Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1729)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: webkit/plugins/ppapi/ppb_url_loader_impl.cc

Issue 10797037: Stale user_buffer_ pointer in PPB_URLLoader_impl after disptaching a callback (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "webkit/plugins/ppapi/ppb_url_loader_impl.h" 5 #include "webkit/plugins/ppapi/ppb_url_loader_impl.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "net/base/net_errors.h" 8 #include "net/base/net_errors.h"
9 #include "ppapi/c/pp_completion_callback.h" 9 #include "ppapi/c/pp_completion_callback.h"
10 #include "ppapi/c/pp_errors.h" 10 #include "ppapi/c/pp_errors.h"
(...skipping 372 matching lines...) Expand 10 before | Expand all | Expand 10 after
383 loader_->setDefersLoading(defers_loading); 383 loader_->setDefersLoading(defers_loading);
384 is_asynchronous_load_suspended_ = defers_loading; 384 is_asynchronous_load_suspended_ = defers_loading;
385 } 385 }
386 386
387 // TODO(brettw) bug 96770: We need a way to set the defers loading flag on 387 // TODO(brettw) bug 96770: We need a way to set the defers loading flag on
388 // main document loads (when the loader_ is null). 388 // main document loads (when the loader_ is null).
389 } 389 }
390 390
391 void PPB_URLLoader_Impl::FinishLoading(int32_t done_status) { 391 void PPB_URLLoader_Impl::FinishLoading(int32_t done_status) {
392 done_status_ = done_status; 392 done_status_ = done_status;
393 user_buffer_ = NULL;
394 user_buffer_size_ = 0;
393 // If the client hasn't called any function that takes a callback since 395 // If the client hasn't called any function that takes a callback since
394 // the initial call to Open, or called ReadResponseBody and got a 396 // the initial call to Open, or called ReadResponseBody and got a
395 // synchronous return, then the callback will be NULL. 397 // synchronous return, then the callback will be NULL.
396 if (TrackedCallback::IsPending(pending_callback_)) 398 if (TrackedCallback::IsPending(pending_callback_))
397 RunCallback(done_status_); 399 RunCallback(done_status_);
398 } 400 }
399 401
400 int32_t PPB_URLLoader_Impl::ValidateCallback( 402 int32_t PPB_URLLoader_Impl::ValidateCallback(
401 scoped_refptr<TrackedCallback> callback) { 403 scoped_refptr<TrackedCallback> callback) {
402 DCHECK(callback); 404 DCHECK(callback);
(...skipping 14 matching lines...) Expand all
417 419
418 pending_callback_ = callback; 420 pending_callback_ = callback;
419 } 421 }
420 422
421 void PPB_URLLoader_Impl::RunCallback(int32_t result) { 423 void PPB_URLLoader_Impl::RunCallback(int32_t result) {
422 // This may be null only when this is a main document loader. 424 // This may be null only when this is a main document loader.
423 if (!pending_callback_.get()) { 425 if (!pending_callback_.get()) {
424 CHECK(main_document_loader_); 426 CHECK(main_document_loader_);
425 return; 427 return;
426 } 428 }
429
430 // If |user_buffer_| was set as part of registering the callback, ensure
431 // it got cleared since the callback is now free to delete it.
432 DCHECK(!user_buffer_);
427 TrackedCallback::ClearAndRun(&pending_callback_, result); 433 TrackedCallback::ClearAndRun(&pending_callback_, result);
428 } 434 }
429 435
430 size_t PPB_URLLoader_Impl::FillUserBuffer() { 436 size_t PPB_URLLoader_Impl::FillUserBuffer() {
431 DCHECK(user_buffer_); 437 DCHECK(user_buffer_);
432 DCHECK(user_buffer_size_); 438 DCHECK(user_buffer_size_);
433 439
434 size_t bytes_to_copy = std::min(buffer_.size(), user_buffer_size_); 440 size_t bytes_to_copy = std::min(buffer_.size(), user_buffer_size_);
435 std::copy(buffer_.begin(), buffer_.begin() + bytes_to_copy, user_buffer_); 441 std::copy(buffer_.begin(), buffer_.begin() + bytes_to_copy, user_buffer_);
436 buffer_.erase(buffer_.begin(), buffer_.begin() + bytes_to_copy); 442 buffer_.erase(buffer_.begin(), buffer_.begin() + bytes_to_copy);
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
476 bool PPB_URLLoader_Impl::RecordDownloadProgress() const { 482 bool PPB_URLLoader_Impl::RecordDownloadProgress() const {
477 return request_data_.record_download_progress; 483 return request_data_.record_download_progress;
478 } 484 }
479 485
480 bool PPB_URLLoader_Impl::RecordUploadProgress() const { 486 bool PPB_URLLoader_Impl::RecordUploadProgress() const {
481 return request_data_.record_upload_progress; 487 return request_data_.record_upload_progress;
482 } 488 }
483 489
484 } // namespace ppapi 490 } // namespace ppapi
485 } // namespace webkit 491 } // namespace webkit
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698