Track NPObject ownership by the originating plugins' NPP identifier. [2/3] (Chrome)

webkit/glue/cpp_bound_class.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file contains definitions for CppBoundClass
 
 // Here's the control flow of a JS method getting forwarded to a class.
 // - Something calls our NPObject with a function like "Invoke".
 // - CppNPObject's static invoke() function forwards it to its attached
 //   CppBoundClass's Invoke() method.
@@ skipping 159 matching lines @@
   return obj->bound_class->GetProperty(ident, result);
 }
 
 /* static */ bool CppNPObject::setProperty(NPObject* np_obj,
                                            NPIdentifier ident,
                                            const NPVariant* value) {
   CppNPObject* obj = reinterpret_cast<CppNPObject*>(np_obj);
   return obj->bound_class->SetProperty(ident, value);
 }
 
-CppBoundClass::CppBoundClass()
-    : bound_to_frame_(false) {
+CppBoundClass::CppBoundClass() : bound_to_frame_(false), npp_(new NPP_t) {
+  WebBindings::registerObjectOwner(npp_.get());
 }
 
 CppBoundClass::~CppBoundClass() {
   STLDeleteValues(&properties_);
 
-  // Unregister ourselves if we were bound to a frame.
+  // TODO(wez): Remove once crrev.com/14019005 lands.
   if (bound_to_frame_)
     WebBindings::unregisterObject(NPVARIANT_TO_OBJECT(self_variant_));
+
+  WebBindings::unregisterObjectOwner(npp_.get());
 }
 
 bool CppBoundClass::HasMethod(NPIdentifier ident) const {
   return (methods_.find(ident) != methods_.end());
 }
 
 bool CppBoundClass::HasProperty(NPIdentifier ident) const {
   return (properties_.find(ident) != properties_.end());
 }
 
@@ skipping 93 matching lines @@
 }
 
 bool CppBoundClass::IsMethodRegistered(const std::string& name) const {
   NPIdentifier ident = WebBindings::getStringIdentifier(name.c_str());
   MethodList::const_iterator callback = methods_.find(ident);
   return (callback != methods_.end());
 }
 
 CppVariant* CppBoundClass::GetAsCppVariant() {
   if (!self_variant_.isObject()) {
-    // Create an NPObject using our static NPClass.  The first argument (a
-    // plugin's instance handle) is passed through to the allocate function
-    // directly, and we don't use it, so it's ok to be 0.
-    NPObject* np_obj = WebBindings::createObject(0, &CppNPObject::np_class_);
+    // Create an NPObject using our static NPClass.  The first argument has type
+    // NPP, but is only used to track object ownership, so passing this is fine.
+    NPObject* np_obj = WebBindings::createObject(
+        npp_.get(), &CppNPObject::np_class_);
     CppNPObject* obj = reinterpret_cast<CppNPObject*>(np_obj);
     obj->bound_class = this;
     self_variant_.Set(np_obj);
     WebBindings::releaseObject(np_obj);  // CppVariant takes the reference.
   }
   DCHECK(self_variant_.isObject());
   return &self_variant_;
 }
 
 void CppBoundClass::BindToJavascript(WebFrame* frame,
                                      const std::string& classname) {
   // BindToWindowObject will take its own reference to the NPObject, and clean
-  // up after itself.  It will also (indirectly) register the object with V8,
-  // so we must remember this so we can unregister it when we're destroyed.
+  // up after itself. It will also (indirectly) register the object with V8,
+  // against an owner pointer we supply, so we must register that as an owner,
+  // and unregister when we teardown.
   frame->bindToWindowObject(ASCIIToUTF16(classname),
                             NPVARIANT_TO_OBJECT(*GetAsCppVariant()));
   bound_to_frame_ = true;
 }
 
 }  // namespace webkit_glue