Comment #2 on issue 20063 by [email protected]: Crash in NPP_NewStream
reported in reliability test runs.
http://code.google.com/p/chromium/issues/detail?id=20063
The following revision refers to this bug:
http://src.chromium.org/viewvc/chrome?view=rev&revision=24593
------------------------------------------------------------------------
r24593 | [email protected] | 2009-08-26 22:16:03 -0700 (Wed, 26 Aug 2009)
| 20 lines
Changed paths:
A
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/test/data/npapi/plugin_url_request_404.html
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/test/interactive_ui/npapi_interactive_test.cc?r1=24593&r2=24592
M
http://src.chromium.org/viewvc/chrome/trunk/src/webkit/glue/plugins/test/plugin_client.cc?r1=24593&r2=24592
M
http://src.chromium.org/viewvc/chrome/trunk/src/webkit/glue/plugins/test/plugin_geturl_test.cc?r1=24593&r2=24592
M
http://src.chromium.org/viewvc/chrome/trunk/src/webkit/glue/plugins/test/plugin_geturl_test.h?r1=24593&r2=24592
M
http://src.chromium.org/viewvc/chrome/trunk/src/webkit/glue/plugins/test/plugin_test.cc?r1=24593&r2=24592
M
http://src.chromium.org/viewvc/chrome/trunk/src/webkit/glue/plugins/test/plugin_test.h?r1=24593&r2=24592
M
http://src.chromium.org/viewvc/chrome/trunk/src/webkit/glue/webplugin_impl.cc?r1=24593&r2=24592
M
http://src.chromium.org/viewvc/chrome/trunk/src/webkit/glue/webplugin_impl.h?r1=24593&r2=24592
Fixes a crash caused due to a call to NPP_DestroyStream occuring in the
context of NPP_NewStream.
The plugin would invoke NPN_Evaluate to display an alert in the context of
NewStream. This would cause the didFail IPC to be dispatched which would
cause the plugin to invoke another call to NPP_NewStream which would repeat
these steps and crash.
The didFail call from the renderer did not honor the deferred load flag
which we set in WebPluginImpl
prior to dispatching stream IPCs to the plugin.
Fix is to dispatch the didFail call when we receive an ack from the plugin
indicating that it is ready to accept stream data.
This fixes bug http://code.google.com/p/chromium/issues/detail?id=20063
The other change is in WebPluginImpl::TearDownPluginInstance, where we run
through the list of resource
clients and cancel them. We call didFail on these clients here, which
occurs anyway through the PluginDestroyed
code path.
Bug=20063
Test=Convered by interactive UI test.
Review URL: http://codereview.chromium.org/174383
------------------------------------------------------------------------
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
