| Index: webkit/plugins/npapi/webplugin_delegate_impl_win.cc
|
| ===================================================================
|
| --- webkit/plugins/npapi/webplugin_delegate_impl_win.cc (revision 160170)
|
| +++ webkit/plugins/npapi/webplugin_delegate_impl_win.cc (working copy)
|
| @@ -92,69 +92,6 @@
|
| base::LazyInstance<base::win::IATPatchFunction> g_iat_patch_get_proc_address =
|
| LAZY_INSTANCE_INITIALIZER;
|
|
|
| -// Helper object for patching the GetKeyState API.
|
| -base::LazyInstance<base::win::IATPatchFunction> g_iat_patch_get_key_state =
|
| - LAZY_INSTANCE_INITIALIZER;
|
| -
|
| -// Saved key state globals and helper access functions.
|
| -SHORT (WINAPI *g_iat_orig_get_key_state)(int vkey);
|
| -typedef size_t SavedStateType;
|
| -const size_t kBitsPerType = sizeof(SavedStateType) * 8;
|
| -// Bit array of key state corresponding to virtual key index (0=up, 1=down).
|
| -SavedStateType g_saved_key_state[256 / kBitsPerType];
|
| -
|
| -bool GetSavedKeyState(WPARAM vkey) {
|
| - CHECK_LT(vkey, kBitsPerType * sizeof(g_saved_key_state));
|
| - if (g_saved_key_state[vkey / kBitsPerType] & 1 << (vkey % kBitsPerType))
|
| - return true;
|
| - return false;
|
| -}
|
| -
|
| -void SetSavedKeyState(WPARAM vkey) {
|
| - CHECK_LT(vkey, kBitsPerType * sizeof(g_saved_key_state));
|
| - // Cache the key state only for keys blocked by UIPI.
|
| - if (g_iat_orig_get_key_state(vkey) == 0)
|
| - g_saved_key_state[vkey / kBitsPerType] |= 1 << (vkey % kBitsPerType);
|
| -}
|
| -
|
| -void UnsetSavedKeyState(WPARAM vkey) {
|
| - CHECK_LT(vkey, kBitsPerType * sizeof(g_saved_key_state));
|
| - g_saved_key_state[vkey / kBitsPerType] &= ~(1 << (vkey % kBitsPerType));
|
| -}
|
| -
|
| -void ClearSavedKeyState() {
|
| - memset(g_saved_key_state, 0, sizeof(g_saved_key_state));
|
| -}
|
| -
|
| -// Helper objects for patching VirtualQuery, VirtualProtect.
|
| -base::LazyInstance<base::win::IATPatchFunction> g_iat_patch_virtual_protect =
|
| - LAZY_INSTANCE_INITIALIZER;
|
| -BOOL (WINAPI *g_iat_orig_virtual_protect)(LPVOID address,
|
| - SIZE_T size,
|
| - DWORD new_protect,
|
| - PDWORD old_protect);
|
| -
|
| -base::LazyInstance<base::win::IATPatchFunction> g_iat_patch_virtual_free =
|
| - LAZY_INSTANCE_INITIALIZER;
|
| -BOOL (WINAPI *g_iat_orig_virtual_free)(LPVOID address,
|
| - SIZE_T size,
|
| - DWORD free_type);
|
| -
|
| -const DWORD kExecPageMask = PAGE_EXECUTE_READ;
|
| -static volatile intptr_t g_max_exec_mem_size;
|
| -static scoped_ptr<base::Lock> g_exec_mem_lock;
|
| -
|
| -void UpdateExecMemSize(intptr_t size) {
|
| - base::AutoLock locked(*g_exec_mem_lock);
|
| -
|
| - static intptr_t s_exec_mem_size = 0;
|
| -
|
| - // Floor to zero since shutdown may unmap pages created before our hooks.
|
| - s_exec_mem_size = std::max(0, s_exec_mem_size + size);
|
| - if (s_exec_mem_size > g_max_exec_mem_size)
|
| - g_max_exec_mem_size = s_exec_mem_size;
|
| -}
|
| -
|
| // http://crbug.com/16114
|
| // Enforces providing a valid device context in NPWindow, so that NPP_SetWindow
|
| // is never called with NPNWindoTypeDrawable and NPWindow set to NULL.
