Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2322503003:
Fix crash when a frame is detached while a PepperPluginInstance is being (Closed)
DescriptionFix crash when a frame is detached while a PepperPluginInstance is being
constructed.
BUG=638400
Committed: https://crrev.com/ba4daaff922e8c3f84cb4f7553a5c30292c7e748
Cr-Commit-Position: refs/heads/master@{#417009}
Patch Set 1 #
Total comments: 1
Messages
Total messages: 15 (7 generated)
The CQ bit was checked by lfg@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
lfg@chromium.org changed reviewers: + bbudge@chromium.org
Please take a look. There's more information about the crash in the bug.
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
https://codereview.chromium.org/2322503003/diff/1/content/renderer/pepper/pep... File content/renderer/pepper/pepper_plugin_instance_impl.cc (right): https://codereview.chromium.org/2322503003/diff/1/content/renderer/pepper/pep... content/renderer/pepper/pepper_plugin_instance_impl.cc:544: render_frame_->PepperInstanceCreated(this); I don't see how render_frame_ would be different from render_frame at this point (before calling RenderFrameImpl::PepperInstanceCreated.) So how is this different from before?
On 2016/09/07 18:25:07, bbudge wrote: > https://codereview.chromium.org/2322503003/diff/1/content/renderer/pepper/pep... > File content/renderer/pepper/pepper_plugin_instance_impl.cc (right): > > https://codereview.chromium.org/2322503003/diff/1/content/renderer/pepper/pep... > content/renderer/pepper/pepper_plugin_instance_impl.cc:544: > render_frame_->PepperInstanceCreated(this); > I don't see how render_frame_ would be different from render_frame at this point > (before calling RenderFrameImpl::PepperInstanceCreated.) So how is this > different from before? PepperPluginInstanceImpl is a RenderFrameObserver, and when the RenderFrameImpl is destroyed it calls RFO::OnDestruct, which nulls out render_frame_.
On 2016/09/07 18:32:35, lfg wrote: > On 2016/09/07 18:25:07, bbudge wrote: > > > https://codereview.chromium.org/2322503003/diff/1/content/renderer/pepper/pep... > > File content/renderer/pepper/pepper_plugin_instance_impl.cc (right): > > > > > https://codereview.chromium.org/2322503003/diff/1/content/renderer/pepper/pep... > > content/renderer/pepper/pepper_plugin_instance_impl.cc:544: > > render_frame_->PepperInstanceCreated(this); > > I don't see how render_frame_ would be different from render_frame at this > point > > (before calling RenderFrameImpl::PepperInstanceCreated.) So how is this > > different from before? > > PepperPluginInstanceImpl is a RenderFrameObserver, and when the RenderFrameImpl > is destroyed it calls RFO::OnDestruct, which nulls out render_frame_. While we're in the constructor? Okay, thanks for explaining. LGTM
On 2016/09/07 18:36:27, bbudge wrote: > > > > PepperPluginInstanceImpl is a RenderFrameObserver, and when the > RenderFrameImpl > > is destroyed it calls RFO::OnDestruct, which nulls out render_frame_. > > While we're in the constructor? Okay, thanks for explaining. LGTM Indeed. There's more information in the bug, but essentially, the sync IPC in AddInstance() can cause a synchronous ExecuteScript(), which in turn can destroy the RenderFrame.
The CQ bit was checked by lfg@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Message was sent while issue was closed.
Committed patchset #1 (id:1)
Message was sent while issue was closed.
Description was changed from ========== Fix crash when a frame is detached while a PepperPluginInstance is being constructed. BUG=638400 ========== to ========== Fix crash when a frame is detached while a PepperPluginInstance is being constructed. BUG=638400 Committed: https://crrev.com/ba4daaff922e8c3f84cb4f7553a5c30292c7e748 Cr-Commit-Position: refs/heads/master@{#417009} ==========
Message was sent while issue was closed.
Patchset 1 (id:??) landed as https://crrev.com/ba4daaff922e8c3f84cb4f7553a5c30292c7e748 Cr-Commit-Position: refs/heads/master@{#417009} |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
