Remove webkit::ppapi::Resource.

ppapi/shared_impl/resource_tracker.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "ppapi/shared_impl/resource_tracker.h"
 
 #include "ppapi/shared_impl/id_assignment.h"
 #include "ppapi/shared_impl/resource.h"
 
 namespace ppapi {
@@ skipping 38 matching lines @@
   ResourceMap::iterator i = live_resources_.find(res);
   if (i == live_resources_.end())
     return;
 
   // Prevent underflow of refcount.
   if (i->second.second == 0)
     return;
 
   i->second.second--;
   if (i->second.second == 0) {
-    i->second.first->LastPluginRefWasDeleted();
+    LastPluginRefWasDeleted(i->second.first);
 
     // When we go from 1 to 0 plugin ref count, free the additional "real" ref
     // on its behalf. THIS WILL MOST LIKELY RELEASE THE OBJECT AND REMOVE IT
     // FROM OUR LIST.
     i->second.first->Release();
   }
 }
 
 void ResourceTracker::DidCreateInstance(PP_Instance instance) {
   // Due to the infrastructure of some tests, the instance is registered
@@ skipping 23 matching lines @@
   while (cur != to_delete.end()) {
     // Note that it's remotely possible for the object to already be deleted
     // from the live resources. One case is if a resource object is holding
     // the last ref to another. When we release the first one, it will release
     // the second one. So the second one will be gone when we eventually get
     // to it.
     ResourceMap::iterator found_resource = live_resources_.find(*cur);
     if (found_resource != live_resources_.end()) {
       Resource* resource = found_resource->second.first;
       if (found_resource->second.second > 0) {
-        resource->LastPluginRefWasDeleted();
+        LastPluginRefWasDeleted(resource);
         found_resource->second.second = 0;
 
         // This will most likely delete the resource object and remove it
         // from the live_resources_ list.
         resource->Release();
       }
     }
 
     cur++;
   }
@@ skipping 21 matching lines @@
   return static_cast<int>(found->second->resources.size());
 }
 
 PP_Resource ResourceTracker::AddResource(Resource* object) {
   // If the plugin manages to create too many resources, don't do crazy stuff.
   if (last_resource_value_ == kMaxPPId)
     return 0;
 
   // If you hit this somebody forgot to call DidCreateInstance or the resource
   // was created with an invalid PP_Instance.
-  DCHECK(instance_map_.find(object->pp_instance()) != instance_map_.end());
+  //
+  // This is specifically a check even in release mode. When creating resources
+  // it can be easy to forget to validate the instance parameter. If somebody
+  // does forget, we don't want to introduce a vulnerability with invalid
+  // pointers floating around, so we die ASAP.
+  InstanceMap::iterator found = instance_map_.find(object->pp_instance());
+  CHECK(found != instance_map_.end());
 
   PP_Resource new_id = MakeTypedId(++last_resource_value_, PP_ID_TYPE_RESOURCE);
-  instance_map_[object->pp_instance()]->resources.insert(new_id);
+  found->second->resources.insert(new_id);
 
   live_resources_[new_id] = ResourceAndRefCount(object, 0);
   return new_id;
 }
 
 void ResourceTracker::RemoveResource(Resource* object) {
   PP_Resource pp_resource = object->pp_resource();
   if (object->pp_instance())
     instance_map_[object->pp_instance()]->resources.erase(pp_resource);
   live_resources_.erase(pp_resource);
 }
 
+void ResourceTracker::LastPluginRefWasDeleted(Resource* object) {
+  object->LastPluginRefWasDeleted();
+}
+
 }  // namespace ppapi