Fix bug 402937 -- don't allow recursion into Instantiate(). r=biesi, sr=jst, a=dsicore.

2024-09-13 09:24:08 -07:00 · 2007-12-03 14:09:00 -08:00 · 2007-12-03 14:09:00 -08:00 · 41fb8f72d7
commit 41fb8f72d7
parent f1f789125b
2 changed files with 14 additions and 9 deletions
--- a/layout/generic/nsObjectFrame.cpp
+++ b/layout/generic/nsObjectFrame.cpp
@ -513,9 +513,7 @@ nsObjectFrame::Init(nsIContent*      aContent,
                    nsIFrame*        aParent,
                    nsIFrame*        aPrevInFlow)
 {
-#ifdef DEBUG
  mInstantiating = PR_FALSE;
-#endif

  return nsObjectFrameSuper::Init(aContent, aParent, aPrevInFlow);
 }
@ -771,9 +769,8 @@ nsObjectFrame::InstantiatePlugin(nsIPluginHost* aPluginHost,
    appShell->SuspendNative();
  }

-#ifdef DEBUG
+  NS_PRECONDITION(!mInstantiating, "How did that happen?");
  mInstantiating = PR_TRUE;
-#endif

  NS_ASSERTION(mContent, "We should have a content node.");

@ -792,9 +789,7 @@ nsObjectFrame::InstantiatePlugin(nsIPluginHost* aPluginHost,
    rv = aPluginHost->InstantiateEmbeddedPlugin(aMimeType, aURI,
                                                mInstanceOwner);
  }
-#ifdef DEBUG
  mInstantiating = PR_FALSE;
-#endif

  if (appShell) {
    appShell->ResumeNative();
@ -1410,6 +1405,10 @@ nsObjectFrame::PrepareInstanceOwner()
 nsresult
 nsObjectFrame::Instantiate(nsIChannel* aChannel, nsIStreamListener** aStreamListener)
 {
+  if (mInstantiating) {
+    return NS_OK;
+  }
+  
  nsresult rv = PrepareInstanceOwner();
  NS_ENSURE_SUCCESS(rv, rv);

@ -1421,7 +1420,10 @@ nsObjectFrame::Instantiate(nsIChannel* aChannel, nsIStreamListener** aStreamList
  // This must be done before instantiating the plugin
  FixupWindow(mRect.Size());

+  NS_ASSERTION(!mInstantiating, "Say what?");
+  mInstantiating = PR_TRUE;
  rv = pluginHost->InstantiatePluginForChannel(aChannel, mInstanceOwner, aStreamListener);
+  mInstantiating = PR_FALSE;

  return rv;
 }
@ -1429,6 +1431,10 @@ nsObjectFrame::Instantiate(nsIChannel* aChannel, nsIStreamListener** aStreamList
 nsresult
 nsObjectFrame::Instantiate(const char* aMimeType, nsIURI* aURI)
 {
+  if (mInstantiating) {
+    return NS_OK;
+  }
+  
  NS_ASSERTION(aMimeType || aURI, "Need a type or a URI!");
  nsresult rv = PrepareInstanceOwner();
  NS_ENSURE_SUCCESS(rv, rv);
--- a/layout/generic/nsObjectFrame.h
+++ b/layout/generic/nsObjectFrame.h
@ -193,11 +193,10 @@ private:
  nsPluginInstanceOwner *mInstanceOwner;
  nsRect                mWindowlessRect;

-#ifdef DEBUG
  // For assertions that make it easier to determine if a crash is due
-  // to the underlying problem described in bug 136927.
+  // to the underlying problem described in bug 136927, and to prevent
+  // reentry into instantiation.
  PRBool mInstantiating;
-#endif
 };