Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(30)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: webkit/glue/plugins/webplugin_delegate_impl_mac.mm

Issue 556078: Fix possible iterator corruption in Carbon plugin idle event handling (Closed)
Patch Set: Created 10 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: webkit/glue/plugins/webplugin_delegate_impl_mac.mm
diff --git a/webkit/glue/plugins/webplugin_delegate_impl_mac.mm b/webkit/glue/plugins/webplugin_delegate_impl_mac.mm
index 1b50c12ec4de1d8bf9d12b90fdfd797e609b79c9..44800c960ded3f955ea270067fa02c20360d977e 100644
--- a/webkit/glue/plugins/webplugin_delegate_impl_mac.mm
+++ b/webkit/glue/plugins/webplugin_delegate_impl_mac.mm
@@ -142,8 +142,12 @@ class CarbonIdleEventSource {
void SendIdleEventsToDelegates(
const std::set<WebPluginDelegateImpl*>& delegates) const {
for (std::set<WebPluginDelegateImpl*>::iterator i = delegates.begin();
- i != delegates.end(); ++i) {
- (*i)->FireIdleEvent();
+ i != delegates.end();) {
+ // If the plugin changes size or position during idle event handling, it
+ // may be removed from this set; increment the iterator before calling
+ // into the delegate to ensure that the iteration won't be corrupted.
+ WebPluginDelegateImpl* delegate = *(i++);
+ delegate->FireIdleEvent();
}
}
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698