diff options
| author | piman@chromium.org <piman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-07-15 17:47:37 +0000 |
|---|---|---|
| committer | piman@chromium.org <piman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-07-15 17:47:37 +0000 |
| commit | 8ae6b1eaba16e5ae9ed8fac4fb3068881d705c66 (patch) | |
| tree | 69608da26eb532966c75fe649813d434d8ba6a95 /webkit | |
| parent | 04866a2c8c4c65fd8cb02ee872b25d5b5017033f (diff) | |
| download | chromium_src-8ae6b1eaba16e5ae9ed8fac4fb3068881d705c66.zip chromium_src-8ae6b1eaba16e5ae9ed8fac4fb3068881d705c66.tar.gz chromium_src-8ae6b1eaba16e5ae9ed8fac4fb3068881d705c66.tar.bz2 | |
Fix re-entrancy case in WebPluginImpl::scriptableObject.
BUG=None
TEST=Manual (with Pepper Flash).
Review URL: http://codereview.chromium.org/7383002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92710 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit')
| -rw-r--r-- | webkit/plugins/ppapi/ppapi_webplugin_impl.cc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/webkit/plugins/ppapi/ppapi_webplugin_impl.cc b/webkit/plugins/ppapi/ppapi_webplugin_impl.cc index f99f319..80328ff 100644 --- a/webkit/plugins/ppapi/ppapi_webplugin_impl.cc +++ b/webkit/plugins/ppapi/ppapi_webplugin_impl.cc @@ -96,6 +96,11 @@ void WebPluginImpl::destroy() { NPObject* WebPluginImpl::scriptableObject() { scoped_refptr<ObjectVar> object( ObjectVar::FromPPVar(instance_->GetInstanceObject())); + // GetInstanceObject talked to the plugin which may have removed the instance + // from the DOM, in which case instance_ would be NULL now. + if (!instance_) + return NULL; + // If there's an InstanceObject, tell the Instance's MessageChannel to pass // any non-postMessage calls to it. if (object) { |