Chromium Code Reviews Chromium Code Reviews
Issue 383143003:
Pepper: Make sure 'out' params are initialized for all code paths. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "ppapi/proxy/ppb_image_data_proxy.h" | 5 #include "ppapi/proxy/ppb_image_data_proxy.h" |
| 6 | 6 |
| 7 #include <string.h> // For memcpy | 7 #include <string.h> // For memcpy |
| 8 | 8 |
| 9 #include <map> | 9 #include <map> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 476 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 487 scoped_refptr<ImageData> cached_image_data = | 487 scoped_refptr<ImageData> cached_image_data = |
| 488 ImageDataCache::GetInstance()->Get(instance, type, | 488 ImageDataCache::GetInstance()->Get(instance, type, |
| 489 size.width, size.height, format); | 489 size.width, size.height, format); |
| 490 if (cached_image_data.get()) { | 490 if (cached_image_data.get()) { |
| 491 // We have one we can re-use rather than allocating a new one. | 491 // We have one we can re-use rather than allocating a new one. |
| 492 cached_image_data->RecycleToPlugin(PP_ToBool(init_to_zero)); | 492 cached_image_data->RecycleToPlugin(PP_ToBool(init_to_zero)); |
| 493 return cached_image_data->GetReference(); | 493 return cached_image_data->GetReference(); |
| 494 } | 494 } |
| 495 | 495 |
| 496 HostResource result; | 496 HostResource result; |
| 497 // Initialize desc so we don't send unitialized memory over IPC. | 497 PP_ImageDataDesc desc; |
| 498 // https://crbug.com/391023. | |
| 499 PP_ImageDataDesc desc = {}; | |
| 500 switch (type) { | 498 switch (type) { |
| 501 case PPB_ImageData_Shared::SIMPLE: { | 499 case PPB_ImageData_Shared::SIMPLE: { |
| 502 ppapi::proxy::SerializedHandle image_handle_wrapper; | 500 ppapi::proxy::SerializedHandle image_handle_wrapper; |
| 503 dispatcher->Send(new PpapiHostMsg_PPBImageData_CreateSimple( | 501 dispatcher->Send(new PpapiHostMsg_PPBImageData_CreateSimple( |
| 504 kApiID, instance, format, size, init_to_zero, | 502 kApiID, instance, format, size, init_to_zero, |
| 505 &result, &desc, &image_handle_wrapper)); | 503 &result, &desc, &image_handle_wrapper)); |
| 506 if (image_handle_wrapper.is_shmem()) { | 504 if (image_handle_wrapper.is_shmem()) { |
| 507 base::SharedMemoryHandle image_handle = image_handle_wrapper.shmem(); | 505 base::SharedMemoryHandle image_handle = image_handle_wrapper.shmem(); |
| 508 if (!result.is_null()) | 506 if (!result.is_null()) |
| 509 return | 507 return |
| (...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 615 } | 613 } |
| 616 | 614 |
| 617 void PPB_ImageData_Proxy::OnHostMsgCreatePlatform( | 615 void PPB_ImageData_Proxy::OnHostMsgCreatePlatform( |
| 618 PP_Instance instance, | 616 PP_Instance instance, |
| 619 int32_t format, | 617 int32_t format, |
| 620 const PP_Size& size, | 618 const PP_Size& size, |
| 621 PP_Bool init_to_zero, | 619 PP_Bool init_to_zero, |
| 622 HostResource* result, | 620 HostResource* result, |
| 623 PP_ImageDataDesc* desc, | 621 PP_ImageDataDesc* desc, |
| 624 ImageHandle* result_image_handle) { | 622 ImageHandle* result_image_handle) { |
| 623 // Clear |desc| so we don't send unitialized memory to the plugin. | |
| 624 // https://crbug.com/391023. | |
| 625 memset(desc, 0, sizeof(*desc)); | |
|
dmichael (off chromium)
2014/07/11 15:22:25
*desc = PP_ImageDataDesc();
?
