[chromium-bugs] Issue 23694 in chromium: Plugin window destroyed prior to NPP_SetWindow being called

codesite-noreply Fri, 02 Oct 2009 15:48:20 -0700

Status: Unconfirmed
Owner: ----
Labels: Type-Bug Pri-2 OS-All Area-Misc

New issue 23694 by [email protected]: Plugin window destroyed prior to  
NPP_SetWindow being called
http://code.google.com/p/chromium/issues/detail?id=23694


Chrome Version       : 4.0.221.1 (Developer Build 27852)
URLs (if applicable) : N/A
Other browsers tested: Windows Chrome specific
   Add OK or FAIL after other browsers where you have tested this issue:
      Safari 4: N/A
   Firefox 3.x: N/A
          IE 7: N/A
          IE 8: N/A

What steps will reproduce the problem?
1. Navigate to a page containing a windowed NPAPI plugin
2. Hit the back button


What is the expected result?
The plugin's NPP_SetWindow function should be called with a null window
handle before the plugin window is destroyed.

What happens instead?
The plugin's window is destroyed before NPP_SetWindow is called with a null
window handle. At this point the plugin has a stale handle for the plugin
window.

Please provide any additional information below. Attach a screenshot if
possible.

I verified this by setting a breakpoint in the plugin window's WM_DESTROY
handler. These are the call stacks at this point.

Browser process call stack:
        user32.dll!_ntuserdestroywin...@4()  + 0x15 bytes       

chrome.dll!ATL::CWindowImplBaseT<ATL::CWindow,ATL::CWinTraits<1174405120,0>
> ::DestroyWindow()  Line 3013 + 0xf bytes      C++
        chrome.dll!RenderWidgetHostViewWin::Destroy()  Line 626 C++
        chrome.dll!RenderWidgetHost::Destroy()  Line 539 + 0x17 bytes   C++
>       chrome.dll!RenderWidgetHost::Shutdown()  Line 121       C++
        chrome.dll!RenderViewHost::Shutdown()  Line 859 C++
        chrome.dll!RenderViewHostManager::CommitPending()  Line 484 + 0xf bytes 
 
C++
        chrome.dll!RenderViewHostManager::DidNavigateMainFrame(RenderViewHost *
render_view_host=0x02b47120)  Line 177  C++
        chrome.dll!TabContents::DidNavigate(RenderViewHost * rvh=0x02b47120,
const ViewHostMsg_FrameNavigate_Params & params={...})  Line 1986       C++
        chrome.dll!RenderViewHost::OnMsgNavigate(const IPC::Message & msg={...})
  Line 954 + 0x26 bytes C++
        chrome.dll!RenderViewHost::OnMessageReceived(const IPC::Message &
msg={...})  Line 737 + 0xc bytes        C++
        chrome.dll!BrowserRenderProcessHost::OnMessageReceived(const 
IPC::Message
& msg={...})  Line 809 + 0x13 bytes     C++
        chrome.dll!IPC::ChannelProxy::Context::OnDispatchMessage(const
IPC::Message & message={...})  Line 204 + 0x1b bytes    C++
        chrome.dll!DispatchToMethod<IPC::ChannelProxy::Context,void (__thiscall
IPC::ChannelProxy::Context::*)(IPC::Message const
&),IPC::Message>(IPC::ChannelProxy::Context * obj=0x02b129c0, void (const
IPC::Message &)* method=0x5873a570, const Tuple1<IPC::Message> & arg={...})
  Line 422 + 0xf bytes  C++
        chrome.dll!RunnableMethod<IPC::ChannelProxy::Context,void (__thiscall
IPC::ChannelProxy::Context::*)(IPC::Message const &),Tuple1<IPC::Message>
> ::Run()  Line 277 + 0x1e bytes        C++
        chrome.dll!MessageLoop::RunTask(Task * task=0x02e7e200)  Line 314 + 0xf
bytes   C++
        chrome.dll!MessageLoop::DeferOrRunPendingTask(const
MessageLoop::PendingTask & pending_task={...})  Line 325        C++
        chrome.dll!MessageLoop::DoWork()  Line 429 + 0xc bytes  C++
        chrome.dll!base::MessagePumpForUI::DoRunLoop()  Line 209 + 0x1d bytes   
C++

