindings::createObject above. Now that the PP_Var has taken + // ownership, we need to release to balance out the createObject reference + // count bump. + WebBindings::releaseObject(wrapper); + return obj_var; } NPObject* PluginObject::GetNPObject() const { diff --git a/webkit/plugins/ppapi/ppapi_webplugin_impl.cc b/webkit/plugins/ppapi/ppapi_webplugin_impl.cc index 8e61354..8a35638 100644 --- a/webkit/plugins/ppapi/ppapi_webplugin_impl.cc +++ b/webkit/plugins/ppapi/ppapi_webplugin_impl.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -8,6 +8,7 @@ #include "base/message_loop.h" #include "ppapi/c/pp_var.h" +#include "third_party/WebKit/Source/WebKit/chromium/public/WebBindings.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebPluginParams.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebPoint.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebRect.h" @@ -94,11 +95,12 @@ NPObject* WebPluginImpl::scriptableObject() { // If there's an InstanceObject, tell the Instance's MessageChannel to pass // any non-postMessage calls to it. if (object) { - instance_->message_channel().set_passthrough_object( - object->np_object()); + instance_->message_channel().SetPassthroughObject(object->np_object()); } - // And return the instance's MessageChannel. - return instance_->message_channel().np_object(); + NPObject* message_channel_np_object(instance_->message_channel().np_object()); + // The object is expected to be retained before it is returned. + WebKit::WebBindings::retainObject(message_channel_np_object); + return message_channel_np_object; } void WebPluginImpl::paint(WebCanvas* canvas, const WebRect& rect) { |