|
| @@ -337,59 +274,6 @@
|
| return CallNextHookEx(NULL, code, wParam, lParam);
|
| }
|
|
|
| -// In addition to the key state we maintain, we also mask in the original
|
| -// return value. This is done because system keys (e.g. tab, enter, shift)
|
| -// and toggles (e.g. capslock, numlock) don't ever seem to be blocked.
|
| -SHORT WINAPI WebPluginDelegateImpl::GetKeyStatePatch(int vkey) {
|
| - if (GetSavedKeyState(vkey))
|
| - return g_iat_orig_get_key_state(vkey) | 0x8000;
|
| - return g_iat_orig_get_key_state(vkey);
|
| -}
|
| -
|
| -// We need to track RX memory usage in plugins to prevent JIT spraying attacks.
|
| -// This is done by hooking VirtualProtect and VirtualFree.
|
| -BOOL WINAPI WebPluginDelegateImpl::VirtualProtectPatch(LPVOID address,
|
| - SIZE_T size,
|
| - DWORD new_protect,
|
| - PDWORD old_protect) {
|
| - if (g_iat_orig_virtual_protect(address, size, new_protect, old_protect)) {
|
| - bool is_exec = new_protect == kExecPageMask;
|
| - bool was_exec = *old_protect == kExecPageMask;
|
| - if (is_exec && !was_exec) {
|
| - UpdateExecMemSize(static_cast<intptr_t>(size));
|
| - } else if (!is_exec && was_exec) {
|
| - UpdateExecMemSize(-(static_cast<intptr_t>(size)));
|
| - }
|
| -
|
| - return TRUE;
|
| - }
|
| -
|
| - return FALSE;
|
| -}
|
| -
|
| -BOOL WINAPI WebPluginDelegateImpl::VirtualFreePatch(LPVOID address,
|
| - SIZE_T size,
|
| - DWORD free_type) {
|
| - MEMORY_BASIC_INFORMATION mem_info;
|
| - if (::VirtualQuery(address, &mem_info, sizeof(mem_info))) {
|
| - size_t exec_size = 0;
|
| - void* base_address = mem_info.AllocationBase;
|
| - do {
|
| - if (mem_info.Protect == kExecPageMask)
|
| - exec_size += mem_info.RegionSize;
|
| - BYTE* next = reinterpret_cast<BYTE*>(mem_info.BaseAddress) +
|
| - mem_info.RegionSize;
|
| - if (!::VirtualQuery(next, &mem_info, sizeof(mem_info)))
|
| - break;
|
| - } while (base_address == mem_info.AllocationBase);
|
| -
|
| - if (exec_size)
|
| - UpdateExecMemSize(-(static_cast<intptr_t>(exec_size)));
|
| - }
|
| -
|
| - return g_iat_orig_virtual_free(address, size, free_type);
|
| -}
|
| -
|
| WebPluginDelegateImpl::WebPluginDelegateImpl(
|
| gfx::PluginWindowHandle containing_view,
|
| PluginInstance* instance)
|
| @@ -404,7 +288,6 @@
|
| last_message_(0),
|
| is_calling_wndproc(false),
|
| dummy_window_for_activation_(NULL),
|
| - parent_proxy_window_(NULL),
|
| handle_event_message_filter_hook_(NULL),
|
| handle_event_pump_messages_event_(NULL),
|
| user_gesture_message_posted_(false),
|
| @@ -431,12 +314,6 @@
|
| quirks_ |= PLUGIN_QUIRK_PATCH_SETCURSOR;
|
| quirks_ |= PLUGIN_QUIRK_ALWAYS_NOTIFY_SUCCESS;
|
| quirks_ |= PLUGIN_QUIRK_HANDLE_MOUSE_CAPTURE;
|
| - if (filename == kBuiltinFlashPlugin &&
|
| - base::win::GetVersion() >= base::win::VERSION_VISTA) {
|
| - quirks_ |= PLUGIN_QUIRK_REPARENT_IN_BROWSER |
|
| - PLUGIN_QUIRK_PATCH_GETKEYSTATE |
|
| - PLUGIN_QUIRK_PATCH_VM_API;
|
| - }
|
| quirks_ |= PLUGIN_QUIRK_EMULATE_IME;
|
| } else if (filename == kAcrobatReaderPlugin) {
|
| // Check for the version number above or equal 9.
