[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.19-706-ge5415e9
mitz at apple.com
mitz at apple.com
Thu Feb 4 21:21:10 UTC 2010
The following commit has been merged in the webkit-1.1 branch:
commit 77cf9760725af2f12d8d359c9c19326243fdb99a
Author: mitz at apple.com <mitz at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Jan 20 05:08:46 2010 +0000
<rdar://problem/7068584> Crash at NetscapePluginHostProxy::processRequests
Patch by Anders Carlsson <andersca at apple.com> on 2009-12-18
Reviewed by Dan Bernstein.
* Plugins/Hosted/NetscapePluginInstanceProxy.h:
(WebKit::NetscapePluginInstanceProxy::waitForReply): Wrapped with calls
to willCallPluginFunction/didCallPluginFunction. This prevents the plug-in
from being stopped while waiting for reply.
* Plugins/Hosted/NetscapePluginInstanceProxy.mm:
(WebKit::NetscapePluginInstanceProxy::createBindingsInstance): Protect the
instance proxy in case the plug-in host crashes while waiting for reply.
* Plugins/Hosted/ProxyInstance.h:
(WebKit::ProxyInstance::waitForReply): Added. Calls through to
NetscapePluginInstanceProxy::waitForReply(), but returns a null reply if the
proxy gets invalidated while waiting for the reply.
* Plugins/Hosted/ProxyInstance.mm:
(WebKit::ProxyInstance::invoke): Use ProxyInstance::waitForReply().
(WebKit::ProxyInstance::supportsInvokeDefaultMethod): Ditto.
(WebKit::ProxyInstance::supportsConstruct): Ditto.
(WebKit::ProxyInstance::getPropertyNames): Ditto.
(WebKit::ProxyInstance::methodsNamed): Ditto.
(WebKit::ProxyInstance::fieldNamed): Ditto.
(WebKit::ProxyInstance::fieldValue): Ditto.
(WebKit::ProxyInstance::setFieldValue): Ditto.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53520 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebKit/mac/ChangeLog b/WebKit/mac/ChangeLog
index a163241..32066de 100644
--- a/WebKit/mac/ChangeLog
+++ b/WebKit/mac/ChangeLog
@@ -1,3 +1,30 @@
+2009-12-18 Anders Carlsson <andersca at apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ <rdar://problem/7068584> Crash at NetscapePluginHostProxy::processRequests
+
+ * Plugins/Hosted/NetscapePluginInstanceProxy.h:
+ (WebKit::NetscapePluginInstanceProxy::waitForReply): Wrapped with calls
+ to willCallPluginFunction/didCallPluginFunction. This prevents the plug-in
+ from being stopped while waiting for reply.
+ * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
+ (WebKit::NetscapePluginInstanceProxy::createBindingsInstance): Protect the
+ instance proxy in case the plug-in host crashes while waiting for reply.
+ * Plugins/Hosted/ProxyInstance.h:
+ (WebKit::ProxyInstance::waitForReply): Added. Calls through to
+ NetscapePluginInstanceProxy::waitForReply(), but returns a null reply if the
+ proxy gets invalidated while waiting for the reply.
+ * Plugins/Hosted/ProxyInstance.mm:
+ (WebKit::ProxyInstance::invoke): Use ProxyInstance::waitForReply().
+ (WebKit::ProxyInstance::supportsInvokeDefaultMethod): Ditto.
+ (WebKit::ProxyInstance::supportsConstruct): Ditto.
+ (WebKit::ProxyInstance::getPropertyNames): Ditto.
+ (WebKit::ProxyInstance::methodsNamed): Ditto.
+ (WebKit::ProxyInstance::fieldNamed): Ditto.
+ (WebKit::ProxyInstance::fieldValue): Ditto.
+ (WebKit::ProxyInstance::setFieldValue): Ditto.
+
2010-01-19 John Sullivan <sullivan at apple.com>
Tiger build fix.
