From 12c8005e13fb59b925f5c9fddec7b4edbcf35a5a Mon Sep 17 00:00:00 2001
From: tommycli <tommycli@chromium.org>
Date: Fri, 25 Mar 2016 15:06:33 -0700
Subject: Plugins: Add a CHECK to PepperWebPluginImpl::destroy to solve crash.

PepperWebPluginImpl seems to be double-destroyed in some renderer
crashes. However, I have not been able to track it down, since the
destruction occurs in a DeleteSoon queue.

This adds an explicit boolean to the destroy() method that should
trigger a CHECK if it is indeed double-destroyed.

BUG=588624

Review URL: https://codereview.chromium.org/1838613002

Cr-Commit-Position: refs/heads/master@{#383377}
---
 content/renderer/pepper/pepper_webplugin_impl.cc | 5 +++++
 content/renderer/pepper/pepper_webplugin_impl.h  | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/content/renderer/pepper/pepper_webplugin_impl.cc b/content/renderer/pepper/pepper_webplugin_impl.cc
index 622bfbe..edf96ee 100644
--- a/content/renderer/pepper/pepper_webplugin_impl.cc
+++ b/content/renderer/pepper/pepper_webplugin_impl.cc
@@ -67,6 +67,7 @@ PepperWebPluginImpl::PepperWebPluginImpl(
       throttler_(std::move(throttler)),
       instance_object_(PP_MakeUndefined()),
       container_(NULL),
+      destroyed_(false),
       weak_factory_(this) {
   DCHECK(plugin_module);
   init_data_->module = plugin_module;
@@ -150,6 +151,10 @@ bool PepperWebPluginImpl::initialize(WebPluginContainer* container) {
 }
 
 void PepperWebPluginImpl::destroy() {
+  // TODO(tommycli): Remove once we fix https://crbug.com/588624.
+  CHECK(!destroyed_);
+  destroyed_ = true;
+
   // Tell |container_| to clear references to this plugin's script objects.
   if (container_)
     container_->clearScriptObjects();
diff --git a/content/renderer/pepper/pepper_webplugin_impl.h b/content/renderer/pepper/pepper_webplugin_impl.h
index 65641ea..406bf4d 100644
--- a/content/renderer/pepper/pepper_webplugin_impl.h
+++ b/content/renderer/pepper/pepper_webplugin_impl.h
@@ -100,6 +100,10 @@ class PepperWebPluginImpl : public blink::WebPlugin {
   gfx::Rect plugin_rect_;
   PP_Var instance_object_;
   blink::WebPluginContainer* container_;
+
+  // TODO(tommycli): Remove once we fix https://crbug.com/588624.
+  bool destroyed_;
+
   base::WeakPtrFactory<PepperWebPluginImpl> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(PepperWebPluginImpl);
-- 
cgit v1.1