diff options
Diffstat (limited to 'WebKit')
| -rw-r--r-- | WebKit/android/plugins/PluginTimer.cpp | 19 | ||||
| -rw-r--r-- | WebKit/android/plugins/PluginTimer.h | 3 |
2 files changed, 17 insertions, 5 deletions
diff --git a/WebKit/android/plugins/PluginTimer.cpp b/WebKit/android/plugins/PluginTimer.cpp index cdcde9c..a813d25 100644 --- a/WebKit/android/plugins/PluginTimer.cpp +++ b/WebKit/android/plugins/PluginTimer.cpp @@ -36,7 +36,8 @@ namespace WebCore { : m_list(list), m_instance(instance), m_timerFunc(timerFunc), - m_repeat(repeat) + m_repeat(repeat), + m_unscheduled(false) { m_timerID = ++gTimerID; @@ -62,10 +63,11 @@ namespace WebCore { void PluginTimer::fired() { - m_timerFunc(m_instance, m_timerID); - if (!m_repeat) { + if (!m_unscheduled) + m_timerFunc(m_instance, m_timerID); + + if (!m_repeat || m_unscheduled) delete this; - } } // may return null if timerID is not found @@ -106,7 +108,14 @@ namespace WebCore { void PluginTimerList::unschedule(NPP instance, uint32 timerID) { - delete PluginTimer::Find(m_list, timerID); + // Although it looks like simply deleting the timer would work here + // (stop() will be executed by the dtor), we cannot do this, as + // the plugin can call us while we are in the fired() method, + // (when we execute the timerFunc callback). Deleting the object + // we are in would then be a rather bad move... + PluginTimer* timer = PluginTimer::Find(m_list, timerID); + if (timer) + timer->unschedule(); } } // namespace WebCore diff --git a/WebKit/android/plugins/PluginTimer.h b/WebKit/android/plugins/PluginTimer.h index 3fbe728..2ffe437 100644 --- a/WebKit/android/plugins/PluginTimer.h +++ b/WebKit/android/plugins/PluginTimer.h @@ -42,6 +42,8 @@ namespace WebCore { uint32 timerID() const { return m_timerID; } + void unschedule() { m_unscheduled = true; } + static PluginTimer* Find(PluginTimer* list, uint32 timerID); private: @@ -58,6 +60,7 @@ namespace WebCore { void (*m_timerFunc)(NPP, uint32); uint32 m_timerID; bool m_repeat; + bool m_unscheduled; }; class PluginTimerList { |