diff options
| author | raymes@chromium.org <raymes@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-05-03 15:41:32 +0000 |
|---|---|---|
| committer | raymes@chromium.org <raymes@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-05-03 15:41:32 +0000 |
| commit | 100991bcf54f385a593678d1dfc087d84da2a6a2 (patch) | |
| tree | 15077a7f4b1f3ef02fd362823887c6ee8d7e9010 /webkit | |
| parent | 7fceeab21beef5afb22b1de904ebb2320c8104b7 (diff) | |
| download | chromium_src-100991bcf54f385a593678d1dfc087d84da2a6a2.zip chromium_src-100991bcf54f385a593678d1dfc087d84da2a6a2.tar.gz chromium_src-100991bcf54f385a593678d1dfc087d84da2a6a2.tar.bz2 | |
Don't set |bound_graphics_2d_| if binding the instance fails.
In PluginInstance, the |bound_graphics_2d/3d_| members should only be set if
binding the instance to those graphics resources succeeds. Otherwise the
resources might be destroyed and cleanup won't happen correctly, leading to
dangling pointers in PluginInstance. This might be responsible for the
associated bug.
I've reworked the code around this to make it a little clearer that this
should be the case.
BUG=237560
R=dmichael@chromium.org, yzshen@chromium.org
Review URL: https://codereview.chromium.org/14797005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@198114 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit')
| -rw-r--r-- | webkit/plugins/ppapi/ppapi_plugin_instance.cc | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/webkit/plugins/ppapi/ppapi_plugin_instance.cc b/webkit/plugins/ppapi/ppapi_plugin_instance.cc index 4b045ca..8b30ea9 100644 --- a/webkit/plugins/ppapi/ppapi_plugin_instance.cc +++ b/webkit/plugins/ppapi/ppapi_plugin_instance.cc @@ -1898,30 +1898,31 @@ PP_Bool PluginInstance::BindGraphics(PP_Instance instance, desired_fullscreen_state_ != view_data_.is_fullscreen) return PP_FALSE; - bound_graphics_2d_platform_ = delegate_->GetGraphics2D(this, device); + PluginDelegate::PlatformGraphics2D* graphics_2d = + delegate_->GetGraphics2D(this, device); EnterResourceNoLock<PPB_Graphics3D_API> enter_3d(device, false); PPB_Graphics3D_Impl* graphics_3d = enter_3d.succeeded() ? static_cast<PPB_Graphics3D_Impl*>(enter_3d.object()) : NULL; - if (bound_graphics_2d_platform_) { - if (!bound_graphics_2d_platform_->BindToInstance(this)) - return PP_FALSE; // Can't bind to more than one instance. + if (graphics_2d) { + if (graphics_2d->BindToInstance(this)) { + bound_graphics_2d_platform_ = graphics_2d; + UpdateLayer(); + return PP_TRUE; + } } else if (graphics_3d) { // Make sure graphics can only be bound to the instance it is // associated with. - if (graphics_3d->pp_instance() != pp_instance()) - return PP_FALSE; - if (!graphics_3d->BindToInstance(true)) - return PP_FALSE; - - bound_graphics_3d_ = graphics_3d; - } else { - // The device is not a valid resource type. - return PP_FALSE; + if (graphics_3d->pp_instance() == pp_instance() && + graphics_3d->BindToInstance(true)) { + bound_graphics_3d_ = graphics_3d; + UpdateLayer(); + return PP_TRUE; + } } - UpdateLayer(); - return PP_TRUE; + // The instance cannot be bound or the device is not a valid resource type. + return PP_FALSE; } PP_Bool PluginInstance::IsFullFrame(PP_Instance instance) { |