diff options
| -rwxr-xr-x | chrome/chrome.gyp | 1 | ||||
| -rw-r--r-- | chrome/common/plugin_messages.h | 31 | ||||
| -rw-r--r-- | chrome/plugin/npobject_base.h | 27 | ||||
| -rw-r--r-- | chrome/plugin/npobject_proxy.cc | 7 | ||||
| -rw-r--r-- | chrome/plugin/npobject_proxy.h | 20 | ||||
| -rw-r--r-- | chrome/plugin/npobject_stub.cc | 34 | ||||
| -rw-r--r-- | chrome/plugin/npobject_stub.h | 13 | ||||
| -rw-r--r-- | chrome/plugin/npobject_util.cc | 36 | ||||
| -rw-r--r-- | chrome/plugin/npobject_util.h | 3 | ||||
| -rw-r--r-- | chrome/plugin/plugin_channel_base.cc | 21 | ||||
| -rw-r--r-- | chrome/plugin/plugin_channel_base.h | 10 | ||||
| -rw-r--r-- | chrome/plugin/webplugin_proxy.cc | 20 | ||||
| -rw-r--r-- | chrome/renderer/plugin_channel_host.cc | 3 | ||||
| -rw-r--r-- | chrome/renderer/plugin_channel_host.h | 4 | ||||
| -rw-r--r-- | chrome/renderer/webplugin_delegate_proxy.cc | 29 |
15 files changed, 178 insertions, 81 deletions
diff --git a/chrome/chrome.gyp b/chrome/chrome.gyp index de2a386..d0dc3a6 100755 --- a/chrome/chrome.gyp +++ b/chrome/chrome.gyp @@ -426,6 +426,7 @@ # mocks. 'plugin/chrome_plugin_host.cc', 'plugin/chrome_plugin_host.h', + 'plugin/npobject_base.h', 'plugin/npobject_proxy.cc', 'plugin/npobject_proxy.h', 'plugin/npobject_stub.cc', diff --git a/chrome/common/plugin_messages.h b/chrome/common/plugin_messages.h index eeea874..736e55e 100644 --- a/chrome/common/plugin_messages.h +++ b/chrome/common/plugin_messages.h @@ -83,11 +83,11 @@ enum NPVariant_ParamEnum { NPVARIANT_PARAM_STRING, // Used when when the NPObject is running in the caller's process, so we // create an NPObjectProxy in the other process. - NPVARIANT_PARAM_OBJECT_ROUTING_ID, + NPVARIANT_PARAM_SENDER_OBJECT_ROUTING_ID, // Used when the NPObject we're sending is running in the callee's process // (i.e. we have an NPObjectProxy for it). In that case we want the callee // to just use the raw pointer. - NPVARIANT_PARAM_OBJECT_POINTER, + NPVARIANT_PARAM_RECEIVER_OBJECT_ROUTING_ID, }; struct NPVariant_Param { @@ -97,7 +97,6 @@ struct NPVariant_Param { double double_value; std::string string_value; int npobject_routing_id; - intptr_t npobject_pointer; }; struct PluginMsg_UpdateGeometry_Param { @@ -353,15 +352,12 @@ struct ParamTraits<NPVariant_Param> { WriteParam(m, p.double_value); } else if (p.type == NPVARIANT_PARAM_STRING) { WriteParam(m, p.string_value); - } else if (p.type == NPVARIANT_PARAM_OBJECT_ROUTING_ID) { + } else if (p.type == NPVARIANT_PARAM_SENDER_OBJECT_ROUTING_ID || + p.type == NPVARIANT_PARAM_RECEIVER_OBJECT_ROUTING_ID) { // This is the routing id used to connect NPObjectProxy in the other - // process with NPObjectStub in this process. + // process with NPObjectStub in this process or to identify the raw + // npobject pointer to be used in the callee process. WriteParam(m, p.npobject_routing_id); - // The actual NPObject pointer, in case it's passed back to this process. - WriteParam(m, p.npobject_pointer); - } else if (p.type == NPVARIANT_PARAM_OBJECT_POINTER) { - // The NPObject resides in the other process, so just send its pointer. - WriteParam(m, p.npobject_pointer); } else { DCHECK(p.type == NPVARIANT_PARAM_VOID || p.type == NPVARIANT_PARAM_NULL); } @@ -381,12 +377,9 @@ struct ParamTraits<NPVariant_Param> { result = ReadParam(m, iter, &r->double_value); } else if (r->type == NPVARIANT_PARAM_STRING) { result = ReadParam(m, iter, &r->string_value); - } else if (r->type == NPVARIANT_PARAM_OBJECT_ROUTING_ID) { - result = - ReadParam(m, iter, &r->npobject_routing_id) && - ReadParam(m, iter, &r->npobject_pointer); - } else