[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-10851-g50815da

Wed Dec 22 18:44:07 UTC 2010

The following commit has been merged in the debian/experimental branch:
commit 45b8ac00dc1fd3979a1bbf581ed612f489533dc4
Author: andersca at apple.com <andersca at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Dec 16 21:11:44 2010 +0000

    2010-12-16  Anders Carlsson  <andersca at apple.com>
    
            Reviewed by Dan Bernstein.
    
            Defer getting a PluginProcessConnection object until the plug-in is initialized
            https://bugs.webkit.org/show_bug.cgi?id=51207
            <rdar://problem/8731306>
    
            Before this change, we would pass the PluginProcessConnection to the PluginProxy constructor, but not
            call PluginProcessConnection::addPluginProxy (which associates the plug-in proxy with the connection)
            until the plug-in is initialized.
    
            This could lead to a PluginProxy holding a reference to a PluginProcessConnection when the PluginProxyConnection
            itself did not know anything about the PluginProxy. This would happen when a page with plug-ins is opened in a background
            tab, with the plug-ins not yet initialized.
    
            Because of this, we could end up in a weird state, where the PluginProcessConnection would think that there are no
            more plug-ins alive, and invalidate (and null out) the underlying CoreIPC connection, which would lead to crashes
            when trying to send messages to the connection during later initialization.
    
            The fix is to pass the plug-in path to the PluginProxy constructor, and get the connection from PluginProxy::initialize.
    
            PluginProcessConnection object
            * WebProcess/Plugins/PluginProxy.cpp:
            (WebKit::PluginProxy::create):
            (WebKit::PluginProxy::PluginProxy):
            (WebKit::PluginProxy::initialize):
            * WebProcess/Plugins/PluginProxy.h:
            * WebProcess/WebPage/WebPage.cpp:
            (WebKit::WebPage::createPlugin):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@74209 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebKit2/ChangeLog b/WebKit2/ChangeLog
index 422a56b..96fb7c9 100644
--- a/WebKit2/ChangeLog
+++ b/WebKit2/ChangeLog
@@ -1,3 +1,34 @@
+2010-12-16  Anders Carlsson  <andersca at apple.com>
+
+        Reviewed by Dan Bernstein.
+
+        Defer getting a PluginProcessConnection object until the plug-in is initialized
+        https://bugs.webkit.org/show_bug.cgi?id=51207
+        <rdar://problem/8731306>
+
+        Before this change, we would pass the PluginProcessConnection to the PluginProxy constructor, but not
+        call PluginProcessConnection::addPluginProxy (which associates the plug-in proxy with the connection)
+        until the plug-in is initialized.
+
+        This could lead to a PluginProxy holding a reference to a PluginProcessConnection when the PluginProxyConnection
+        itself did not know anything about the PluginProxy. This would happen when a page with plug-ins is opened in a background
+        tab, with the plug-ins not yet initialized.
+
+        Because of this, we could end up in a weird state, where the PluginProcessConnection would think that there are no
+        more plug-ins alive, and invalidate (and null out) the underlying CoreIPC connection, which would lead to crashes
+        when trying to send messages to the connection during later initialization.
+
+        The fix is to pass the plug-in path to the PluginProxy constructor, and get the connection from PluginProxy::initialize.
+        
+        PluginProcessConnection object 
+        * WebProcess/Plugins/PluginProxy.cpp:
+        (WebKit::PluginProxy::create):
+        (WebKit::PluginProxy::PluginProxy):
+        (WebKit::PluginProxy::initialize):
+        * WebProcess/Plugins/PluginProxy.h:
+        * WebProcess/WebPage/WebPage.cpp:
+        (WebKit::WebPage::createPlugin):
+
 2010-12-16  Enrica Casucci  <enrica at apple.com>
 
         Reviewed by Maciej Stachowiak.
diff --git a/WebKit2/WebProcess/Plugins/PluginProxy.cpp b/WebKit2/WebProcess/Plugins/PluginProxy.cpp
index 3caedf8..eea38b0 100644
--- a/WebKit2/WebProcess/Plugins/PluginProxy.cpp
+++ b/WebKit2/WebProcess/Plugins/PluginProxy.cpp
@@ -35,6 +35,7 @@
 #include "PluginController.h"
 #include "PluginControllerProxyMessages.h"
 #include "PluginProcessConnection.h"
+#include "PluginProcessConnectionManager.h"
 #include "WebCoreArgumentCoders.h"
 #include "WebEvent.h"
 #include "WebProcessConnectionMessages.h"
@@ -50,13 +51,13 @@ static uint64_t generatePluginInstanceID()
     return ++uniquePluginInstanceID;
 }
 
