Changeset 74209 in webkit

Timestamp:

Dec 16, 2010 1:11:44 PM (13 years ago)

Author:

andersca@apple.com

Message:

2010-12-16 Anders Carlsson <​andersca@apple.com>

Reviewed by Dan Bernstein.

Defer getting a PluginProcessConnection object until the plug-in is initialized
​https://bugs.webkit.org/show_bug.cgi?id=51207
<rdar://problem/8731306>

Before this change, we would pass the PluginProcessConnection to the PluginProxy constructor, but not
call PluginProcessConnection::addPluginProxy (which associates the plug-in proxy with the connection)
until the plug-in is initialized.

This could lead to a PluginProxy holding a reference to a PluginProcessConnection when the PluginProxyConnection
itself did not know anything about the PluginProxy. This would happen when a page with plug-ins is opened in a background
tab, with the plug-ins not yet initialized.

Because of this, we could end up in a weird state, where the PluginProcessConnection would think that there are no
more plug-ins alive, and invalidate (and null out) the underlying CoreIPC connection, which would lead to crashes
when trying to send messages to the connection during later initialization.

The fix is to pass the plug-in path to the PluginProxy constructor, and get the connection from PluginProxy::initialize.

PluginProcessConnection object

• WebProcess/Plugins/PluginProxy.cpp: (WebKit::PluginProxy::create): (WebKit::PluginProxy::PluginProxy): (WebKit::PluginProxy::initialize):
• WebProcess/Plugins/PluginProxy.h:
• WebProcess/WebPage/WebPage.cpp: (WebKit::WebPage::createPlugin):

Location:

trunk/WebKit2

Files:

• ChangeLog (modified) (1 diff)
• WebProcess/Plugins/PluginProxy.cpp (modified) (3 diffs)
• WebProcess/Plugins/PluginProxy.h (modified) (3 diffs)
• WebProcess/WebPage/WebPage.cpp (modified) (2 diffs)

trunk/WebKit2/ChangeLog

@@ +1 @@
+2010-12-16  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Dan Bernstein.
+
+        Defer getting a PluginProcessConnection object until the plug-in is initialized
+        https://bugs.webkit.org/show_bug.cgi?id=51207
+        <rdar://problem/8731306>
+
+        Before this change, we would pass the PluginProcessConnection to the PluginProxy constructor, but not
+        call PluginProcessConnection::addPluginProxy (which associates the plug-in proxy with the connection)
+        until the plug-in is initialized.
+
+        This could lead to a PluginProxy holding a reference to a PluginProcessConnection when the PluginProxyConnection
+        itself did not know anything about the PluginProxy. This would happen when a page with plug-ins is opened in a background
+        tab, with the plug-ins not yet initialized.
+
+        Because of this, we could end up in a weird state, where the PluginProcessConnection would think that there are no
+        more plug-ins alive, and invalidate (and null out) the underlying CoreIPC connection, which would lead to crashes
+        when trying to send messages to the connection during later initialization.
+
+        The fix is to pass the plug-in path to the PluginProxy constructor, and get the connection from PluginProxy::initialize.
+        
+        PluginProcessConnection object 
+        * WebProcess/Plugins/PluginProxy.cpp:
+        (WebKit::PluginProxy::create):
+        (WebKit::PluginProxy::PluginProxy):
+        (WebKit::PluginProxy::initialize):
+        * WebProcess/Plugins/PluginProxy.h:
+        * WebProcess/WebPage/WebPage.cpp:
+        (WebKit::WebPage::createPlugin):
+
 2010-12-16  Enrica Casucci  <enrica@apple.com>
 

trunk/WebKit2/WebProcess/Plugins/PluginProxy.cpp

@@ -36 +36 @@
 #include "PluginControllerProxyMessages.h"
 #include "PluginProcessConnection.h"
+#include "PluginProcessConnectionManager.h"
 #include "WebCoreArgumentCoders.h"
 #include "WebEvent.h"
@@ -51 +52 @@
 }
 
-PassRefPtr<PluginProxy> PluginProxy::create(PassRefPtr<PluginProcessConnection> connection)
-{
-    return adoptRef(new PluginProxy(connection));
-}
-
-PluginProxy::PluginProxy(PassRefPtr<PluginProcessConnection> connection)
-    : m_connection(connection)
+PassRefPtr<PluginProxy> PluginProxy::create(const String& pluginPath)
+{
+    return adoptRef(new PluginProxy(pluginPath));
+}
+
+PluginProxy::PluginProxy(const String& pluginPath)
+    : m_pluginPath(pluginPath)
     , m_pluginInstanceID(generatePluginInstanceID())
     , m_pluginController(0)
@@ -84 +85 @@
     m_pluginController = pluginController;
 
+    ASSERT(!m_connection);
+    m_connection = PluginProcessConnectionManager::shared().getPluginProcessConnection(m_pluginPath);
+    
+    if (!m_connection)
+        return false;
+    
     // Add the plug-in proxy before creating the plug-in; it needs to be in the map because CreatePlugin
     // can call back out to the plug-in proxy.

trunk/WebKit2/WebProcess/Plugins/PluginProxy.h

@@ -53 +53 @@
 class PluginProxy : public Plugin {
 public:
-    static PassRefPtr<PluginProxy> create(PassRefPtr<PluginProcessConnection>);
+    static PassRefPtr<PluginProxy> create(const String& pluginPath);
     ~PluginProxy();
 
@@ -63 +63 @@
 
 private:
-    explicit PluginProxy(PassRefPtr<PluginProcessConnection>);
+    explicit PluginProxy(const String& pluginPath);
 
     // Plugin
@@ -122 +122 @@
 #endif
 
+    String m_pluginPath;
+
     RefPtr<PluginProcessConnection> m_connection;
     uint64_t m_pluginInstanceID;

trunk/WebKit2/WebProcess/WebPage/WebPage.cpp

@@ -33 +33 @@
 #include "NetscapePlugin.h"
 #include "PageOverlay.h"
-#include "PluginProcessConnection.h"
-#include "PluginProcessConnectionManager.h"
 #include "PluginProxy.h"
 #include "PluginView.h"
@@ -236 +234 @@
 
 #if ENABLE(PLUGIN_PROCESS)
-    PluginProcessConnection* pluginProcessConnection = PluginProcessConnectionManager::shared().getPluginProcessConnection(pluginPath);
-
-    if (!pluginProcessConnection)
-        return 0;
-
-    return PluginProxy::create(pluginProcessConnection);
+    return PluginProxy::create(pluginPath);
 #else
     return NetscapePlugin::create(NetscapePluginModule::getOrCreate(pluginPath));