Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(36)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 6134001: Fix for a plugin crasher which occurs in the context of NPP_Destroy. The plug... (Closed)

Created:
9 years, 11 months ago by ananta
Modified:
9 years, 6 months ago
Reviewers:
stuartmorgan, jam
CC:
chromium-reviews, darin-cc_chromium.org
Visibility:
Public.

Description

Fix for a plugin crasher which occurs in the context of NPP_Destroy. The plugin invokes NPN_MemFree in this context and we crash while invoking the destructor of the PluginHost as the reference count of the PluginHost object is 0. It is not clear as to why this happens as the PluginHost object is implemented as a singleton with a static scoped_refptr object around to ensure that the ref count is at least 1 until the CRT is around. From the dump it appears that CRT is still valid. In any case we don't need to validate the host pointers in NPN_MemAlloc and NPN_MemFree. Will look further in the code to see if there is any misuse of the PluginHost pointer. BUG=68767 TESt=none Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=70791

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+7 lines, -14 lines) Patch
M webkit/plugins/npapi/plugin_host.cc View 1 chunk +7 lines, -14 lines 0 comments Download

Messages

Total messages: 2 (0 generated)
ananta
9 years, 11 months ago (2011-01-06 20:29:23 UTC) #1
stuartmorgan
9 years, 11 months ago (2011-01-07 20:11:53 UTC) #2 
LGTM

Powered by Google App Engine
This is Rietveld 408576698