if (r->type == NPVARIANT_PARAM_OBJECT_POINTER) { - result = ReadParam(m, iter, &r->npobject_pointer); + } else if (r->type == NPVARIANT_PARAM_SENDER_OBJECT_ROUTING_ID || + r->type == NPVARIANT_PARAM_RECEIVER_OBJECT_ROUTING_ID) { + result = ReadParam(m, iter, &r->npobject_routing_id); } else if ((r->type == NPVARIANT_PARAM_VOID) || (r->type == NPVARIANT_PARAM_NULL)) { result = true; @@ -405,11 +398,9 @@ struct ParamTraits<NPVariant_Param> { LogParam(p.double_value, l); } else if (p.type == NPVARIANT_PARAM_STRING) { LogParam(p.string_value, l); - } else if (p.type == NPVARIANT_PARAM_OBJECT_ROUTING_ID) { + } else if (p.type == NPVARIANT_PARAM_SENDER_OBJECT_ROUTING_ID || + p.type == NPVARIANT_PARAM_RECEIVER_OBJECT_ROUTING_ID) { LogParam(p.npobject_routing_id, l); - LogParam(p.npobject_pointer, l); - } else if (p.type == NPVARIANT_PARAM_OBJECT_POINTER) { - LogParam(p.npobject_pointer, l); } } }; diff --git a/chrome/plugin/npobject_base.h b/chrome/plugin/npobject_base.h new file mode 100644 index 0000000..4b0d892 --- /dev/null +++ b/chrome/plugin/npobject_base.h @@ -0,0 +1,27 @@ +// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. +// +// Base interface implemented by NPObjectProxy and NPObjectStub + +#ifndef CHROME_PLUGIN_NPOBJECT_BASE_H_ +#define CHROME_PLUGIN_NPOBJECT_BASE_H_ + +#include "ipc/ipc_channel.h" +#include "third_party/npapi/bindings/npruntime.h" + +struct NPObject; + +class NPObjectBase { + public: + virtual ~NPObjectBase() {} + + // Returns the underlying NPObject handled by this NPObjectBase instance. + virtual NPObject* GetUnderlyingNPObject() = 0; + + // Returns the channel listener for this NPObjectBase instance. + virtual IPC::Channel::Listener* GetChannelListener() = 0; +}; + +#endif // CHROME_PLUGIN_NPOBJECT_BASE_H_ + diff --git a/chrome/plugin/npobject_proxy.cc b/chrome/plugin/npobject_proxy.cc index a55442b..aff1bcd 100644 --- a/chrome/plugin/npobject_proxy.cc +++ b/chrome/plugin/npobject_proxy.cc @@ -49,15 +49,13 @@ NPObjectProxy* NPObjectProxy::GetProxy(NPObject* object) { NPObjectProxy::NPObjectProxy( PluginChannelBase* channel, int route_id, - intptr_t npobject_ptr, gfx::NativeViewId containing_window, const GURL& page_url) : channel_(channel), route_id_(route_id), - npobject_ptr_(npobject_ptr), containing_window_(containing_window), page_url_(page_url) { - channel_->AddRoute(route_id, this, true); + channel_->AddRoute(route_id, this, this); } NPObjectProxy::~NPObjectProxy() { @@ -70,13 +68,12 @@ NPObjectProxy::~NPObjectProxy() { NPObject* NPObjectProxy::Create(PluginChannelBase* channel, int route_id, - intptr_t npobject_ptr, gfx::NativeViewId containing_window, const GURL& page_url) { NPObjectWrapper* obj = reinterpret_cast<NPObjectWrapper*>( WebBindings::createObject(0, &npclass_proxy_)); obj->proxy = new NPObjectProxy( - channel, route_id, npobject_ptr, containing_window, page_url); + channel, route_id, containing_window, page_url); return reinterpret_cast<NPObject*>(obj); } diff --git a/chrome/plugin/npobject_proxy.h b/chrome/plugin/npobject_proxy.h index c5f3e597..f372a52 100644 --- a/chrome/plugin/npobject_proxy.h +++ b/chrome/plugin/npobject_proxy.h @@ -10,6 +10,7 @@ #include "app/gfx/native_widget_types.h" #include "base/ref_counted.h" +#include "chrome/plugin/npobject_base.h" #include "googleurl/src/gurl.h" #include "ipc/ipc_channel.h" #include "third_party/npapi/bindings/npruntime.h" @@ -26,13 +27,13 @@ struct NPObject; // side translates the IPC messages into calls to the actual NPObject, and // returns the