| commit | 833ee7ced817effed9202b9cfddf85b067cf0edf | |
| author | fsamuel <fsamuel@chromium.org> | |
| Fri, 13 Feb 2015 23:40:40 +0000 (13 15:40 -0800) | ||
| committer | Commit bot <commit-bot@chromium.org> | |
| Fri, 13 Feb 2015 23:41:31 +0000 (13 23:41 +0000) | ||
| tree | 911ff97253afa71dc8148b33db1c9b980cd06d62 | treesnapshot (tar.gz zip) |
| parent | 7e094504b6010caa1e17ccd526738c374366f81f | commitdiff |
GuestViewManager mapped <owner WebContents, element instance ID> => guest instance ID on attachment. This routed IPCs from a given BrowserPlugin to the appropriate guest.
Element instance IDs are unique per process. This mapping is fine in Chrome Apps where the embedder doesn't navigate but not for when the embedder is capable of cross-process navigation. In that case, element instance IDs of two BrowserPlugins in two different embedder processes of the same WebContents have the same key, and would thus route to the same guest.
This is an issue because the lifetime of the exiting document overlaps with the lifetime of the entering document. Thus, racy behavior can occur. In particular, when navigating from one PDF to another, IPCs for tear down destined for the exiting BrowserPlugin can occasionally get routed to the entering BrowserPlugin. In bug 436339's case, the first step of tear down is to hide the guest content. That IPC ends up going to the entering guest, and so the new PDF is not displayed on screen.
This CL fixes the issue by using <embedder process id, element instance ID> as the key to map to a guest instead of the embedder WebContents as the first component.
BUG=436339
Review URL: https://codereview.chromium.org/921473006
Cr-Commit-Position: refs/heads/master@{#316328}
Element instance IDs are unique per process. This mapping is fine in Chrome Apps where the embedder doesn't navigate but not for when the embedder is capable of cross-process navigation. In that case, element instance IDs of two BrowserPlugins in two different embedder processes of the same WebContents have the same key, and would thus route to the same guest.
This is an issue because the lifetime of the exiting document overlaps with the lifetime of the entering document. Thus, racy behavior can occur. In particular, when navigating from one PDF to another, IPCs for tear down destined for the exiting BrowserPlugin can occasionally get routed to the entering BrowserPlugin. In bug 436339's case, the first step of tear down is to hide the guest content. That IPC ends up going to the entering guest, and so the new PDF is not displayed on screen.
This CL fixes the issue by using <embedder process id, element instance ID> as the key to map to a guest instead of the embedder WebContents as the first component.
BUG=436339
Review URL: https://codereview.chromium.org/921473006
Cr-Commit-Position: refs/heads/master@{#316328}
20 files changed: