[chromium-bugs] Issue 16114 in chromium: Crash - WebCore::RenderLayer::paintLayer(WebCore::RenderLayer ,WebCore::GraphicsContext ,WebCore::IntRect const &,WebCore::PaintRestriction,WebCore::RenderObject ,WTF::HashMap,WTF::HashTraits,WTF::HashTraits > ,unsigned int)

codesite-noreply Thu, 13 Aug 2009 02:13:49 -0700


Comment #16 on issue 16114 by [email protected]: Crash -  
WebCore::RenderLayer::paintLayer(WebCore::RenderLayer  
*,WebCore::GraphicsContext *,WebCore::IntRect const  
&,WebCore::PaintRestriction,WebCore::RenderObject  
*,WTF::HashMap<WebCore::OverlapTestRequestClient  
*,WebCore::IntRect,WTF::PtrHash<WebCore::OverlapTestRequestClient  
*>,WTF::HashTraits<WebCore::OverlapTestRequestClient  
*>,WTF::HashTraits<WebCore::IntRect> > *,unsigned int)
http://code.google.com/p/chromium/issues/detail?id=16114


The following revision refers to this bug:
     http://src.chromium.org/viewvc/chrome?view=rev&revision=23260

------------------------------------------------------------------------
r23260 | [email protected] | 2009-08-12 17:04:41 -0700 (Wed, 12 Aug  
2009) | 23 lines
Changed paths:
    M  
http://src.chromium.org/viewvc/chrome/branches/195/src/chrome/test/plugin/plugin_test.cpp?r1=23260&r2=23259
    M  
http://src.chromium.org/viewvc/chrome/branches/195/src/webkit/glue/plugins/webplugin_delegate_impl.cc?r1=23260&r2=23259
    M  
http://src.chromium.org/viewvc/chrome/branches/195/src/webkit/glue/plugins/webplugin_delegate_impl.h?r1=23260&r2=23259

Merge 22383 - Don't call NPP_SetWindow during the painting of windowless  
plugins.

On Windows, Flash seems to only start executing script actions after it  
received an NPP_SetWindow with a
nonNULL NPWindow.window (HDC). It is possible that Flash then invokes JS to  
modify DOM of the page.

If Flash movie's widget is onscreen at page load, this call is made during  
layout and before even the NPP_Write is called,
which is the desired sequence of events.

However, if it is offscreen, this call occurs during painting, which leads  
to reentrancy issues (layout while painting)
and bizarre crashes.

As a solution, we remove calls to NPP_SetWindow during painting and instead  
opt to never provide a null HDC to the plugin.
If no valid HDC is available, we feed it a disposable monochrome 1x1  
context to have at least something to draw on.

R=ananta,darin,jam
BUG=16114
TEST=LayoutTests/plugins/flashsetwindowpaintcrash.html (bug reduction).

Review URL: http://codereview.chromium.org/159717

[email protected]

Review URL: http://codereview.chromium.org/166001
------------------------------------------------------------------------


--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---

[chromium-bugs] Issue 16114 in chromium: Crash - WebCore::RenderLayer::paintLayer(WebCore::RenderLayer *,WebCore::GraphicsContext *,WebCore::IntRect const &,WebCore::PaintRestriction,WebCore::RenderObject *,WTF::HashMap,WTF::HashTraits,WTF::HashTraits > *,unsigned int)

Reply via email to

[chromium-bugs] Issue 16114 in chromium: Crash - WebCore::RenderLayer::paintLayer(WebCore::RenderLayer ,WebCore::GraphicsContext ,WebCore::IntRect const &,WebCore::PaintRestriction,WebCore::RenderObject ,WTF::HashMap,WTF::HashTraits,WTF::HashTraits > ,unsigned int)