From 2515b7dc2832404db4aa8d7d20257f0865c0d931 Mon Sep 17 00:00:00 2001 From: raymes Date: Thu, 4 Sep 2014 16:01:29 -0700 Subject: Replace NPObject usage in ppapi with gin This replaces usage of NPObject in pepper with gin-backed V8 objects. It is unfortunate that this CL is so large, but there isn't a nice way to have the old implementation and the new one side-by-side. There are 4 major parts to this CL: 1) Changing the HostVarTracker to track V8ObjectVars rather than NPObjectVars (host_var_tracker.cc). 2) Changing plugin elements (in plugin_object.cc) to be gin-backed objects. 3) Changing postMessage bindings (message_channel.cc) be gin-backed objects. 4) Changing the implementation of PPB_Var_Deprecated (ppb_var_deprecated_impl.cc) to call directly into V8. BUG=351636 Review URL: https://codereview.chromium.org/459553003 Cr-Commit-Position: refs/heads/master@{#293366} --- ppapi/tests/test_post_message.cc | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'ppapi/tests/test_post_message.cc') diff --git a/ppapi/tests/test_post_message.cc b/ppapi/tests/test_post_message.cc index 5413b54..6a415bb 100644 --- a/ppapi/tests/test_post_message.cc +++ b/ppapi/tests/test_post_message.cc @@ -172,6 +172,14 @@ TestPostMessage::~TestPostMessage() { bool TestPostMessage::Init() { bool success = CheckTestingInterface(); + // Add a post condition to tests which caches the postMessage function and + // then calls it after the instance is destroyed. The ensures that no UAF + // occurs because the MessageChannel may still be alive after the plugin + // instance is destroyed (it will get garbage collected eventually). + instance_->EvalScript("window.pluginPostMessage = " + "document.getElementById('plugin').postMessage"); + instance_->AddPostCondition("window.pluginPostMessage('') === undefined"); + // Set up a special listener that only responds to a FINISHED_WAITING string. // This is for use by WaitForMessages. std::string js_code; -- cgit v1.1