-PassRefPtr<PluginProxy> PluginProxy::create(PassRefPtr<PluginProcessConnection> connection)
+PassRefPtr<PluginProxy> PluginProxy::create(const String& pluginPath)
 {
-    return adoptRef(new PluginProxy(connection));
+    return adoptRef(new PluginProxy(pluginPath));
 }
 
-PluginProxy::PluginProxy(PassRefPtr<PluginProcessConnection> connection)
-    : m_connection(connection)
+PluginProxy::PluginProxy(const String& pluginPath)
+    : m_pluginPath(pluginPath)
     , m_pluginInstanceID(generatePluginInstanceID())
     , m_pluginController(0)
     , m_pluginBackingStoreContainsValidData(false)
@@ -83,6 +84,12 @@ bool PluginProxy::initialize(PluginController* pluginController, const Parameter
 
     m_pluginController = pluginController;
 
+    ASSERT(!m_connection);
+    m_connection = PluginProcessConnectionManager::shared().getPluginProcessConnection(m_pluginPath);
+    
+    if (!m_connection)
+        return false;
+    
     // Add the plug-in proxy before creating the plug-in; it needs to be in the map because CreatePlugin
     // can call back out to the plug-in proxy.
     m_connection->addPluginProxy(this);
diff --git a/WebKit2/WebProcess/Plugins/PluginProxy.h b/WebKit2/WebProcess/Plugins/PluginProxy.h
index 0432331..0e4136d 100644
--- a/WebKit2/WebProcess/Plugins/PluginProxy.h
+++ b/WebKit2/WebProcess/Plugins/PluginProxy.h
@@ -52,7 +52,7 @@ class PluginProcessConnection;
 
 class PluginProxy : public Plugin {
 public:
-    static PassRefPtr<PluginProxy> create(PassRefPtr<PluginProcessConnection>);
+    static PassRefPtr<PluginProxy> create(const String& pluginPath);
     ~PluginProxy();
 
     uint64_t pluginInstanceID() const { return m_pluginInstanceID; }
@@ -62,7 +62,7 @@ public:
     CoreIPC::SyncReplyMode didReceiveSyncPluginProxyMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*, CoreIPC::ArgumentEncoder*);
 
 private:
-    explicit PluginProxy(PassRefPtr<PluginProcessConnection>);
+    explicit PluginProxy(const String& pluginPath);
 
     // Plugin
     virtual bool initialize(PluginController*, const Parameters&);
@@ -121,6 +121,8 @@ private:
     void setComplexTextInputEnabled(bool);
 #endif
 
+    String m_pluginPath;
+
     RefPtr<PluginProcessConnection> m_connection;
     uint64_t m_pluginInstanceID;
 
diff --git a/WebKit2/WebProcess/WebPage/WebPage.cpp b/WebKit2/WebProcess/WebPage/WebPage.cpp
index f24a32e..b93d79b 100644
--- a/WebKit2/WebProcess/WebPage/WebPage.cpp
+++ b/WebKit2/WebProcess/WebPage/WebPage.cpp
@@ -32,8 +32,6 @@
 #include "MessageID.h"
 #include "NetscapePlugin.h"
 #include "PageOverlay.h"
-#include "PluginProcessConnection.h"
-#include "PluginProcessConnectionManager.h"
 #include "PluginProxy.h"
 #include "PluginView.h"
 #include "WebBackForwardListProxy.h"
@@ -235,12 +233,7 @@ PassRefPtr<Plugin> WebPage::createPlugin(const Plugin::Parameters& parameters)
         return 0;
 
 #if ENABLE(PLUGIN_PROCESS)
-    PluginProcessConnection* pluginProcessConnection = PluginProcessConnectionManager::shared().getPluginProcessConnection(pluginPath);
-
-    if (!pluginProcessConnection)
-        return 0;
-
-    return PluginProxy::create(pluginProcessConnection);
+    return PluginProxy::create(pluginPath);
 #else
     return NetscapePlugin::create(NetscapePluginModule::getOrCreate(pluginPath));
 #endif

-- 
WebKit Debian packaging

