Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(302)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/bindings/core/v8/V8NPObject.cpp

Issue 476663002: Gracefully handle property enumeration over deleted plugins. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/plugins/plugin-destroyed-enumerate-expected.txt ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2008, 2009 Google Inc. All rights reserved. 2 * Copyright (C) 2006, 2007, 2008, 2009 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 355 matching lines...) Expand 10 before | Expand all | Expand 10 after
366 NPIdentifier identifier = _NPN_GetIntIdentifier(index); 366 NPIdentifier identifier = _NPN_GetIntIdentifier(index);
367 v8SetReturnValue(info, npObjectSetProperty(self, identifier, value, info.Get Isolate())); 367 v8SetReturnValue(info, npObjectSetProperty(self, identifier, value, info.Get Isolate()));
368 } 368 }
369 369
370 void npObjectPropertyEnumerator(const v8::PropertyCallbackInfo<v8::Array>& info, bool namedProperty) 370 void npObjectPropertyEnumerator(const v8::PropertyCallbackInfo<v8::Array>& info, bool namedProperty)
371 { 371 {
372 NPObject* npObject = v8ObjectToNPObject(info.Holder()); 372 NPObject* npObject = v8ObjectToNPObject(info.Holder());
373 373
374 // Verify that our wrapper wasn't using a NPObject which 374 // Verify that our wrapper wasn't using a NPObject which
375 // has already been deleted. 375 // has already been deleted.
376 if (!npObject || !_NPN_IsAlive(npObject)) 376 if (!npObject || !_NPN_IsAlive(npObject)) {
377 V8ThrowException::throwReferenceError("NPObject deleted", info.GetIsolat e()); 377 V8ThrowException::throwReferenceError("NPObject deleted", info.GetIsolat e());
378 return;
379 }
378 380
379 if (NP_CLASS_STRUCT_VERSION_HAS_ENUM(npObject->_class) && npObject->_class-> enumerate) { 381 if (NP_CLASS_STRUCT_VERSION_HAS_ENUM(npObject->_class) && npObject->_class-> enumerate) {
380 uint32_t count; 382 uint32_t count;
381 NPIdentifier* identifiers; 383 NPIdentifier* identifiers;
382 if (npObject->_class->enumerate(npObject, &identifiers, &count)) { 384 if (npObject->_class->enumerate(npObject, &identifiers, &count)) {
383 uint32_t propertiesCount = 0; 385 uint32_t propertiesCount = 0;
384 for (uint32_t i = 0; i < count; ++i) { 386 for (uint32_t i = 0; i < count; ++i) {
385 IdentifierRep* identifier = static_cast<IdentifierRep*>(identifi ers[i]); 387 IdentifierRep* identifier = static_cast<IdentifierRep*>(identifi ers[i]);
386 if (namedProperty == identifier->m_isString) 388 if (namedProperty == identifier->m_isString)
387 ++propertiesCount; 389 ++propertiesCount;
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after
486 v8::HandleScope scope(isolate); 488 v8::HandleScope scope(isolate);
487 v8::Handle<v8::Object> wrapper = staticNPObjectMap().newLocal(object, isolat e); 489 v8::Handle<v8::Object> wrapper = staticNPObjectMap().newLocal(object, isolat e);
488 if (!wrapper.IsEmpty()) { 490 if (!wrapper.IsEmpty()) {
489 V8DOMWrapper::clearNativeInfo(wrapper, npObjectTypeInfo()); 491 V8DOMWrapper::clearNativeInfo(wrapper, npObjectTypeInfo());
490 staticNPObjectMap().removeAndDispose(object); 492 staticNPObjectMap().removeAndDispose(object);
491 _NPN_ReleaseObject(object); 493 _NPN_ReleaseObject(object);
492 } 494 }
493 } 495 }
494 496
495 } // namespace blink 497 } // namespace blink
OLDNEW
« no previous file with comments | « LayoutTests/plugins/plugin-destroyed-enumerate-expected.txt ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698