Fix a flash plugin process crash on Windows which occurs on the field in the...

Fix a flash plugin process crash on Windows which occurs on the field in the context of the SetCursor Windows API call. We intercept this API to ensure that custom cursors set by flash plugin can be marshaled back to the browser process. Based on the callstack the crash occurs while clearing the custom data vector in the WebCursor object in the plugin process. As this field is not used on Windows, it is not clear why this crash occurs. It may well be due to the fact that the global plugin instance pointer is pointing to an invalid plugin instance. Code inspection did not reveal much. We don't need to save away the plugin cursor in the SetCursor intercept. This can be safely done in the HandleEvent handler, which simplifies the code and should hopefully fix this crash. Fixes bug http://code.google.com/p/chromium/issues/detail?id=96282 BUG=96282 Review URL: http://codereview.chromium.org/7988009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@102313 0039d316-1c4b-4281-b951-d872f2087c98

Fix a flash plugin process crash on Windows which occurs on the field in the...
Fix a flash plugin process crash on Windows which occurs on the field in the context of the SetCursor Windows API call. We intercept this API to ensure that custom cursors set by flash plugin can be marshaled back to the browser process. Based on the callstack the crash occurs while clearing the custom data vector in the WebCursor object in the plugin process. As this field is not used on Windows, it is not clear why this crash occurs. It may well be due to the fact that the global plugin instance pointer is pointing to an invalid plugin instance. Code inspection did not reveal much. We don't need to save away the plugin cursor in the SetCursor intercept. This can be safely done in the HandleEvent handler, which simplifies the code and should hopefully fix this crash. Fixes bug http://code.google.com/p/chromium/issues/detail?id=96282 BUG=96282 Review URL: http://codereview.chromium.org/7988009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@102313 0039d316-1c4b-4281-b951-d872f2087c98
3afd25e0 · ananta@chromium.org · 70ccf706 · 3afd25e0
Commit 3afd25e0 authored Sep 22, 2011 by ananta@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 13 deletions

webkit/plugins/npapi/webplugin_delegate_impl_win.cc webkit/plugins/npapi/webplugin_delegate_impl_win.cc +2 -13

No files found.
--- a/webkit/plugins/npapi/webplugin_delegate_impl_win.cc
+++ b/webkit/plugins/npapi/webplugin_delegate_impl_win.cc
@@ -1359,6 +1359,7 @@ bool WebPluginDelegateImpl::PlatformHandleInputEvent(
  ret = true;
  if (np_event.event == WM_MOUSEMOVE) {
+    current_windowless_cursor_.InitFromExternalCursor(GetCursor());
    // Snag a reference to the current cursor ASAP in case the plugin modified
    // it. There is a nasty race condition here with the multiprocess browser
    // as someone might be setting the cursor in the main process as well.
@@ -1460,19 +1461,7 @@ HCURSOR WINAPI WebPluginDelegateImpl::SetCursorPatch(HCURSOR cursor) {
    }
    return current_cursor;
  }
+  return ::SetCursor(cursor);
-  if (!g_current_plugin_instance->IsWindowless()) {
-    return ::SetCursor(cursor);
-  }
-  // It is ok to pass NULL here to GetCursor as we are not looking for cursor
-  // types defined by Webkit.
-  HCURSOR previous_cursor =
-      g_current_plugin_instance->current_windowless_cursor_.GetCursor(NULL);
-  g_current_plugin_instance->current_windowless_cursor_.InitFromExternalCursor(
-      cursor);
-  return previous_cursor;
 }
 LONG WINAPI WebPluginDelegateImpl::RegEnumKeyExWPatch(