diff --git a/WebKit/mac/Plugins/Hosted/NetscapePluginInstanceProxy.h b/WebKit/mac/Plugins/Hosted/NetscapePluginInstanceProxy.h
index bad8751..2ef6b02 100644
--- a/WebKit/mac/Plugins/Hosted/NetscapePluginInstanceProxy.h
+++ b/WebKit/mac/Plugins/Hosted/NetscapePluginInstanceProxy.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008, 2009, 2010 Apple Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -249,6 +249,8 @@ public:
template <typename T>
std::auto_ptr<T> waitForReply(uint32_t requestID)
{
+ willCallPluginFunction();
+
m_waitingForReply = true;
Reply* reply = processRequestsAndWaitForReply(requestID);
@@ -256,6 +258,9 @@ public:
ASSERT(reply->m_type == T::ReplyType);
m_waitingForReply = false;
+
+ didCallPluginFunction();
+
return std::auto_ptr<T>(static_cast<T*>(reply));
}
diff --git a/WebKit/mac/Plugins/Hosted/NetscapePluginInstanceProxy.mm b/WebKit/mac/Plugins/Hosted/NetscapePluginInstanceProxy.mm
index 12cbc1c..187b0ea 100644
--- a/WebKit/mac/Plugins/Hosted/NetscapePluginInstanceProxy.mm
+++ b/WebKit/mac/Plugins/Hosted/NetscapePluginInstanceProxy.mm
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008, 2009, 2010 Apple Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -1253,6 +1253,10 @@ PassRefPtr<Instance> NetscapePluginInstanceProxy::createBindingsInstance(PassRef
if (_WKPHGetScriptableNPObject(m_pluginHostProxy->port(), m_pluginID, requestID) != KERN_SUCCESS)
return 0;
+
+ // If the plug-in host crashes while we're waiting for a reply, the last reference to the instance proxy
+ // will go away. Prevent this by protecting it here.
+ RefPtr<NetscapePluginInstanceProxy> protect(this);
auto_ptr<GetScriptableNPObjectReply> reply = waitForReply<GetScriptableNPObjectReply>(requestID);
if (!reply.get())
diff --git a/WebKit/mac/Plugins/Hosted/ProxyInstance.h b/WebKit/mac/Plugins/Hosted/ProxyInstance.h
index f84c685..6e8ac47 100644
--- a/WebKit/mac/Plugins/Hosted/ProxyInstance.h
+++ b/WebKit/mac/Plugins/Hosted/ProxyInstance.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2009, 2010 Apple Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -28,15 +28,15 @@
#ifndef ProxyInstance_h
#define ProxyInstance_h
-#include <WebCore/Bridge.h>
-#include <WebCore/runtime_root.h>
-#include <wtf/OwnPtr.h>
-#include "WebKitPluginHostTypes.h"
+#import "NetscapePluginInstanceProxy.h"
+#import "WebKitPluginHostTypes.h"
+#import <WebCore/Bridge.h>
+#import <WebCore/runtime_root.h>
+#import <wtf/OwnPtr.h>
namespace WebKit {
class ProxyClass;
-class NetscapePluginInstanceProxy;
class ProxyInstance : public JSC::Bindings::Instance {
public:
@@ -80,6 +80,17 @@ private:
JSC::JSValue invoke(JSC::ExecState*, InvokeType, uint64_t identifier, const JSC::ArgList& args);
+ template <typename T>
+ std::auto_ptr<T> waitForReply(uint32_t requestID) const {
+ std::auto_ptr<T> reply = m_instanceProxy->waitForReply<T>(requestID);
+
+ // If the instance proxy was invalidated, just return a null reply.
+ if (!m_instanceProxy)
+ return std::auto_ptr<T>();
+
+ return reply;
+ }
+
NetscapePluginInstanceProxy* m_instanceProxy;
uint32_t m_objectID;
JSC::Bindings::FieldMap m_fields;
diff --git a/WebKit/mac/Plugins/Hosted/ProxyInstance.mm b/WebKit/mac/Plugins/Hosted/ProxyInstance.mm
index 92ef8ba..1af2ef8 100644
--- a/WebKit/mac/Plugins/Hosted/ProxyInstance.mm
+++ b/WebKit/mac/Plugins/Hosted/ProxyInstance.mm
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008, 2009, 2010 Apple Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -28,11 +28,10 @@
#import "ProxyInstance.h"
#import "NetscapePluginHostProxy.h"
-#import "NetscapePluginInstanceProxy.h"
-#import <runtime/PropertyNameArray.h>
#import <WebCore/IdentifierRep.h>
#import <WebCore/JSDOMWindow.h>
#import <WebCore/npruntime_impl.h>
+#import <runtime/PropertyNameArray.h>
extern "C" {
#import "WebKitPluginHost.h"
@@ -147,7 +146,7 @@ JSValue ProxyInstance::invoke(JSC::ExecState* exec, InvokeType type, uint64_t id
