diff options
| author | brettw@chromium.org <brettw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-08-16 15:38:01 +0000 |
|---|---|---|
| committer | brettw@chromium.org <brettw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-08-16 15:38:01 +0000 |
| commit | 89d544322213cf1e5dfc2208eb6fcaae82297506 (patch) | |
| tree | 709fb15bbe015a71d5474aec23bf5f771f602e6c /webkit | |
| parent | 61c256ec1f1bf63686598c15defe97ca424dcde1 (diff) | |
| download | chromium_src-89d544322213cf1e5dfc2208eb6fcaae82297506.zip chromium_src-89d544322213cf1e5dfc2208eb6fcaae82297506.tar.gz chromium_src-89d544322213cf1e5dfc2208eb6fcaae82297506.tar.bz2 | |
Fix invalid read in the ResourceTracker tests. It wasn't doing the proper
NPObject reference counting and was double-freeing the object.
TEST=tools/valgrind/chrome_tests.sh -t test_shell --gtest_filter="ResourceTrackerTest.*"
BUG=92279
Review URL: http://codereview.chromium.org/7658002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@96948 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit')
| -rw-r--r-- | webkit/plugins/ppapi/resource_tracker_unittest.cc | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/webkit/plugins/ppapi/resource_tracker_unittest.cc b/webkit/plugins/ppapi/resource_tracker_unittest.cc index 1f2720c..eb7ec80 100644 --- a/webkit/plugins/ppapi/resource_tracker_unittest.cc +++ b/webkit/plugins/ppapi/resource_tracker_unittest.cc @@ -8,6 +8,7 @@ #include "ppapi/c/pp_var.h" #include "ppapi/c/ppp_instance.h" #include "third_party/npapi/bindings/npruntime.h" +#include "third_party/WebKit/Source/WebKit/chromium/public/WebBindings.h" #include "webkit/plugins/ppapi/mock_plugin_delegate.h" #include "webkit/plugins/ppapi/mock_resource.h" #include "webkit/plugins/ppapi/npapi_glue.h" @@ -44,6 +45,7 @@ int g_npobjects_alive = 0; void TrackedClassDeallocate(NPObject* npobject) { g_npobjects_alive--; + delete npobject; } NPClass g_tracked_npclass = { @@ -61,7 +63,8 @@ NPClass g_tracked_npclass = { NULL, }; -// Returns a new tracked NPObject with a refcount of 1. +// Returns a new tracked NPObject with a refcount of 1. You'll want to put this +// in a NPObjectReleaser to free this ref when the test completes. NPObject* NewTrackedNPObject() { NPObject* object = new NPObject; object->_class = &g_tracked_npclass; @@ -71,6 +74,17 @@ NPObject* NewTrackedNPObject() { return object; } +class ReleaseNPObject { + public: + void operator()(NPObject* o) const { + WebKit::WebBindings::releaseObject(o); + } +}; + +// Handles automatically releasing a reference to the NPObject on destruction. +// It's assumed the input has a ref already taken. +typedef scoped_ptr_malloc<NPObject, ReleaseNPObject> NPObjectReleaser; + } // namespace // ResourceTrackerTest --------------------------------------------------------- @@ -183,7 +197,7 @@ TEST_F(ResourceTrackerTest, DeleteObjectVarWithInstance) { PP_Instance pp_instance2 = instance2->pp_instance(); // Make an object var. - scoped_ptr<NPObject> npobject(NewTrackedNPObject()); + NPObjectReleaser npobject(NewTrackedNPObject()); NPObjectToPPVar(instance2.get(), npobject.get()); EXPECT_EQ(1, g_npobjects_alive); @@ -197,7 +211,7 @@ TEST_F(ResourceTrackerTest, DeleteObjectVarWithInstance) { // Make sure that using the same NPObject should give the same PP_Var // each time. TEST_F(ResourceTrackerTest, ReuseVar) { - scoped_ptr<NPObject> npobject(NewTrackedNPObject()); + NPObjectReleaser npobject(NewTrackedNPObject()); PP_Var pp_object1 = NPObjectToPPVar(instance(), npobject.get()); PP_Var pp_object2 = NPObjectToPPVar(instance(), npobject.get()); |