Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(38)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 314603002: Ensure that in-process plugins can't destroy themselves by closing a URLLoader (Closed)

Created:
6 years, 6 months ago by raymes
Modified:
6 years, 6 months ago
CC:
chromium-reviews, darin-cc_chromium.org, jam, chrome-apps-syd-reviews_chromium.org, Vitaly Buka (NO REVIEWS)
Visibility:
Public.

Description

Ensure that in-process plugins can't destroy themselves by closing a URLLoader Previously in-process plugins could close the main URLLoader, which could result destruction of themselves. This only happens in-process because calling URLLoader.Close() results in synchronously calling in to blink, whereas the call is asynchronous due to IPC when OOP. This is fixed here by adding a hack to the in-process router. We should probably post every message to the message loop, but there is a chance this might break something and we will be removing in-process plugins altogether soon. There are also two other related bugs this fixes: 1) The PepperPluginInstanceImpl::DidDataFromWebURLResponse could be called after PepperPluginInstanceImpl::Delete() has been run, in which case the plugin instance may also be destroyed, so we should not run HandleDocumentLoad in that case. 2) The instance may be destroyed before the PepperURLLoaderHost so we need to check if it is null. BUG=372548 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=274770

Patch Set 1 #

Total comments: 2

Patch Set 2 : #

Unified diffs Side-by-side diffs Delta from patch set Stats (+42 lines, -8 lines) Patch
M content/renderer/pepper/pepper_in_process_router.cc View 1 1 chunk +34 lines, -6 lines 0 comments Download
M content/renderer/pepper/pepper_plugin_instance_impl.cc View 1 1 chunk +3 lines, -0 lines 0 comments Download
M content/renderer/pepper/pepper_url_loader_host.cc View 1 chunk +5 lines, -2 lines 0 comments Download

Messages

Total messages: 6 (0 generated)
raymes
6 years, 6 months ago (2014-06-03 05:59:56 UTC) #1
dmichael (off chromium)
lgtm I wish there was a more general fix... but pepper_in_process_router is so thorny, I ...
6 years, 6 months ago (2014-06-03 19:40:34 UTC) #2
raymes
https://codereview.chromium.org/314603002/diff/1/content/renderer/pepper/pepper_in_process_router.cc File content/renderer/pepper/pepper_in_process_router.cc (right): https://codereview.chromium.org/314603002/diff/1/content/renderer/pepper/pepper_in_process_router.cc#newcode106 content/renderer/pepper/pepper_in_process_router.cc:106: // Unpack the message so we can peak at ...
6 years, 6 months ago (2014-06-04 00:07:01 UTC) #3
raymes
The CQ bit was checked by raymes@chromium.org
6 years, 6 months ago (2014-06-04 00:07:06 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/raymes@chromium.org/314603002/20001
6 years, 6 months ago (2014-06-04 00:08:25 UTC) #5
commit-bot: I haz the power
6 years, 6 months ago (2014-06-04 11:19:53 UTC) #6
Message was sent while issue was closed. 
Change committed as 274770

Powered by Google App Engine
This is Rietveld 408576698