summaryrefslogtreecommitdiffstats
path: root/webkit
diff options
context:
space:
mode:
authordmichael@google.com <dmichael@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2011-03-29 19:01:12 +0000
committerdmichael@google.com <dmichael@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2011-03-29 19:01:12 +0000
commitcd90f04a98cb13a76f5c943eefa2cae6ebbf4b21 (patch)
treec28129fa0e06e70ca62307e52f4da99bebb8fad8 /webkit
parent0f64c1daccfc82eab19ad7ed1fb9d5a381ac8875 (diff)
downloadchromium_src-cd90f04a98cb13a76f5c943eefa2cae6ebbf4b21.zip
chromium_src-cd90f04a98cb13a76f5c943eefa2cae6ebbf4b21.tar.gz
chromium_src-cd90f04a98cb13a76f5c943eefa2cae6ebbf4b21.tar.bz2
Fix up some reference counting when WebPluginImpl::scriptableObject is called.
BUG= http://code.google.com/p/chromium-os/issues/detail?id=13605 TEST=none Review URL: http://codereview.chromium.org/6731051 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@79712 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit')
-rw-r--r--webkit/plugins/ppapi/message_channel.cc20
-rw-r--r--webkit/plugins/ppapi/message_channel.h4
-rw-r--r--webkit/plugins/ppapi/plugin_object.cc9
-rw-r--r--webkit/plugins/ppapi/ppapi_webplugin_impl.cc12
4 files changed, 35 insertions, 10 deletions
diff --git a/webkit/plugins/ppapi/message_channel.cc b/webkit/plugins/ppapi/message_channel.cc
index 684745a..b6f01d7 100644
--- a/webkit/plugins/ppapi/message_channel.cc
+++ b/webkit/plugins/ppapi/message_channel.cc
@@ -282,7 +282,8 @@ MessageChannel::MessageChannel(PluginInstance* instance)
ALLOW_THIS_IN_INITIALIZER_LIST(method_factory_(this)) {
VOID_TO_NPVARIANT(onmessage_invoker_);
- // Now create an NPObject for receiving calls to postMessage.
+ // Now create an NPObject for receiving calls to postMessage. This sets the
+ // reference count to 1. We release it in the destructor.
NPObject* obj = WebBindings::createObject(NULL, &message_channel_class);
DCHECK(obj);
np_object_ = static_cast<MessageChannel::MessageChannelNPObject*>(obj);
@@ -381,9 +382,26 @@ void MessageChannel::PostMessageToNativeImpl(PP_Var message_data) {
MessageChannel::~MessageChannel() {
WebBindings::releaseObject(np_object_);
+ if (passthrough_object_)
+ WebBindings::releaseObject(passthrough_object_);
WebBindings::releaseVariantValue(&onmessage_invoker_);
}
+void MessageChannel::SetPassthroughObject(NPObject* passthrough) {
+ // Retain the passthrough object; We need to ensure it lives as long as this
+ // MessageChannel.
+ WebBindings::retainObject(passthrough);
+
+ // If we had a passthrough set already, release it. Note that we retain the
+ // incoming passthrough object first, so that we behave correctly if anyone
+ // invokes:
+ // SetPassthroughObject(passthrough_object());
+ if (passthrough_object_)
+ WebBindings::releaseObject(passthrough_object_);
+
+ passthrough_object_ = passthrough;
+}
+
} // namespace ppapi
} // namespace webkit
diff --git a/webkit/plugins/ppapi/message_channel.h b/webkit/plugins/ppapi/message_channel.h
index c1a5456..efe4568 100644
--- a/webkit/plugins/ppapi/message_channel.h
+++ b/webkit/plugins/ppapi/message_channel.h
@@ -59,9 +59,7 @@ class MessageChannel {
NPObject* passthrough_object() {
return passthrough_object_;
}
- void set_passthrough_object(NPObject* passthrough) {
- passthrough_object_ = passthrough;
- }
+ void SetPassthroughObject(NPObject* passthrough);
NPObject* np_object() { return np_object_; }
diff --git a/webkit/plugins/ppapi/plugin_object.cc b/webkit/plugins/ppapi/plugin_object.cc
index d99ef80..d5b9865 100644
--- a/webkit/plugins/ppapi/plugin_object.cc
+++ b/webkit/plugins/ppapi/plugin_object.cc
@@ -290,7 +290,14 @@ PP_Var PluginObject::Create(PluginInstance* instance,
// We can just use a normal ObjectVar to refer to this object from the
// plugin. It will hold a ref to the underlying NPObject which will in turn
// hold our pluginObject.
- return ObjectVar::NPObjectToPPVar(instance, wrapper);
+ PP_Var obj_var(ObjectVar::NPObjectToPPVar(instance, wrapper));
+
+ // Note that the ObjectVar constructor incremented the reference count, and so
+ // did WebBindings::createObject above. Now that the PP_Var has taken
+ // ownership, we need to release to balance out the createObject reference
+ // count bump.
+ WebBindings::releaseObject(wrapper);
+ return obj_var;
}
NPObject* PluginObject::GetNPObject() const {
diff --git a/webkit/plugins/ppapi/ppapi_webplugin_impl.cc b/webkit/plugins/ppapi/ppapi_webplugin_impl.cc
index 8e61354..8a35638 100644
--- a/webkit/plugins/ppapi/ppapi_webplugin_impl.cc
+++ b/webkit/plugins/ppapi/ppapi_webplugin_impl.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -8,6 +8,7 @@
#include "base/message_loop.h"
#include "ppapi/c/pp_var.h"
+#include "third_party/WebKit/Source/WebKit/chromium/public/WebBindings.h"
#include "third_party/WebKit/Source/WebKit/chromium/public/WebPluginParams.h"
#include "third_party/WebKit/Source/WebKit/chromium/public/WebPoint.h"
#include "third_party/WebKit/Source/WebKit/chromium/public/WebRect.h"
@@ -94,11 +95,12 @@ NPObject* WebPluginImpl::scriptableObject() {
// If there's an InstanceObject, tell the Instance's MessageChannel to pass
// any non-postMessage calls to it.
if (object) {
- instance_->message_channel().set_passthrough_object(
- object->np_object());
+ instance_->message_channel().SetPassthroughObject(object->np_object());
}
- // And return the instance's MessageChannel.
- return instance_->message_channel().np_object();
+ NPObject* message_channel_np_object(instance_->message_channel().np_object());
+ // The object is expected to be retained before it is returned.
+ WebKit::WebBindings::retainObject(message_channel_np_object);
+ return message_channel_np_object;
}
void WebPluginImpl::paint(WebCanvas* canvas, const WebRect& rect) {