chrome.dll!base::MessagePumpWin::RunWithDispatcher(base::MessagePump::Delegate
* delegate=0x004cee3c, base::MessagePumpWin::Dispatcher *
dispatcher=0x004cde1c)  Line 52 + 0xf bytes     C++
        chrome.dll!MessageLoop::RunInternal()  Line 195 C++
        chrome.dll!MessageLoop::RunHandler()  Line 182  C++
        chrome.dll!MessageLoopForUI::Run(base::MessagePumpWin::Dispatcher *
dispatcher=0x004cde1c)  Line 600        C++
        chrome.dll!`anonymous namespace'::RunUIMessageLoop(BrowserProcess *
browser_process=0x02b47030)  Line 155   C++
        chrome.dll!BrowserMain(const MainFunctionParams & parameters={...})  
Line
833 + 0x11 bytes        C++
        chrome.dll!ChromeMain(HINSTANCE__ * instance=0x00090000,
sandbox::SandboxInterfaceInfo * sandbox_info=0x004cf7f4, wchar_t *
command_line=0x005d2d38)  Line 603 + 0xc bytes  C++
        chrome.exe!wWinMain(HINSTANCE__ * instance=0x00090000, HINSTANCE__ *
prev_instance=0x00000000, wchar_t * command_line=0x005d2d38, int
__formal=1)  Line 104 + 0x14 bytes      C++
        chrome.exe!__tmainCRTStartup()  Line 263 + 0x2c bytes   C
        chrome.exe!wWinMainCRTStartup()  Line 182       C
        kernel32.dll!7621e4a5()         
        [Frames below may be incorrect and/or missing, no symbols loaded for
kernel32.dll]   
        ntdll.dll!7793cfed()    
        ntdll.dll!7793d1ff()    


Renderer process call stack:
        npo3dautoplugin.dll!`anonymous namespace'::PluginWindowInterposer(HWND__
* hWnd=0x00340a2e, unsigned int Msg=2, unsigned int wParam=0, long
lParam=0)  Line 607     C++
        user32.dll!_internalcallwinp...@20()  + 0x23 bytes      
        user32.dll!_usercallwinproccheck...@32()  + 0xb7 bytes  
        user32.dll!_callwindowproca...@24()  + 0x5e bytes       
        user32.dll!_callwindowpr...@20()  + 0x1b bytes  
>       chrome.dll!WebPluginDelegateImpl::NativeWndProc(HWND__ * 
> hwnd=0x00340a2e,
unsigned int message=2, unsigned int wparam=0, long lparam=0)  Line 863 +
0x1f bytes      C++
        user32.dll!_internalcallwinp...@20()  + 0x23 bytes      
        user32.dll!_usercallwinproccheck...@32()  + 0xb7 bytes  
        user32.dll!_dispatchclientmess...@24()  + 0x51 bytes    
        user32.dll!___fndw...@4()  + 0x2b bytes 
        ntdll.dll!778e2ed6()    
        [Frames below may be incorrect and/or missing, no symbols loaded for
ntdll.dll]      
        user32.dll!__peekmess...@24()  + 0x2d bytes     
        user32.dll!_peekmessa...@20()  + 0x1b2 bytes    
        chrome.dll!base::MessagePumpForUI::ProcessNextWindowsMessage()  Line 335
+ 0x14 bytes    C++
        chrome.dll!base::MessagePumpForUI::DoRunLoop()  Line 205 + 0x8 bytes    
C++

chrome.dll!base::MessagePumpWin::RunWithDispatcher(base::MessagePump::Delegate
* delegate=0x006aefc4, base::MessagePumpWin::Dispatcher *
dispatcher=0x00000000)  Line 52 + 0xf bytes     C++
        chrome.dll!base::MessagePumpWin::Run(base::MessagePump::Delegate *
delegate=0x006aefc4)  Line 78 + 0x1c bytes      C++
        chrome.dll!MessageLoop::RunInternal()  Line 199 + 0x2a bytes    C++
        chrome.dll!MessageLoop::RunHandler()  Line 175  C++
        chrome.dll!MessageLoop::Run()  Line 156 C++
        chrome.dll!PluginMain(const MainFunctionParams & parameters={...})
Line 159        C++
        chrome.dll!ChromeMain(HINSTANCE__ * instance=0x00090000,
sandbox::SandboxInterfaceInfo * sandbox_info=0x006af968, wchar_t *
command_line=0x00952da8)  Line 554 + 0xc bytes  C++
        chrome.exe!wWinMain(HINSTANCE__ * instance=0x00090000, HINSTANCE__ *
prev_instance=0x00000000, wchar_t * command_line=0x00952da8, int
__formal=5)  Line 104 + 0x14 bytes      C++
        chrome.exe!__tmainCRTStartup()  Line 263 + 0x2c bytes   C
        chrome.exe!wWinMainCRTStartup()  Line 182       C
        kernel32.dll!7621e4a5()         
        ntdll.dll!7793cfed()    
        ntdll.dll!7793d1ff()    


--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---

[chromium-bugs] Issue 23694 in chromium: Plugin window destroyed prior to NPP_SetWindow being called

Reply via email to