marshalled result. class NPObjectProxy : public IPC::Channel::Listener, - public IPC::Message::Sender { + public IPC::Message::Sender, + public NPObjectBase { public: ~NPObjectProxy(); static NPObject* Create(PluginChannelBase* channel, int route_id, - intptr_t npobject_ptr, gfx::NativeViewId containing_window, const GURL& page_url); @@ -41,10 +42,6 @@ class NPObjectProxy : public IPC::Channel::Listener, int route_id() { return route_id_; } PluginChannelBase* channel() { return channel_; } - // Returns the real NPObject's pointer (obviously only valid in the other - // process). - intptr_t npobject_ptr() { return npobject_ptr_; } - // The next 9 functions are called on NPObjects from the plugin and browser. static bool NPHasMethod(NPObject *obj, NPIdentifier name); @@ -92,10 +89,18 @@ class NPObjectProxy : public IPC::Channel::Listener, static NPObjectProxy* GetProxy(NPObject* object); static const NPClass* npclass() { return &npclass_proxy_; } + // NPObjectBase implementation. + virtual NPObject* GetUnderlyingNPObject() { + return NULL; + } + + IPC::Channel::Listener* GetChannelListener() { + return static_cast<IPC::Channel::Listener*>(this); + } + private: NPObjectProxy(PluginChannelBase* channel, int route_id, - intptr_t npobject_ptr, gfx::NativeViewId containing_window, const GURL& page_url); @@ -112,7 +117,6 @@ class NPObjectProxy : public IPC::Channel::Listener, scoped_refptr<PluginChannelBase> channel_; int route_id_; - intptr_t npobject_ptr_; gfx::NativeViewId containing_window_; // The url of the main frame hosting the plugin. diff --git a/chrome/plugin/npobject_stub.cc b/chrome/plugin/npobject_stub.cc index a23f2dc..ec69c43 100644 --- a/chrome/plugin/npobject_stub.cc +++ b/chrome/plugin/npobject_stub.cc @@ -27,7 +27,7 @@ NPObjectStub::NPObjectStub( route_id_(route_id), containing_window_(containing_window), page_url_(page_url) { - channel_->AddRoute(route_id, this, true); + channel_->AddRoute(route_id, this, this); // We retain the object just as PluginHost does if everything was in-process. WebBindings::retainObject(npobject_); @@ -124,13 +124,19 @@ void NPObjectStub::OnInvoke(bool is_default, NPVariant result_var; VOID_TO_NPVARIANT(result_var); + result_param.type = NPVARIANT_PARAM_VOID; int arg_count = static_cast<int>(args.size()); NPVariant* args_var = new NPVariant[arg_count]; for (int i = 0; i < arg_count; ++i) { - CreateNPVariant( - args[i], local_channel, &(args_var[i]), containing_window_, - page_url_); + if (!CreateNPVariant( + args[i], local_channel, &(args_var[i]), containing_window_, + page_url_)) { + NPObjectMsg_Invoke::WriteReplyParams(reply_msg, result_param, + return_value); + local_channel->Send(reply_msg); + return; + } } if (is_default) { @@ -210,13 +216,17 @@ void NPObjectStub::OnGetProperty(const NPIdentifier_Param& name, void NPObjectStub::OnSetProperty(const NPIdentifier_Param& name, const NPVariant_Param& property, IPC::Message* reply_msg) { - bool result; + bool result = false; NPVariant result_var; VOID_TO_NPVARIANT(result_var); NPIdentifier id = CreateNPIdentifier(name); NPVariant property_var; - CreateNPVariant( - property, channel_, &property_var, containing_window_, page_url_); + if (!CreateNPVariant( + property, channel_, &property_var, containing_window_, page_url_)) { + NPObjectMsg_SetProperty::WriteReplyParams(reply_msg, result); + channel_->Send(reply_msg); + return; + } if (IsPluginProcess()) { if (npobject_->_class->setProperty) { @@ -314,8 +324,14 @@ void NPObjectStub::OnConstruct(const std::vector<NPVariant_Param>& args, int arg_count = static_cast<int>(args.size()); NPVariant* args_var = new NPVariant[arg_count]; for (int i = 0; i < arg_count; ++i) { - CreateNPVariant( - args[i], local_channel, &(args_var[i]), containing_window_, page_url_); + if (!CreateNPVariant( + args[i], local_channel, &(args_var[i]), containing_window_, + page_url_)) { + NPObjectMsg_Invoke::WriteReplyParams(reply_msg, result_param, + return_value); + local_channel->Send(reply_msg); + return; + } } if (IsPluginProcess()) { diff --git a/chrome/plugin/npobject_stub.h b/chrome/plugin/npobject_stub.h index a2e2022..2d3b190 100644 --- a/chrome/plugin/npobject_stub.h +++ b/chrome/plugin/npobject_stub.h @@ -13,6 +13,7 @@ #include "app/gfx/native_widget_types.h" #include "base/ref_counted.h" #include "base/weak_ptr.h" +#include "chrome/plugin/npobject_base.h" #include "googleurl/src/gurl.h" #include "ipc/ipc_channel.h" @@ -26,7 +27,8 @@ struct NPVariant_Param; // more information. class NPObjectStub : public IPC::Channel::Listener, public IPC::Message::Sender, - public base::SupportsWeakPtr<NPObjectStub> { + public base::SupportsWeakPtr<NPObjectStub>, + public NPObjectBase { public: NPObjectStub(NPObject* npobject, PluginChannelBase* channel, @@ -43,6 +45,15 @@ class NPObjectStub : public IPC::Channel::Listener, // window script object on destruction to avoid leaks. void OnPluginDestroyed(); + // NPObjectBase implementation. + virtual NPObject* GetUnderlyingNPObject() { + return npobject_; + } + + IPC::Channel::Listener* GetChannelListener() { + return static_cast<IPC::Channel::Listener*>(this); + } + private: // IPC::Channel::Listener implementation: void OnMessageReceived(const IPC::Message& message); diff --git a/chrome/plugin/npobject_util.cc b/chrome/plugin/npobject_util.cc index 229a984..c0c3d10f 100644 --- a/chrome/plugin/npobject_util.cc +++ b/chrome/plugin/npobject_util.cc @@ -176,12 +176,12 @@ void CreateNPVariantParam(const NPVariant& variant, variant.value.stringValue.UTF8Length); } break; - case NPVariantType_Object: - { + case NPVariantType_Object: { if (variant.value.objectValue->_class == NPObjectProxy::npclass()) { - param->type = NPVARIANT_PARAM_OBJECT_POINTER; - param->npobject_pointer = - NPObjectProxy::GetProxy(variant.value.objectValue)->npobject_ptr(); + param->type = NPVARIANT_PARAM_RECEIVER_OBJECT_ROUTING_ID; + NPObjectProxy* proxy = + NPObjectProxy::GetProxy(variant.value.objectValue); + param->npobject_routing_id = proxy->route_id(); // Don't release, because our original variant is the same as our proxy. release = false; } else { @@ -191,14 +191,12 @@ void CreateNPVariantParam(const NPVariant& variant, // NPObjectStub adds its own reference to the NPObject it owns, so if // we were supposed to release the corresponding variant // (release==true), we should still do that. - param->type = NPVARIANT_PARAM_OBJECT_ROUTING_ID; + param->type = NPVARIANT_PARAM_SENDER_OBJECT_ROUTING_ID; int route_id = channel->GenerateRouteID(); new NPObjectStub( variant.value.objectValue, channel, route_id, containing_window, page_url); param->npobject_routing_id = route_id; - param->npobject_pointer = - reinterpret_cast<intptr_t>(variant.value.objectValue); } else { param->type = NPVARIANT_PARAM_VOID; } @@ -213,7 +211,7 @@ void CreateNPVariantParam(const NPVariant& variant, WebBindings::releaseVariantValue(const_cast<NPVariant*>(&variant)); } -void CreateNPVariant(const NPVariant_Param& param, +bool CreateNPVariant(const NPVariant_Param& param, PluginChannelBase* channel, NPVariant* result, gfx::NativeViewId containing_window, @@ -244,22 +242,32 @@ void CreateNPVariant(const NPVariant_Param& param, result->value.stringValue.UTF8Length = static_cast<int>(param.string_value.size()); break; - case NPVARIANT_PARAM_OBJECT_ROUTING_ID: + case NPVARIANT_PARAM_SENDER_OBJECT_ROUTING_ID: result->type = NPVariantType_Object; result->value.objectValue = NPObjectProxy::Create(channel, param.npobject_routing_id, - param.npobject_pointer, containing_window, page_url); break; - case NPVARIANT_PARAM_OBJECT_POINTER: + case NPVARIANT_PARAM_RECEIVER_OBJECT_ROUTING_ID: { + NPObjectBase* npobject_base = + channel->GetNPObjectListenerForRoute(param.npobject_routing_id); + if (!npobject_base) { + DLOG(WARNING) << "Invalid routing id passed in" + << param.npobject_routing_id; + return false; + } + + DCHECK(npobject_base->GetUnderlyingNPObject() != NULL); + result->type = NPVariantType_Object; - result->value.objectValue = - reinterpret_cast<NPObject*>(param.npobject_pointer); + result->value.objectValue = npobject_base->GetUnderlyingNPObject(); WebBindings::retainObject(result->value.objectValue); break; + } default: NOTREACHED(); } + return true; } diff --git a/chrome/plugin/npobject_util.h b/chrome/plugin/npobject_util.h index 3fcc701..1334e79 100644 --- a/chrome/plugin/npobject_util.h +++ b/chrome/plugin/npobject_util.h @@ -53,7 +53,8 @@ void CreateNPVariantParam(const NPVariant& variant, const GURL& page_url); // Creates an NPVariant from the marshalled object. -void CreateNPVariant(const NPVariant_Param& param, +// Returns true on success. +bool CreateNPVariant(const NPVariant_Param& param, PluginChannelBase* channel, NPVariant* result, gfx::NativeViewId containing_window, diff --git a/chrome/plugin/plugin_channel_base.cc b/chrome/plugin/plugin_channel_base.cc index 026b9e5..f104fea 100644 --- a/chrome/plugin/plugin_channel_base.cc +++ b/chrome/plugin/plugin_channel_base.cc @@ -95,6 +95,15 @@ void PluginChannelBase::CleanupChannels() { g_plugin_channels_.clear(); } +NPObjectBase* PluginChannelBase::GetNPObjectListenerForRoute(int route_id) { + ListenerMap::iterator iter = npobject_listeners_.find(route_id); + if (iter == npobject_listeners_.end()) { + DLOG(WARNING) << "Invalid route id passed in:" << route_id; + return NULL; + } + return iter->second; +} + bool PluginChannelBase::Init(MessageLoop* ipc_message_loop, bool create_pipe_now) { channel_.reset(new IPC::SyncChannel( @@ -154,9 +163,9 @@ void PluginChannelBase::OnChannelConnected(int32 peer_pid) { void PluginChannelBase::AddRoute(int route_id, IPC::Channel::Listener* listener, - bool npobject) { + NPObjectBase* npobject) { if (npobject) { - npobject_listeners_[route_id] = listener; + npobject_listeners_[route_id] = npobject; } else { plugin_count_++; } @@ -190,8 +199,12 @@ void PluginChannelBase::RemoveRoute(int route_id) { AutoReset auto_reset_in_remove_route(&in_remove_route_, true); for (ListenerMap::iterator npobj_iter = npobject_listeners_.begin(); npobj_iter != npobject_listeners_.end(); ++npobj_iter) { - if (npobj_iter->second) - npobj_iter->second->OnChannelError(); + if (npobj_iter->second) { + IPC::Channel::Listener* channel_listener = + npobj_iter->second->GetChannelListener(); + DCHECK(channel_listener != NULL); + channel_listener->OnChannelError(); + } } for (PluginChannelMap::iterator iter = g_plugin_channels_.begin(); diff --git a/chrome/plugin/plugin_channel_base.h b/chrome/plugin/plugin_channel_base.h index f4aab85..455ca12 100644 --- a/chrome/plugin/plugin_channel_base.h +++ b/chrome/plugin/plugin_channel_base.h @@ -14,6 +14,7 @@ #include "base/ref_counted.h" #include "base/scoped_ptr.h" #include "chrome/common/message_router.h" +#include "chrome/plugin/npobject_base.h" #include "ipc/ipc_sync_channel.h" // Encapsulates an IPC channel between a renderer and a plugin process. @@ -28,7 +29,8 @@ class PluginChannelBase : public IPC::Channel::Listener, // lifetime of this object (by passing true for npobject) because we don't // want a leak of an NPObject in a plugin to keep the channel around longer // than necessary. - void AddRoute(int route_id, IPC::Channel::Listener* listener, bool npobject); + void AddRoute(int route_id, IPC::Channel::Listener* listener, + NPObjectBase* npobject); void RemoveRoute(int route_id); // IPC::Message::Sender implementation: @@ -55,6 +57,10 @@ class PluginChannelBase : public IPC::Channel::Listener, static void CleanupChannels(); + // Returns the NPObjectBase object for the route id passed in. + // Returns NULL on failure. + NPObjectBase* GetNPObjectListenerForRoute(int route_id); + protected: typedef PluginChannelBase* (*PluginChannelFactory)(); @@ -107,7 +113,7 @@ class PluginChannelBase : public IPC::Channel::Listener, // Keep track of all the registered NPObjects proxies/stubs so that when the // channel is closed we can inform them. - typedef base::hash_map<int, IPC::Channel::Listener*> ListenerMap; + typedef base::hash_map<int, NPObjectBase*> ListenerMap; ListenerMap npobject_listeners_; // Used to implement message routing functionality to WebPlugin[Delegate] diff --git a/chrome/plugin/webplugin_proxy.cc b/chrome/plugin/webplugin_proxy.cc index 8142185..34091e9 100644 --- a/chrome/plugin/webplugin_proxy.cc +++ b/chrome/plugin/webplugin_proxy.cc @@ -151,14 +151,14 @@ NPObject* WebPluginProxy::GetWindowScriptNPObject() { int npobject_route_id = channel_->GenerateRouteID(); bool success = false; - intptr_t npobject_ptr; + intptr_t npobject_ptr = NULL; Send(new PluginHostMsg_GetWindowScriptNPObject( route_id_, npobject_route_id, &success, &npobject_ptr)); if (!success) return NULL; window_npobject_ = NPObjectProxy::Create( - channel_, npobject_route_id, npobject_ptr, containing_window_, page_url_); + channel_, npobject_route_id, containing_window_, page_url_); return window_npobject_; } @@ -169,14 +169,14 @@ NPObject* WebPluginProxy::GetPluginElement() { int npobject_route_id = channel_->GenerateRouteID(); bool success = false; - intptr_t npobject_ptr; + intptr_t npobject_ptr = NULL; Send(new PluginHostMsg_GetPluginElement( route_id_, npobject_route_id, &success, &npobject_ptr)); if (!success) return NULL; plugin_element_ = NPObjectProxy::Create( - channel_, npobject_route_id, npobject_ptr, containing_window_, page_url_); + channel_, npobject_route_id, containing_window_, page_url_); return plugin_element_; } @@ -321,10 +321,8 @@ bool WebPluginProxy::GetDragData(struct NPObject* event, bool add_data, return false; NPVariant_Param event_param; - event_param.type = NPVARIANT_PARAM_OBJECT_POINTER; - event_param.npobject_pointer = proxy->npobject_ptr(); - if (!event_param.npobject_pointer) - return false; + event_param.type = NPVARIANT_PARAM_RECEIVER_OBJECT_ROUTING_ID; + event_param.npobject_routing_id = proxy->route_id(); std::vector<NPVariant_Param> values; bool success = false; @@ -353,10 +351,8 @@ bool WebPluginProxy::SetDropEffect(struct NPObject* event, int effect) { return false; NPVariant_Param event_param; - event_param.type = NPVARIANT_PARAM_OBJECT_POINTER; - event_param.npobject_pointer = proxy->npobject_ptr(); - if (!event_param.npobject_pointer) - return false; + event_param.type = NPVARIANT_PARAM_RECEIVER_OBJECT_ROUTING_ID; + event_param.npobject_routing_id = proxy->route_id(); bool success = false; Send(new PluginHostMsg_SetDropEffect(route_id_, event_param, effect, diff --git a/chrome/renderer/plugin_channel_host.cc b/chrome/renderer/plugin_channel_host.cc index aa409ce..7dfb3b7 100644 --- a/chrome/renderer/plugin_channel_host.cc +++ b/chrome/renderer/plugin_channel_host.cc @@ -5,6 +5,7 @@ #include "chrome/renderer/plugin_channel_host.h" #include "chrome/common/plugin_messages.h" +#include "chrome/plugin/npobject_base.h" #include "third_party/WebKit/WebKit/chromium/public/WebBindings.h" @@ -97,7 +98,7 @@ int PluginChannelHost::GenerateRouteID() { void PluginChannelHost::AddRoute(int route_id, IPC::Channel::Listener* listener, - bool npobject) { + NPObjectBase* npobject) { PluginChannelBase::AddRoute(route_id, listener, npobject); if (!npobject) diff --git a/chrome/renderer/plugin_channel_host.h b/chrome/renderer/plugin_channel_host.h index 18989d4..31bf77a 100644 --- a/chrome/renderer/plugin_channel_host.h +++ b/chrome/renderer/plugin_channel_host.h @@ -9,6 +9,7 @@ #include "chrome/plugin/plugin_channel_base.h" class IsListeningFilter; +class NPObjectBase; // Encapsulates an IPC channel between the renderer and one plugin process. // On the plugin side there's a corresponding PluginChannel. @@ -21,7 +22,8 @@ class PluginChannelHost : public PluginChannelBase { int GenerateRouteID(); - void AddRoute(int route_id, IPC::Channel::Listener* listener, bool npobject); + void AddRoute(int route_id, IPC::Channel::Listener* listener, + NPObjectBase* npobject); void RemoveRoute(int route_id); // IPC::Channel::Listener override diff --git a/chrome/renderer/webplugin_delegate_proxy.cc b/chrome/renderer/webplugin_delegate_proxy.cc index 13b79b5..5cfe049 100644 --- a/chrome/renderer/webplugin_delegate_proxy.cc +++ b/chrome/renderer/webplugin_delegate_proxy.cc @@ -830,7 +830,7 @@ NPObject* WebPluginDelegateProxy::GetPluginScriptableObject() { return NULL; npobject_ = NPObjectProxy::Create( - channel_host_.get(), route_id, npobject_ptr, 0, page_url_); + channel_host_.get(), route_id, 0, page_url_); return WebBindings::retainObject(npobject_); } @@ -1018,7 +1018,19 @@ void WebPluginDelegateProxy::OnGetDragData(const NPVariant_Param& object, int event_id; WebDragData data; - NPObject* event = reinterpret_cast<NPObject*>(object.npobject_pointer); + + DCHECK(object.type == NPVARIANT_PARAM_RECEIVER_OBJECT_ROUTING_ID); + NPObjectBase* npobject_base = + channel_host_->GetNPObjectListenerForRoute(object.npobject_routing_id); + if (!npobject_base) { + DLOG(WARNING) << "Invalid routing id passed in" + << object.npobject_routing_id; + return; + } + + NPObject* event = npobject_base->GetUnderlyingNPObject(); + DCHECK(event != NULL); + const int32 drag_id = webview->dragIdentity(); if (!drag_id || !WebBindings::getDragData(event, &event_id, &data)) return; @@ -1049,7 +1061,18 @@ void WebPluginDelegateProxy::OnSetDropEffect(const NPVariant_Param& object, if (!webview) return; - NPObject* event = reinterpret_cast<NPObject*>(object.npobject_pointer); + DCHECK(object.type == NPVARIANT_PARAM_RECEIVER_OBJECT_ROUTING_ID); + NPObjectBase* npobject_base = + channel_host_->GetNPObjectListenerForRoute(object.npobject_routing_id); + if (!npobject_base) { + DLOG(WARNING) << "Invalid routing id passed in" + << object.npobject_routing_id; + return; + } + + NPObject* event = npobject_base->GetUnderlyingNPObject(); + DCHECK(event != NULL); + const int32 drag_id = webview->dragIdentity(); if (!drag_id || !WebBindings::isDragEvent(event)) return; |