Comment #15 on issue 20651 by [email protected]: Use-after-free in
NPAPI::PluginInstance::NPP_DestroyStream() (free was in
NPAPI::PluginInstance::RemoveStream())
http://code.google.com/p/chromium/issues/detail?id=20651
The following revision refers to this bug:
http://src.chromium.org/viewvc/chrome?view=rev&revision=30769
------------------------------------------------------------------------
r30769 | [email protected] | 2009-11-02 15:30:59 -0800 (Mon, 02 Nov 2009)
| 6 lines
Changed paths:
M
http://src.chromium.org/viewvc/chrome/trunk/src/webkit/glue/plugins/plugin_instance.cc?r1=30769&r2=30768
Do not touch a NPStream object when it is already destructed.
BUG=20651
TEST=Run "sh tools/valgrind/valgrind_webkit_tests.sh --debug
LayoutTests/plugins/destroy-stream-twice.html" and verify that the "Invalid
read of size 4" error at NPP_DestroyStream() is not reported in the log
(vlayout-NNNNN.log).
Review URL: http://codereview.chromium.org/354005
------------------------------------------------------------------------
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
