https://bugs.webkit.org/show_bug.cgi?id=81139
<rdar://problem/9641197>
Reviewed by Dan Bernstein.
When a plug-in process crashes, its corresponding PluginProcessProxy object is deleted immediately,
which is bad if we're currently running a nested run loop.
Fix this by making PluginProcessProxy ref-counted and protecting it before the call to -[NSApp runModalForWindow:].
* UIProcess/Plugins/PluginProcessManager.cpp:
(WebKit::PluginProcessManager::pluginProcessWithPath):
(WebKit::PluginProcessManager::getOrCreatePluginProcess):
* UIProcess/Plugins/PluginProcessManager.h:
(PluginProcessManager):
* UIProcess/Plugins/PluginProcessProxy.cpp:
(WebKit::PluginProcessProxy::create):
(WebKit::PluginProcessProxy::pluginProcessCrashedOrFailedToLaunch):
* UIProcess/Plugins/PluginProcessProxy.h:
(PluginProcessProxy):
* UIProcess/Plugins/mac/PluginProcessProxyMac.mm:
(WebKit::PluginProcessProxy::setModalWindowIsShowing):
(WebKit::PluginProcessProxy::beginModal):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@110728
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2012-03-14 Anders Carlsson <andersca@apple.com>
+
+ Fix UI process crash when a plug-in process crashes with a modal dialog showing
+ https://bugs.webkit.org/show_bug.cgi?id=81139
+ <rdar://problem/9641197>
+
+ Reviewed by Dan Bernstein.
+
+ When a plug-in process crashes, its corresponding PluginProcessProxy object is deleted immediately,
+ which is bad if we're currently running a nested run loop.
+
+ Fix this by making PluginProcessProxy ref-counted and protecting it before the call to -[NSApp runModalForWindow:].
+
+ * UIProcess/Plugins/PluginProcessManager.cpp:
+ (WebKit::PluginProcessManager::pluginProcessWithPath):
+ (WebKit::PluginProcessManager::getOrCreatePluginProcess):
+ * UIProcess/Plugins/PluginProcessManager.h:
+ (PluginProcessManager):
+ * UIProcess/Plugins/PluginProcessProxy.cpp:
+ (WebKit::PluginProcessProxy::create):
+ (WebKit::PluginProcessProxy::pluginProcessCrashedOrFailedToLaunch):
+ * UIProcess/Plugins/PluginProcessProxy.h:
+ (PluginProcessProxy):
+ * UIProcess/Plugins/mac/PluginProcessProxyMac.mm:
+ (WebKit::PluginProcessProxy::setModalWindowIsShowing):
+ (WebKit::PluginProcessProxy::beginModal):
+
2012-03-14 Carlos Garcia Campos <cgarcia@igalia.com>
[GTK] Handle printing errors in WebKit2
{
for (size_t i = 0; i < m_pluginProcesses.size(); ++i) {
if (m_pluginProcesses[i]->pluginInfo().path == pluginPath)
- return m_pluginProcesses[i];
+ return m_pluginProcesses[i].get();
}
+
return 0;
}
if (PluginProcessProxy* pluginProcess = pluginProcessWithPath(plugin.path))
return pluginProcess;
- PluginProcessProxy* pluginProcess = PluginProcessProxy::create(this, plugin).leakPtr();
- m_pluginProcesses.append(pluginProcess);
+ RefPtr<PluginProcessProxy> pluginProcess = PluginProcessProxy::create(this, plugin);
+ PluginProcessProxy* pluginProcessPtr = pluginProcess.get();
+
+ m_pluginProcesses.append(pluginProcess.release());
- return pluginProcess;
+ return pluginProcessPtr;
}
} // namespace WebKit
PluginProcessProxy* getOrCreatePluginProcess(const PluginModuleInfo&);
PluginProcessProxy* pluginProcessWithPath(const String& pluginPath);
- Vector<PluginProcessProxy*> m_pluginProcesses;
+ Vector<RefPtr<PluginProcessProxy> > m_pluginProcesses;
};
} // namespace WebKit
namespace WebKit {
-Pass
OwnPtr<PluginProcessProxy> PluginProcessProxy::create(PluginProcessManager* PluginProcessManager, const PluginModuleInfo& pluginInfo)
+Pass
RefPtr<PluginProcessProxy> PluginProcessProxy::create(PluginProcessManager* PluginProcessManager, const PluginModuleInfo& pluginInfo)
{
- return adoptPtr(new PluginProcessProxy(PluginProcessManager, pluginInfo));
+ return adoptRef(new PluginProcessProxy(PluginProcessManager, pluginInfo));
}
PluginProcessProxy::PluginProcessProxy(PluginProcessManager* PluginProcessManager, const PluginModuleInfo& pluginInfo)
while (!m_pendingClearSiteDataReplies.isEmpty())
didClearSiteData(m_pendingClearSiteDataReplies.begin()->first);
- // Tell the plug-in process manager to forget about this plug-in process proxy.
+ // Tell the plug-in process manager to forget about this plug-in process proxy. This may cause us to be deleted.
m_pluginProcessManager->removePluginProcessProxy(this);
- delete this;
}
void PluginProcessProxy::didReceiveMessage(CoreIPC::Connection* connection, CoreIPC::MessageID messageID, CoreIPC::ArgumentDecoder* arguments)
class WebProcessProxy;
struct PluginProcessCreationParameters;
-class PluginProcessProxy : CoreIPC::Connection::Client, ProcessLauncher::Client {
+class PluginProcessProxy : public RefCounted<PluginProcessProxy>, CoreIPC::Connection::Client, ProcessLauncher::Client {
public:
- static Pass
OwnPtr<PluginProcessProxy> create(PluginProcessManager*, const PluginModuleInfo&);
+ static Pass
RefPtr<PluginProcessProxy> create(PluginProcessManager*, const PluginModuleInfo&);
~PluginProcessProxy();
const PluginModuleInfo& pluginInfo() const { return m_pluginInfo; }
void PluginProcessProxy::setModalWindowIsShowing(bool modalWindowIsShowing)
{
- if (modalWindowIsShowing == m_modalWindowIsShowing)
+ if (modalWindowIsShowing == m_modalWindowIsShowing)
return;
m_modalWindowIsShowing = modalWindowIsShowing;
m_activationObserver = [[NSNotificationCenter defaultCenter] addObserverForName:NSApplicationWillBecomeActiveNotification object:NSApp queue:nil
usingBlock:^(NSNotification *){ applicationDidBecomeActive(); }];
-
+
+ // The call to -[NSApp runModalForWindow:] below will run a nested run loop, and if the plug-in process
+ // crashes the PluginProcessProxy object can be destroyed. Protect against this here.
+ RefPtr<PluginProcessProxy> protect(this);
+
[NSApp runModalForWindow:m_placeholderWindow.get()];
[m_placeholderWindow.get() orderOut:nil];
projects / profile / ivi / webkit-efl.git / commitdiff