Closed Bug 542915 Opened 10 years ago Closed 10 years ago

Protect DelayedReleaseGCCallback from reentering and double-freeing NPObjects

Categories

(Core :: Plug-ins, defect)

x86
Windows 7
defect
Not set

Tracking

()

RESOLVED FIXED
Tracking Status
status1.9.2 --- .4-fixed

People

(Reporter: bent.mozilla, Unassigned)

References

Details

(Whiteboard: [fixed-lorentz])

Attachments

(1 file)

Attached patch Patch, v1Splinter Review
DelayedReleaseGCCallback can be reentered with out of process mode easily but probably with in process mode as well. We need to guard against it.
Attachment #424150 - Flags: review?(jst)
Attachment #424150 - Flags: review?(joshmoz)
Attachment #424150 - Flags: review?(joshmoz) → review+
Attachment #424150 - Flags: review?(jst) → review+
Ben, I was going to push this, but it appears that part of your WM_COPYDATA patch snuck in.  I don't know if it's necessary or not, so I'll wait for your call.
Oops. The message loop changes are totally unrelated. The only changes needed here are to nsJSNPRuntime.cpp.
Blanket approval for Lorentz merge to mozilla-1.9.2
a=beltzner for 1.9.2.4 - please make sure to mark status1.9.2:.4-fixed
You need to log in before you can comment on or make changes to this bug.