|
| @@ -493,13 +370,8 @@
|
| }
|
|
|
| WebPluginDelegateImpl::~WebPluginDelegateImpl() {
|
| - if (::IsWindow(dummy_window_for_activation_)) {
|
| - // Sandboxed Flash stacks two dummy windows to prevent UIPI failures
|
| - if (::IsWindow(parent_proxy_window_))
|
| - ::DestroyWindow(parent_proxy_window_);
|
| - else
|
| - ::DestroyWindow(dummy_window_for_activation_);
|
| - }
|
| + if (::IsWindow(dummy_window_for_activation_))
|
| + ::DestroyWindow(dummy_window_for_activation_);
|
|
|
| DestroyInstance();
|
|
|
| @@ -589,37 +461,6 @@
|
| GetProcAddressPatch);
|
| }
|
|
|
| - // Under UIPI the key state does not get forwarded properly to the child
|
| - // plugin window. So, instead we track the key state manually and intercept
|
| - // GetKeyState.
|
| - if ((quirks_ & PLUGIN_QUIRK_PATCH_GETKEYSTATE) &&
|
| - !g_iat_patch_get_key_state.Pointer()->is_patched()) {
|
| - g_iat_orig_get_key_state = ::GetKeyState;
|
| - g_iat_patch_get_key_state.Pointer()->Patch(
|
| - L"gcswf32.dll", "user32.dll", "GetKeyState",
|
| - WebPluginDelegateImpl::GetKeyStatePatch);
|
| - }
|
| -
|
| - // Hook the VM calls so we can track the amount of executable memory being
|
| - // allocated by Flash (and potentially other plugins).
|
| - if (quirks_ & PLUGIN_QUIRK_PATCH_VM_API) {
|
| - if (!g_exec_mem_lock.get())
|
| - g_exec_mem_lock.reset(new base::Lock());
|
| -
|
| - if (!g_iat_patch_virtual_protect.Pointer()->is_patched()) {
|
| - g_iat_orig_virtual_protect = ::VirtualProtect;
|
| - g_iat_patch_virtual_protect.Pointer()->Patch(
|
| - L"gcswf32.dll", "kernel32.dll", "VirtualProtect",
|
| - WebPluginDelegateImpl::VirtualProtectPatch);
|
| - }
|
| - if (!g_iat_patch_virtual_free.Pointer()->is_patched()) {
|
| - g_iat_orig_virtual_free = ::VirtualFree;
|
| - g_iat_patch_virtual_free.Pointer()->Patch(
|
| - L"gcswf32.dll", "kernel32.dll", "VirtualFree",
|
| - WebPluginDelegateImpl::VirtualFreePatch);
|
| - }
|
| - }
|
| -
|
| return true;
|
| }
|
|
|
| @@ -631,12 +472,6 @@
|
| if (instance_->plugin_lib()->instance_count() != 1)
|
| return;
|
|
|
| - // Pass back the stats for max executable memory.
|
| - if (quirks_ & PLUGIN_QUIRK_PATCH_VM_API) {
|
| - plugin_->ReportExecutableMemory(g_max_exec_mem_size);
|
| - g_max_exec_mem_size = 0;
|
| - }
|
| -
|
| if (g_iat_patch_set_cursor.Pointer()->is_patched())
|
| g_iat_patch_set_cursor.Pointer()->Unpatch();
|
|
|
| @@ -666,9 +501,6 @@
|
|
|
| RegisterNativeWindowClass();
|
|
|
| - // UIPI requires reparenting in the (medium-integrity) browser process.
|
| - bool reparent_in_browser = (quirks_ & PLUGIN_QUIRK_REPARENT_IN_BROWSER) != 0;
|
| -
|
| // The window will be sized and shown later.
