Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(5289)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/plugin/npobject_stub.cc

Issue 258026: Fix scripting during NPP_Destroy. Note that if the plugin is making a call t... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 11 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/plugin/npobject_stub.h ('k') | chrome/plugin/plugin_channel.cc » ('j') | chrome/plugin/plugin_channel.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/plugin/npobject_stub.cc
===================================================================
--- chrome/plugin/npobject_stub.cc (revision 28004)
+++ chrome/plugin/npobject_stub.cc (working copy)
@@ -9,7 +9,6 @@
#include "chrome/plugin/npobject_util.h"
#include "chrome/plugin/plugin_channel_base.h"
#include "chrome/plugin/plugin_thread.h"
-#include "chrome/renderer/webplugin_delegate_proxy.h"
#include "third_party/npapi/bindings/npapi.h"
#include "third_party/npapi/bindings/npruntime.h"
#include "webkit/api/public/WebBindings.h"
@@ -26,8 +25,6 @@
: npobject_(npobject),
channel_(channel),
route_id_(route_id),
- valid_(true),
- web_plugin_delegate_proxy_(NULL),
containing_window_(containing_window),
page_url_(page_url) {
channel_->AddRoute(route_id, this, true);
@@ -37,11 +34,8 @@
}
NPObjectStub::~NPObjectStub() {
- if (web_plugin_delegate_proxy_)
- web_plugin_delegate_proxy_->DropWindowScriptObject();
-
channel_->RemoveRoute(route_id_);
- if (npobject_ && valid_)
+ if (npobject_)
WebBindings::releaseObject(npobject_);
}
@@ -49,10 +43,21 @@
return channel_->Send(msg);
}
+void NPObjectStub::OnPluginDestroyed() {
+ // We null out the underlying NPObject pointer since it's not valid anymore (
+ // ScriptController manually deleted the object). As a result,
+ // OnMessageReceived won't dispatch any more messages. Since this includes
+ // OnRelease, this object won't get deleted until OnChannelError which might
+ // not happen for a long time if this renderer process has a long lived
+ // plugin instance to the same process. So we delete this object manually.
+ npobject_ = NULL;
+ MessageLoop::current()->DeleteSoon(FROM_HERE, this);
+}
+
void NPObjectStub::OnMessageReceived(const IPC::Message& msg) {
child_process_logging::ScopedActiveURLSetter url_setter(page_url_);
- if (!valid_) {
+ if (!npobject_) {
if (msg.is_sync()) {
// The object could be garbage because the frame has gone away, so
// just send an error reply to the caller.
@@ -82,10 +87,6 @@
}
void NPObjectStub::OnChannelError() {
- // When the plugin process is shutting down, all the NPObjectStubs
- // destructors are called. However the plugin dll might have already
- // been released, in which case the NPN_ReleaseObject will cause a crash.
- npobject_ = NULL;
jam 2009/10/06 07:10:48 note: I tracked this code to http://chrome-corpsvn
delete this;
}
« no previous file with comments | « chrome/plugin/npobject_stub.h ('k') | chrome/plugin/plugin_channel.cc » ('j') | chrome/plugin/plugin_channel.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698