Title: [152551] branches/safari-537-branch/Source/WebKit2
- Revision
- 152551
- Author
- [email protected]
- Date
- 2013-07-10 14:40:52 -0700 (Wed, 10 Jul 2013)
Log Message
Merged r152539. <rdar://problem/14286390>
Modified Paths
Diff
Modified: branches/safari-537-branch/Source/WebKit2/ChangeLog (152550 => 152551)
--- branches/safari-537-branch/Source/WebKit2/ChangeLog 2013-07-10 21:37:37 UTC (rev 152550)
+++ branches/safari-537-branch/Source/WebKit2/ChangeLog 2013-07-10 21:40:52 UTC (rev 152551)
@@ -1,3 +1,18 @@
+2013-07-10 Lucas Forschler <[email protected]>
+
+ Merge r152539
+
+ 2013-07-10 Brady Eidson <[email protected]>
+
+ Some Java plugin instances can deadlock with the WebProcess on NPP_Destroy.
+ <rdar://problem/14286390> and https://bugs.webkit.org/show_bug.cgi?id=118535
+
+ Reviewed by Alexey Proskuryakov.
+
+ * Shared/Plugins/NPObjectProxy.cpp:
+ (WebKit::NPObjectProxy::~NPObjectProxy): ASSERT this is the main thread.
+ (WebKit::NPObjectProxy::NP_Deallocate): If this isn't the main thread, call it again on the main thread.
+
2013-07-09 Lucas Forschler <[email protected]>
Merge r152425
Modified: branches/safari-537-branch/Source/WebKit2/Shared/Plugins/NPObjectProxy.cpp (152550 => 152551)
--- branches/safari-537-branch/Source/WebKit2/Shared/Plugins/NPObjectProxy.cpp 2013-07-10 21:37:37 UTC (rev 152550)
+++ branches/safari-537-branch/Source/WebKit2/Shared/Plugins/NPObjectProxy.cpp 2013-07-10 21:40:52 UTC (rev 152551)
@@ -35,7 +35,11 @@
#include "NPRemoteObjectMap.h"
#include "NPRuntimeUtilities.h"
#include "NPVariantData.h"
+#include <WebCore/RunLoop.h>
+#include <wtf/MainThread.h>
+using namespace WebCore;
+
namespace WebKit {
NPObjectProxy* NPObjectProxy::create(NPRemoteObjectMap* npRemoteObjectMap, Plugin* plugin, uint64_t npObjectID)
@@ -55,6 +59,8 @@
NPObjectProxy::~NPObjectProxy()
{
+ ASSERT(isMainThread());
+
if (!m_npRemoteObjectMap)
return;
@@ -293,6 +299,16 @@
void NPObjectProxy::NP_Deallocate(NPObject* npObject)
{
+ // http://webkit.org/b/118535 - The Java Netscape Plug-in has a background thread do some of their NPP_Destroy work.
+ // That background thread can call NP_Deallocate, and this leads to a WebProcess <-> PluginProcess deadlock.
+ // Since NPAPI behavior on a background thread is undefined, it is okay to limit this workaround to the one API
+ // that is known to be misused during plugin teardown, and to not be concerned about change in behavior if this
+ // occured at any other time.
+ if (!isMainThread()) {
+ RunLoop::main()->dispatch(bind(&NPObjectProxy::NP_Deallocate, npObject));
+ return;
+ }
+
NPObjectProxy* npObjectProxy = toNPObjectProxy(npObject);
delete npObjectProxy;
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
