Changeset 73414 in webkit
- Timestamp:
- Dec 6, 2010 4:57:32 PM (13 years ago)
- Location:
- trunk/WebKit2
- Files:
-
- 5 edited
-
ChangeLog (modified) (1 diff)
-
Shared/Plugins/NPObjectMessageReceiver.cpp (modified) (3 diffs)
-
Shared/Plugins/NPObjectMessageReceiver.h (modified) (1 diff)
-
Shared/Plugins/NPRemoteObjectMap.cpp (modified) (3 diffs)
-
Shared/Plugins/NPRemoteObjectMap.h (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/WebKit2/ChangeLog
r73412 r73414 1 2010-12-06 Anders Carlsson <andersca@apple.com> 2 3 Reviewed by Sam Weinig. 4 5 WebProcess crash in NPRemoteObjectMap::invalidate when closing tab 6 https://bugs.webkit.org/show_bug.cgi?id=50597 7 <rdar://problem/8655584> 8 9 When invalidating the NPRemoteObjectMap, we don't want NPObjectMessageReceiver to 10 release all objects NPObjects blindly because NPJSObjects have already been deallocated by the plug-in view. 11 12 This is not an ideal solution; an ideal solution would involve NPJSObjects notifying any NPObjectMessageReceiver objects 13 that the NPJSObject is being destroyed. The NPObjectMessageReceiver could then simply null out the NPObject pointer. 14 15 * Shared/Plugins/NPObjectMessageReceiver.cpp: 16 (WebKit::NPObjectMessageReceiver::NPObjectMessageReceiver): 17 (WebKit::NPObjectMessageReceiver::~NPObjectMessageReceiver): 18 * Shared/Plugins/NPObjectMessageReceiver.h: 19 * Shared/Plugins/NPRemoteObjectMap.cpp: 20 (WebKit::NPRemoteObjectMap::NPRemoteObjectMap): 21 (WebKit::NPRemoteObjectMap::invalidate): 22 * Shared/Plugins/NPRemoteObjectMap.h: 23 (WebKit::NPRemoteObjectMap::isInvalidating): 24 1 25 2010-12-06 Sam Weinig <sam@webkit.org> 2 26 -
trunk/WebKit2/Shared/Plugins/NPObjectMessageReceiver.cpp
r71559 r73414 33 33 #include "NPVariantData.h" 34 34 35 // FIXME: This code shouldn't know about NPJSObject. 36 #include "NPJSObject.h" 37 35 38 namespace WebKit { 36 39 … … 44 47 , m_npObjectID(npObjectID) 45 48 , m_npObject(npObject) 49 , m_shouldReleaseObjectWhenInvalidating(!NPJSObject::isNPJSObject(npObject)) 46 50 { 47 51 retainNPObject(m_npObject); … … 51 55 { 52 56 m_npRemoteObjectMap->unregisterNPObject(m_npObjectID); 57 58 // If we're invalidating the remote object map, we don't always want to release the underlying NPObject. 59 // One example of this is NPJSObjects in the Web process, which have already been deallocated by the plug-in view. 60 // FIXME: This is not the ideal way to handle this. Maybe NPObjectMessageReceiver should be notified somehow when the underlying 61 // NPObject is deallocated. 62 if (m_npRemoteObjectMap->isInvalidating() && !m_shouldReleaseObjectWhenInvalidating) 63 return; 53 64 54 65 releaseNPObject(m_npObject); -
trunk/WebKit2/Shared/Plugins/NPObjectMessageReceiver.h
r71559 r73414 69 69 uint64_t m_npObjectID; 70 70 NPObject* m_npObject; 71 bool m_shouldReleaseObjectWhenInvalidating; 71 72 }; 72 73 -
trunk/WebKit2/Shared/Plugins/NPRemoteObjectMap.cpp
r71546 r73414 50 50 NPRemoteObjectMap::NPRemoteObjectMap(CoreIPC::Connection* connection) 51 51 : m_connection(connection) 52 , m_isInvalidating(false) 52 53 { 53 54 } … … 188 189 void NPRemoteObjectMap::invalidate() 189 190 { 191 ASSERT(!m_isInvalidating); 192 193 m_isInvalidating = true; 194 190 195 Vector<NPObjectMessageReceiver*> messageReceivers; 191 196 copyValuesToVector(m_registeredNPObjects, messageReceivers); … … 199 204 NPObjectProxy::toNPObjectProxy(*it)->invalidate(); 200 205 m_npObjectProxies.clear(); 206 207 m_isInvalidating = false; 201 208 } 202 209 -
trunk/WebKit2/Shared/Plugins/NPRemoteObjectMap.h
r71140 r73414 61 61 62 62 CoreIPC::Connection* connection() const { return m_connection; } 63 bool isInvalidating() const { return m_isInvalidating; } 63 64 64 65 void invalidate(); … … 69 70 explicit NPRemoteObjectMap(CoreIPC::Connection*); 70 71 CoreIPC::Connection* m_connection; 72 73 bool m_isInvalidating; 71 74 72 75 // A map of NPObjectMessageReceiver classes, wrapping objects that we export to the
Note: See TracChangeset
for help on using the changeset viewer.
