Track NPObject ownership by the originating plugins' NPP identifier. [4/6] (Chrome)

content/renderer/webplugin_delegate_proxy.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/webplugin_delegate_proxy.h"
 
 #if defined(TOOLKIT_GTK)
 #include <gtk/gtk.h>
 #elif defined(USE_X11)
 #include <cairo/cairo.h>
@@ skipping 240 matching lines @@
     render_view_->UnregisterPluginDelegate(this);
 
   if (channel_host_.get()) {
     Send(new PluginMsg_DestroyInstance(instance_id_));
 
     // Must remove the route after sending the destroy message, since
     // RemoveRoute can lead to all the outstanding NPObjects being told the
     // channel went away if this was the last instance.
     channel_host_->RemoveRoute(instance_id_);
 
+    // Remove the mapping between our instance-Id and NPP identifiers, used by
+    // the channel to track object ownership, before releasing it.
+    channel_host_->RemoveMappingForNPObjectOwner(instance_id_);
+
     // Release the channel host now. If we are is the last reference to the
     // channel, this avoids a race where this renderer asks a new connection to
     // the same plugin between now and the time 'this' is actually deleted.
     // Destroying the channel host is what releases the channel name -> FD
     // association on POSIX, and if we ask for a new connection before it is
     // released, the plugin will give us a new FD, and we'll assert when trying
     // to associate it with the channel name.
     channel_host_ = NULL;
   }
 
   if (window_script_object_.get()) {
     // Release the window script object, if the plugin didn't already.
     // If we don't do this then it will linger until the last plugin instance is
     // destroyed.  In the meantime, though, the frame that it refers to may have
     // been destroyed by WebKit, at which point WebKit will forcibly deallocate
     // the window script object.  The window script object stub is unique to the
     // plugin instance, so this won't affect other instances.
+    // TODO(wez): Remove this hack.
     window_script_object_->DeleteSoon();
   }
 
   plugin_ = NULL;
 
   base::MessageLoop::current()->DeleteSoon(FROM_HERE, this);
 }
 
 bool WebPluginDelegateProxy::Initialize(
     const GURL& url,
@@ skipping 68 matching lines @@
 
   // Failed too often, give up.
   if (!result)
     return false;
 
   channel_host_ = channel_host;
   instance_id_ = instance_id;
 
   channel_host_->AddRoute(instance_id_, this, NULL);
 
+  // Inform the channel of the mapping between our instance-Id and dummy NPP
+  // identifier, for use in object ownership tracking.
+  channel_host_->AddMappingForNPObjectOwner(instance_id_, GetPluginNPP());
+
   // Now tell the PluginInstance in the plugin process to initialize.
   PluginMsg_Init_Params params;
   params.url = url;
   params.page_url = page_url_;
   params.arg_names = arg_names;
   params.arg_values = arg_values;
   params.host_render_view_routing_id = render_view_->routing_id();
   params.load_manually = load_manually;
 
   plugin_ = plugin;
@@ skipping 356 matching lines @@
 NPObject* WebPluginDelegateProxy::GetPluginScriptableObject() {
   if (npobject_)
     return WebBindings::retainObject(npobject_);
 
   int route_id = MSG_ROUTING_NONE;
   Send(new PluginMsg_GetPluginScriptableObject(instance_id_, &route_id));
   if (route_id == MSG_ROUTING_NONE)
     return NULL;
 
   npobject_ = NPObjectProxy::Create(
-      channel_host_.get(), route_id, 0, page_url_);
+      channel_host_.get(), route_id, 0, page_url_, GetPluginNPP());
 
   return WebBindings::retainObject(npobject_);
 }
 
 NPP WebPluginDelegateProxy::GetPluginNPP() {
   // Return a dummy NPP for WebKit to use to identify this plugin.
   return npp_.get();
 }
 
 bool WebPluginDelegateProxy::GetFormValue(string16* value) {
@@ skipping 451 matching lines @@
 
 void WebPluginDelegateProxy::OnURLRedirectResponse(bool allow,
                                                    int resource_id) {
   if (!plugin_)
     return;
 
   plugin_->URLRedirectResponse(allow, resource_id);
 }
 
 }  // namespace content