Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(590)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 6258023: Fix full-screen pepper 3d regression (Closed)

Created:
9 years, 11 months ago by piman
Modified:
9 years, 7 months ago
CC:
chromium-reviews, Ken Russell (switch to Gerrit), jam
Visibility:
Public.

Description

Fix full-screen pepper 3d regression Introduced by http://codereview.chromium.org/6343006 Not all RenderWidgetHosts are RenderViewHosts. BUG=broken 3d on full-screen pepper flash TEST=pepper flash Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=72998

Patch Set 1 #

Total comments: 3
Unified diffs Side-by-side diffs Delta from patch set Stats (+8 lines, -3 lines) Patch
M chrome/browser/gpu_process_host.cc View 2 chunks +8 lines, -3 lines 3 comments Download

Messages

Total messages: 5 (0 generated)
piman
9 years, 11 months ago (2011-01-28 00:58:42 UTC) #1
jonathan.backer
LGTM.
9 years, 11 months ago (2011-01-28 14:12:08 UTC) #2
apatrick_chromium
http://codereview.chromium.org/6258023/diff/1/chrome/browser/gpu_process_host.cc File chrome/browser/gpu_process_host.cc (right): http://codereview.chromium.org/6258023/diff/1/chrome/browser/gpu_process_host.cc#newcode260 chrome/browser/gpu_process_host.cc:260: host = static_cast<RenderWidgetHost*>( piman, is this cast safe if ...
9 years, 10 months ago (2011-02-11 21:59:12 UTC) #3
piman
http://codereview.chromium.org/6258023/diff/1/chrome/browser/gpu_process_host.cc File chrome/browser/gpu_process_host.cc (right): http://codereview.chromium.org/6258023/diff/1/chrome/browser/gpu_process_host.cc#newcode260 chrome/browser/gpu_process_host.cc:260: host = static_cast<RenderWidgetHost*>( On 2011/02/11 21:59:12, apatrick_chromium wrote: > ...
9 years, 10 months ago (2011-02-11 22:07:52 UTC) #4
apatrick_chromium
9 years, 10 months ago (2011-02-11 22:10:42 UTC) #5 
http://codereview.chromium.org/6258023/diff/1/chrome/browser/gpu_process_host.cc
File chrome/browser/gpu_process_host.cc (right):

http://codereview.chromium.org/6258023/diff/1/chrome/browser/gpu_process_host...
chrome/browser/gpu_process_host.cc:260: host = static_cast<RenderWidgetHost*>(
On 2011/02/11 22:07:52, piman wrote:
> On 2011/02/11 21:59:12, apatrick_chromium wrote:
> > piman, is this cast safe if the browser does not trust the renderer to pass
in
> > the routing id of a RenderWidgetHost? What if it is an object of a different
> > class? I am concerned a renderer could use that to crash the browser
process.
> 
> I don't know, I assumed the previous code was correct. RenderViewHost::FromID
> does the same cast. This code is the same except it doesn't fail if it's not a
> RenderViewHost.

Perhaps the intent of the original code was to call IsRenderView to verify that
it is an object of the right type. That isn't safe though because its a virtual
function. I'll keep digging. Thanks...

Powered by Google App Engine
This is Rietveld 408576698