WebProcess crash in NPRemoteObjectMap::invalidate when closing tab
authorandersca@apple.com <andersca@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 7 Dec 2010 00:57:32 +0000 (00:57 +0000)
committerandersca@apple.com <andersca@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 7 Dec 2010 00:57:32 +0000 (00:57 +0000)
commit27f62fe6fa2a60106a56211d72d786fd427b7f71
tree5d45f0a083ff6e4187b2d93d8812a1095e7b5579
parentb1c1819cf9bb611dfdda488b559cc9506183f702
WebProcess crash in NPRemoteObjectMap::invalidate when closing tab
https://bugs.webkit.org/show_bug.cgi?id=50597
<rdar://problem/8655584>

Reviewed by Sam Weinig.

When invalidating the NPRemoteObjectMap, we don't want NPObjectMessageReceiver to
release all objects NPObjects blindly because NPJSObjects have already been deallocated by the plug-in view.

This is not an ideal solution; an ideal solution would involve NPJSObjects notifying any NPObjectMessageReceiver objects
that the NPJSObject is being destroyed. The NPObjectMessageReceiver could then simply null out the NPObject pointer.

* Shared/Plugins/NPObjectMessageReceiver.cpp:
(WebKit::NPObjectMessageReceiver::NPObjectMessageReceiver):
(WebKit::NPObjectMessageReceiver::~NPObjectMessageReceiver):
* Shared/Plugins/NPObjectMessageReceiver.h:
* Shared/Plugins/NPRemoteObjectMap.cpp:
(WebKit::NPRemoteObjectMap::NPRemoteObjectMap):
(WebKit::NPRemoteObjectMap::invalidate):
* Shared/Plugins/NPRemoteObjectMap.h:
(WebKit::NPRemoteObjectMap::isInvalidating):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@73414 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit2/ChangeLog
WebKit2/Shared/Plugins/NPObjectMessageReceiver.cpp
WebKit2/Shared/Plugins/NPObjectMessageReceiver.h
WebKit2/Shared/Plugins/NPRemoteObjectMap.cpp
WebKit2/Shared/Plugins/NPRemoteObjectMap.h