Issue 166001: Merge 22383 - Don't call NPP_SetWindow during the painting of windowless plug...

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 166001: Merge 22383 - Don't call NPP_SetWindow during the painting of windowless plug... (Closed)

Created:
11 years, 4 months ago by laforge

Modified:
9 years, 7 months ago

Reviewers:
dglazkov

CC:
chromium-reviews_googlegroups.com, darin (slow to review), jam

Base URL:
svn://chrome-svn/chrome/branches/195/src/

Visibility:
Public.

Description

Merge 22383 - Don't call NPP_SetWindow during the painting of windowless plugins. On Windows, Flash seems to only start executing script actions after it received an NPP_SetWindow with a nonNULL NPWindow.window (HDC). It is possible that Flash then invokes JS to modify DOM of the page. If Flash movie's widget is onscreen at page load, this call is made during layout and before even the NPP_Write is called, which is the desired sequence of events. However, if it is offscreen, this call occurs during painting, which leads to reentrancy issues (layout while painting) and bizarre crashes. As a solution, we remove calls to NPP_SetWindow during painting and instead opt to never provide a null HDC to the plugin. If no valid HDC is available, we feed it a disposable monochrome 1x1 context to have at least something to draw on. R=ananta,darin,jam BUG=16114 TEST=LayoutTests/plugins/flashsetwindowpaintcrash.html (bug reduction). Review URL: http://codereview.chromium.org/159717 TBR=dglazkov@chromium.org Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=23260

Patch Set 1 #

Created: 11 years, 4 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+63 lines, -35 lines)			Patch
MM	chrome/test/plugin/plugin_test.cpp	View	5 chunks	+28 lines, -16 lines	0 comments	Download
MM	webkit/glue/plugins/webplugin_delegate_impl.h	View	1 chunk	+2 lines, -0 lines	0 comments	Download
MM	webkit/glue/plugins/webplugin_delegate_impl.cc	View	4 chunks	+33 lines, -19 lines	0 comments	Download

Messages

Total messages: 1 (0 generated)

Expand Messages | Collapse Messages