bbudge
2014/07/11 15:23:40
David, the reason I've gone back to memset is to e
dmichael (off chromium)
2014/07/11 15:51:52
Okay, that makes sense. still lgtm
bbudge
2014/07/11 17:01:55
Sorry for churn, switching back to *desc = PP_Imag
| |
| 625 IPC::PlatformFileForTransit image_handle; | 626 IPC::PlatformFileForTransit image_handle; |
| 626 uint32_t byte_count; | 627 uint32_t byte_count; |
| 627 PP_Resource resource = | 628 PP_Resource resource = |
| 628 CreateImageData(instance, | 629 CreateImageData(instance, |
| 629 PPB_ImageData_Shared::PLATFORM, | 630 PPB_ImageData_Shared::PLATFORM, |
| 630 static_cast<PP_ImageDataFormat>(format), | 631 static_cast<PP_ImageDataFormat>(format), |
| 631 size, | 632 size, |
| 632 true /* init_to_zero */, | 633 true /* init_to_zero */, |
| 633 desc, &image_handle, &byte_count); | 634 desc, &image_handle, &byte_count); |
| 634 result->SetHostResource(instance, resource); | 635 result->SetHostResource(instance, resource); |
| 635 if (resource) { | 636 if (resource) { |
| 636 *result_image_handle = image_handle; | 637 *result_image_handle = image_handle; |
| 637 } else { | 638 } else { |
| 638 *result_image_handle = PlatformImageData::NullHandle(); | 639 *result_image_handle = PlatformImageData::NullHandle(); |
| 639 } | 640 } |
| 640 } | 641 } |
| 641 | 642 |
| 642 void PPB_ImageData_Proxy::OnHostMsgCreateSimple( | 643 void PPB_ImageData_Proxy::OnHostMsgCreateSimple( |
| 643 PP_Instance instance, | 644 PP_Instance instance, |
| 644 int32_t format, | 645 int32_t format, |
| 645 const PP_Size& size, | 646 const PP_Size& size, |
| 646 PP_Bool init_to_zero, | 647 PP_Bool init_to_zero, |
| 647 HostResource* result, | 648 HostResource* result, |
| 648 PP_ImageDataDesc* desc, | 649 PP_ImageDataDesc* desc, |
| 649 ppapi::proxy::SerializedHandle* result_image_handle) { | 650 ppapi::proxy::SerializedHandle* result_image_handle) { |
| 651 // Clear |desc| so we don't send unitialized memory to the plugin. | |
| 652 // https://crbug.com/391023. | |
| 653 memset(desc, 0, sizeof(*desc)); | |
| 650 IPC::PlatformFileForTransit image_handle; | 654 IPC::PlatformFileForTransit image_handle; |
| 651 uint32_t byte_count; | 655 uint32_t byte_count; |
| 652 PP_Resource resource = | 656 PP_Resource resource = |
| 653 CreateImageData(instance, | 657 CreateImageData(instance, |
| 654 PPB_ImageData_Shared::SIMPLE, | 658 PPB_ImageData_Shared::SIMPLE, |
| 655 static_cast<PP_ImageDataFormat>(format), | 659 static_cast<PP_ImageDataFormat>(format), |
| 656 size, | 660 size, |
| 657 true /* init_to_zero */, | 661 true /* init_to_zero */, |
| 658 desc, &image_handle, &byte_count); | 662 desc, &image_handle, &byte_count); |
| 659 | 663 |
| (...skipping 23 matching lines...) Expand all Loading... | |
| 683 // still cached in our process, the proxy still holds a reference so we can | 687 // still cached in our process, the proxy still holds a reference so we can |
| 684 // remove the one the renderer just sent is. If the proxy no longer holds a | 688 // remove the one the renderer just sent is. If the proxy no longer holds a |
| 685 // reference, we released everything and we should also release the one the | 689 // reference, we released everything and we should also release the one the |
| 686 // renderer just sent us. | 690 // renderer just sent us. |
| 687 dispatcher()->Send(new PpapiHostMsg_PPBCore_ReleaseResource( | 691 dispatcher()->Send(new PpapiHostMsg_PPBCore_ReleaseResource( |
| 688 API_ID_PPB_CORE, old_image_data)); | 692 API_ID_PPB_CORE, old_image_data)); |
| 689 } | 693 } |
| 690 | 694 |
| 691 } // namespace proxy | 695 } // namespace proxy |
| 692 } // namespace ppapi | 696 } // namespace ppapi |
| OLD | NEW |
