diff options
| author | sail@chromium.org <sail@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-09-01 03:37:20 +0000 |
|---|---|---|
| committer | sail@chromium.org <sail@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-09-01 03:37:20 +0000 |
| commit | 0f3a2d136bbe988ad5fa8b5585d2d1b6dfd40aff (patch) | |
| tree | 330624241ff080d3f750c2f021137498e97c5f3b /webkit | |
| parent | 50b0139750b7892d0d39a1cc0da93619cbf2ecd1 (diff) | |
| download | chromium_src-0f3a2d136bbe988ad5fa8b5585d2d1b6dfd40aff.zip chromium_src-0f3a2d136bbe988ad5fa8b5585d2d1b6dfd40aff.tar.gz chromium_src-0f3a2d136bbe988ad5fa8b5585d2d1b6dfd40aff.tar.bz2 | |
Pepper Flash Mac: Fix crash when playing video on MB retina
When playing video on Mac Book retina devices Chrome would crash.
The problem was that we were using the page scale factor when drawing bitmaps from the plugin. Thus when drawing the bitmap we would dereference memory past the end of the bitmap buffer and crash.
To fix this we now pass the plugin's scale factor instead of the page's scale factor.
BUG=141541
TEST=Note, this crash only happens if accelerated compositing is disabled. This is most common on MB retina devices running 10.7 since the device is on the GPU black list.
To test this I ran Chrome on a Mac Book retina on 10.8 with --disable-accelerated-compositing. I verified that without this patch Chrome crashes and with this patch the video plays fine. Also tested that everything works correctly on an external monitor with a 1x scale factor.
Also, to reproduce this crash you also need this patch:
https://chromiumcodereview.appspot.com/10879050
That patch got reverted due to this crash. Once the fix is checked in I'll reland that patch.
Review URL: https://chromiumcodereview.appspot.com/10905036
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@154593 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit')
| -rw-r--r-- | webkit/plugins/ppapi/ppapi_plugin_instance.cc | 4 | ||||
| -rw-r--r-- | webkit/plugins/ppapi/ppapi_plugin_instance.h | 3 |
2 files changed, 5 insertions, 2 deletions
diff --git a/webkit/plugins/ppapi/ppapi_plugin_instance.cc b/webkit/plugins/ppapi/ppapi_plugin_instance.cc index 16f71c9..7cbedf0 100644 --- a/webkit/plugins/ppapi/ppapi_plugin_instance.cc +++ b/webkit/plugins/ppapi/ppapi_plugin_instance.cc @@ -982,7 +982,8 @@ bool PluginInstance::GetBitmapForOptimizedPluginPaint( const gfx::Rect& paint_bounds, TransportDIB** dib, gfx::Rect* location, - gfx::Rect* clip) { + gfx::Rect* clip, + float* scale_factor) { if (!always_on_top_) return false; if (!GetBoundGraphics2D() || !GetBoundGraphics2D()->is_always_opaque()) @@ -1009,6 +1010,7 @@ bool PluginInstance::GetBitmapForOptimizedPluginPaint( *dib = image_data->PlatformImage()->GetTransportDIB(); *location = plugin_backing_store_rect; *clip = clip_page; + *scale_factor = GetBoundGraphics2D()->GetScale(); return true; } diff --git a/webkit/plugins/ppapi/ppapi_plugin_instance.h b/webkit/plugins/ppapi/ppapi_plugin_instance.h index 84e90a1..a221851 100644 --- a/webkit/plugins/ppapi/ppapi_plugin_instance.h +++ b/webkit/plugins/ppapi/ppapi_plugin_instance.h @@ -221,7 +221,8 @@ class WEBKIT_PLUGINS_EXPORT PluginInstance : const gfx::Rect& paint_bounds, TransportDIB** dib, gfx::Rect* dib_bounds, - gfx::Rect* clip); + gfx::Rect* clip, + float* scale_factor); // Tracks all live PluginObjects. void AddPluginObject(PluginObject* plugin_object); |