NULL nobject_ in the stub prior to deallocating the object, to avoid...

NULL nobject_ in the stub prior to deallocating the object, to avoid re-entrancy into NPObjectStub::DeleteSoon() during NPObjectStub::OnChannelError() from double-deleting the stub. BUG=94179 Review URL: http://codereview.chromium.org/7792007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@98746 0039d316-1c4b-4281-b951-d872f2087c98

NULL nobject_ in the stub prior to deallocating the object, to avoid...
NULL nobject_ in the stub prior to deallocating the object, to avoid re-entrancy into NPObjectStub::DeleteSoon() during NPObjectStub::OnChannelError() from double-deleting the stub. BUG=94179 Review URL: http://codereview.chromium.org/7792007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@98746 0039d316-1c4b-4281-b951-d872f2087c98
c16ed34d · eroman@chromium.org · 6e9fc216 · c16ed34d
Commit c16ed34d authored Aug 30, 2011 by eroman@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 2 deletions

content/plugin/npobject_stub.cc content/plugin/npobject_stub.cc +9 -2

No files found.
--- a/content/plugin/npobject_stub.cc
+++ b/content/plugin/npobject_stub.cc
@@ -116,9 +116,16 @@ void NPObjectStub::DeleteSoon(bool release_npobject) {
  if (npobject_) {
    channel_->RemoveMappingForNPObjectStub(route_id_, npobject_);
-    if (release_npobject)
-      WebBindings::releaseObject(npobject_);
+    // We need to NULL npobject_ prior to calling releaseObject() to avoid
+    // problems with re-entrancy. See http://crbug.com/94179#c17 for more
+    // details on how this can happen.
+    NPObject* npobject = npobject_;
    npobject_ = NULL;
+    if (release_npobject)
+      WebBindings::releaseObject(npobject);
    MessageLoop::current()->PostTask(
      FROM_HERE,
      NewRunnableFunction(