From 800628f2306f5cbe44065093c8ac49c351e2c1f6 Mon Sep 17 00:00:00 2001 From: "jhorwich@chromium.org" Date: Wed, 27 Jun 2012 20:15:27 +0000 Subject: Invoke PluginImplementedObjectDestroyed for ppp_class deallocate Deallocate on the plugin's GetInstanceObject ScriptableObject gets invoked twice during plugin destruction, typically resulting in a crash, for proxied plugins that expose a scriptable object. Once by PPP_ClassProxy::OnMsgDeallocate and once by PluginVarTracker::DidDeleteInstance. This patch removes the object from the var tracker when it is destroyed in PPP_Class_Proxy. It also tweaks a unittest to verify Deallocate is invoked only once during the test. BUG=133950 TEST=Run gmail, reload page (ctrl-r) and observe for plugin crashes TEST=Run ppapi_example out-of-process, reload page, observe for plugn crashes TEST=ppapi_unittests --gtest_filter="PluginVar*" Review URL: https://chromiumcodereview.appspot.com/10678007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144531 0039d316-1c4b-4281-b951-d872f2087c98 --- ppapi/proxy/plugin_var_tracker_unittest.cc | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'ppapi/proxy/plugin_var_tracker_unittest.cc') diff --git a/ppapi/proxy/plugin_var_tracker_unittest.cc b/ppapi/proxy/plugin_var_tracker_unittest.cc index 089888c..10a7c50 100644 --- a/ppapi/proxy/plugin_var_tracker_unittest.cc +++ b/ppapi/proxy/plugin_var_tracker_unittest.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -21,10 +21,10 @@ PP_Var MakeObject(int32 object_id) { return ret; } -// A Deallocate() function for PPP_Class that just writes 1 to the given -// pointer so we know when Deallocate was called. +// A Deallocate() function for PPP_Class that just increments the integer +// referenced by the pointer so we know how often Deallocate was called. void MarkOnDeallocate(void* object) { - *static_cast(object) = 1; + (*static_cast(object))++; } // A class that just implements MarkOnDeallocate on destruction. @@ -203,11 +203,11 @@ TEST_F(PluginVarTrackerTest, PluginObjectInstanceDeleted) { // we won't get a destroy call. object = NULL; var_tracker().ReleaseVar(plugin_var); - EXPECT_FALSE(deallocate_called); + EXPECT_EQ(0, deallocate_called); // Synthesize an instance destuction, this should call Deallocate. var_tracker().DidDeleteInstance(pp_instance); - EXPECT_TRUE(deallocate_called); + EXPECT_EQ(1, deallocate_called); } // Tests what happens when a plugin keeps a ref to a plugin-implemented @@ -229,16 +229,16 @@ TEST_F(PluginVarTrackerTest, PluginObjectLeaked) { &mark_on_deallocate_class, user_data); - // Destroy the innstance. This should not call deallocate since the plugin + // Destroy the instance. This should not call deallocate since the plugin // still has a ref. var_tracker().DidDeleteInstance(pp_instance); - EXPECT_FALSE(deallocate_called); + EXPECT_EQ(0, deallocate_called); // Release the plugin ref to the var. Since the instance is gone this should // call deallocate. object = NULL; var_tracker().ReleaseVar(plugin_var); - EXPECT_TRUE(deallocate_called); + EXPECT_EQ(1, deallocate_called); } } // namespace proxy -- cgit v1.1