|
| windowed_handle_ = CreateWindowEx(
|
| WS_EX_LEFT | WS_EX_LTRREADING | WS_EX_RIGHTSCROLLBAR,
|
| @@ -679,16 +511,14 @@
|
| 0,
|
| 0,
|
| 0,
|
| - reparent_in_browser ? NULL : parent_,
|
| + parent_,
|
| 0,
|
| GetModuleHandle(NULL),
|
| 0);
|
| if (windowed_handle_ == 0)
|
| return false;
|
|
|
| - if (reparent_in_browser) {
|
| - plugin_->ReparentPluginWindow(windowed_handle_, parent_);
|
| - } else if (IsWindow(parent_)) {
|
| + if (IsWindow(parent_)) {
|
| // This is a tricky workaround for Issue 2673 in chromium "Flash: IME not
|
| // available". To use IMEs in this window, we have to make Windows attach
|
| // IMEs to this window (i.e. load IME DLLs, attach them to this process,
|
| @@ -910,29 +740,6 @@
|
| bool WebPluginDelegateImpl::CreateDummyWindowForActivation() {
|
| DCHECK(!dummy_window_for_activation_);
|
|
|
| - // Built-in Flash runs with UIPI, but in windowless mode Flash sometimes
|
| - // tries to attach windows to the parent (which fails under UIPI). To make
|
| - // it work we add an extra dummy parent in the low-integrity process.
|
| - if (quirks_ & PLUGIN_QUIRK_REPARENT_IN_BROWSER) {
|
| - parent_proxy_window_ = CreateWindowEx(
|
| - 0,
|
| - L"Static",
|
| - kDummyActivationWindowName,
|
| - WS_POPUP,
|
| - 0,
|
| - 0,
|
| - 0,
|
| - 0,
|
| - 0,
|
| - 0,
|
| - GetModuleHandle(NULL),
|
| - 0);
|
| -
|
| - if (parent_proxy_window_ == 0)
|
| - return false;
|
| - plugin_->ReparentPluginWindow(parent_proxy_window_, parent_);
|
| - }
|
| -
|
| dummy_window_for_activation_ = CreateWindowEx(
|
| 0,
|
| L"Static",
|
| @@ -942,7 +749,7 @@
|
| 0,
|
| 0,
|
| 0,
|
| - parent_proxy_window_ ? parent_proxy_window_ : parent_,
|
| + parent_,
|
| 0,
|
| GetModuleHandle(NULL),
|
| 0);
|
| @@ -1133,31 +940,6 @@
|
| return FALSE;
|
| }
|
|
|
| - // Track the keystate to work around a UIPI issue.
|
| - if (delegate->GetQuirks() & PLUGIN_QUIRK_PATCH_GETKEYSTATE) {
|
| - switch (message) {
|
| - case WM_KEYDOWN:
|
| - SetSavedKeyState(wparam);
|
| - break;
|
| -
|
| - case WM_KEYUP:
|
| - UnsetSavedKeyState(wparam);
|
| - break;
|
| -
|
| - // Clear out the saved keystate whenever the Flash thread loses focus.
|
| - case WM_KILLFOCUS:
|
| - case WM_SETFOCUS:
|
| - if (::GetCurrentThreadId() != ::GetWindowThreadProcessId(
|
| - reinterpret_cast<HWND>(wparam), NULL)) {
|
| - ClearSavedKeyState();
|
| - }
|
| - break;
|
| -
|
| - default:
|
| - break;
|
| - }
|
| - }
|
| -
|
| LRESULT result;
|
| uint32 old_message = delegate->last_message_;
|
| delegate->last_message_ = message;
|
| @@ -1324,9 +1106,6 @@
|
| focus_event.wParam = 0;
|
| focus_event.lParam = 0;
|
|
|
| - if (GetQuirks() & PLUGIN_QUIRK_PATCH_GETKEYSTATE)
|
| - ClearSavedKeyState();
|
| -
|
| instance()->NPP_HandleEvent(&focus_event);
|
| return true;
|
| }
|
| @@ -1446,13 +1225,6 @@
|
| return false;
|
| }
|
|
|
| - if (GetQuirks() & PLUGIN_QUIRK_PATCH_GETKEYSTATE) {
|
| - if (np_event.event == WM_KEYDOWN)
|
| - SetSavedKeyState(np_event.wParam);
|
| - else if (np_event.event == WM_KEYUP)
|
| - UnsetSavedKeyState(np_event.wParam);
|
| - }
|
| -
|
| // Allow this plug-in to access this IME emulator through IMM32 API while the
|
| // plug-in is processing this event.
|
| if (GetQuirks() & PLUGIN_QUIRK_EMULATE_IME) {
|
|
|
Chromium Code Reviews
Issue 11049004:
Remove Legacy NPAPI Flash Sandbox support (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/