Issue 215018: The WebPluginImpl::paint function can be invoked when the delegate_ member is...

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 215018: The WebPluginImpl::paint function can be invoked when the delegate_ member is... (Closed)

Created:
11 years, 3 months ago by ananta

Modified:
9 years, 6 months ago

Reviewers:
darin (slow to review), jam

CC:
chromium-reviews_googlegroups.com, jam

Base URL:
svn://chrome-svn/chrome/trunk/src/

Visibility:
Public.

Description

The WebPluginImpl::paint function can be invoked when the delegate_ member is NULL. This scenario can happen if a plugin is reinitialized, in which case the plugin instance is torn down and a new one is initialized. If the second initialization fails, we have a plugin instance in the renderer which has a NULL delegate_. Fix is to add a NULL check for the delegate in the paint function. Fixes http://code.google.com/p/chromium/issues/detail?id=22196 Bug=22196 Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=26552

Patch Set 1 #

Patch Set 2 : '' #

Patch Set 3 : '' #

Created: 11 years, 3 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+2 lines, -0 lines)			Patch
	M	webkit/glue/webplugin_impl.cc	View	1 2	1 chunk	+2 lines, -0 lines	0 comments	Download

Messages

Total messages: 5 (0 generated)

Expand Messages | Collapse Messages

ananta

On 2009/09/17 23:08:22, John Abd-El-Malek wrote: > lgtm > > why not just an early ...

11 years, 3 months ago (2009-09-17 23:22:54 UTC) #3

darin (slow to review)

The scenario that leads to this crash sounds like something we could simulate in a ...

11 years, 3 months ago (2009-09-18 04:32:26 UTC) #4

iyengar

11 years, 3 months ago (2009-09-18 04:44:08 UTC) #5

To simulate this in a test, we would need to issue a byte range request from
a plugin in response to which the web serverwould return a HTTP 200
response. This would trigger reinitialization of the plugin which then needs
to fail.

I will try and get to the test case in a subsequent CL..

Thanks
Ananta

On Thu, Sep 17, 2009 at 9:32 PM, <darin@chromium.org> wrote:

> The scenario that leads to this crash sounds like something we could
> simulate in
> a test, right?
>
>
> http://codereview.chromium.org/215018
>

Expand Messages | Collapse Messages