type, identifier, (char*)[arguments.get() bytes], [arguments.get() length]) != KERN_SUCCESS)
return jsUndefined();
- auto_ptr<NetscapePluginInstanceProxy::BooleanAndDataReply> reply = m_instanceProxy->waitForReply<NetscapePluginInstanceProxy::BooleanAndDataReply>(requestID);
+ auto_ptr<NetscapePluginInstanceProxy::BooleanAndDataReply> reply = waitForReply<NetscapePluginInstanceProxy::BooleanAndDataReply>(requestID);
if (!reply.get() || !reply->m_returnValue)
return jsUndefined();
@@ -175,7 +174,7 @@ bool ProxyInstance::supportsInvokeDefaultMethod() const
m_objectID) != KERN_SUCCESS)
return false;
- auto_ptr<NetscapePluginInstanceProxy::BooleanReply> reply = m_instanceProxy->waitForReply<NetscapePluginInstanceProxy::BooleanReply>(requestID);
+ auto_ptr<NetscapePluginInstanceProxy::BooleanReply> reply = waitForReply<NetscapePluginInstanceProxy::BooleanReply>(requestID);
if (reply.get() && reply->m_result)
return true;
@@ -199,7 +198,7 @@ bool ProxyInstance::supportsConstruct() const
m_objectID) != KERN_SUCCESS)
return false;
- auto_ptr<NetscapePluginInstanceProxy::BooleanReply> reply = m_instanceProxy->waitForReply<NetscapePluginInstanceProxy::BooleanReply>(requestID);
+ auto_ptr<NetscapePluginInstanceProxy::BooleanReply> reply = waitForReply<NetscapePluginInstanceProxy::BooleanReply>(requestID);
if (reply.get() && reply->m_result)
return true;
@@ -253,7 +252,7 @@ void ProxyInstance::getPropertyNames(ExecState* exec, PropertyNameArray& nameArr
if (_WKPHNPObjectEnumerate(m_instanceProxy->hostProxy()->port(), m_instanceProxy->pluginID(), requestID, m_objectID) != KERN_SUCCESS)
return;
- auto_ptr<NetscapePluginInstanceProxy::BooleanAndDataReply> reply = m_instanceProxy->waitForReply<NetscapePluginInstanceProxy::BooleanAndDataReply>(requestID);
+ auto_ptr<NetscapePluginInstanceProxy::BooleanAndDataReply> reply = waitForReply<NetscapePluginInstanceProxy::BooleanAndDataReply>(requestID);
if (!reply.get() || !reply->m_returnValue)
return;
@@ -298,7 +297,7 @@ MethodList ProxyInstance::methodsNamed(const Identifier& identifier)
m_objectID, methodName) != KERN_SUCCESS)
return MethodList();
- auto_ptr<NetscapePluginInstanceProxy::BooleanReply> reply = m_instanceProxy->waitForReply<NetscapePluginInstanceProxy::BooleanReply>(requestID);
+ auto_ptr<NetscapePluginInstanceProxy::BooleanReply> reply = waitForReply<NetscapePluginInstanceProxy::BooleanReply>(requestID);
if (!reply.get())
return MethodList();
@@ -334,7 +333,7 @@ Field* ProxyInstance::fieldNamed(const Identifier& identifier)
m_objectID, propertyName) != KERN_SUCCESS)
return 0;
- auto_ptr<NetscapePluginInstanceProxy::BooleanReply> reply = m_instanceProxy->waitForReply<NetscapePluginInstanceProxy::BooleanReply>(requestID);
+ auto_ptr<NetscapePluginInstanceProxy::BooleanReply> reply = waitForReply<NetscapePluginInstanceProxy::BooleanReply>(requestID);
if (!reply.get())
return 0;
@@ -361,7 +360,7 @@ JSC::JSValue ProxyInstance::fieldValue(ExecState* exec, const Field* field) cons
m_objectID, serverIdentifier) != KERN_SUCCESS)
return jsUndefined();
- auto_ptr<NetscapePluginInstanceProxy::BooleanAndDataReply> reply = m_instanceProxy->waitForReply<NetscapePluginInstanceProxy::BooleanAndDataReply>(requestID);
+ auto_ptr<NetscapePluginInstanceProxy::BooleanAndDataReply> reply = waitForReply<NetscapePluginInstanceProxy::BooleanAndDataReply>(requestID);
if (!reply.get() || !reply->m_returnValue)
return jsUndefined();
@@ -387,7 +386,7 @@ void ProxyInstance::setFieldValue(ExecState* exec, const Field* field, JSValue v
if (kr != KERN_SUCCESS)
return;
- auto_ptr<NetscapePluginInstanceProxy::BooleanReply> reply = m_instanceProxy->waitForReply<NetscapePluginInstanceProxy::BooleanReply>(requestID);
+ auto_ptr<NetscapePluginInstanceProxy::BooleanReply> reply = waitForReply<NetscapePluginInstanceProxy::BooleanReply>(requestID);
}
void ProxyInstance::invalidate()
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list