[webkit-dev] Query regarding handling of NPObjects in webkit

[Chandan Apsangi]

Hi,

I'm working on an issue related to NPAPI plugin on QT port of webkit on
Symbian platform.

Basically our plug-in handles Async requests from JavaScript and does some
processing and returns the response in the JavaScript callback
asynchronously.

In the JS callback, we are passing an NPObject instance and to do this we
are using NPN_InvokeDefault(). This NPObject has been created in my plug-in
with NPClass *_class in the NPObject, pointing to a static global instance
of NPClass filled with my function pointers(for allocate, deallocate,etc) .

Once NPN_InvokeDefault() is called, webkit is calling NPN_RetainObject() on
this NPObject (while creating CInstance) increasing the ref count.

Now in the JavaScript callback , I'm calling window.location.reload() which
will unload all the NP Plugins. In this process all the global static data
allocated by the plugin is invalidated (Hence our NPClass * is also invalid
after this) and in the destruction sequence I'm calling NPN_ReleaseObject on
the NPObject I had allocated and passed to webkit. But webkit still has
reference to this NPObject even after unloading the plug-in. And later when
the JavaScript Garbage collection is triggered, it is trying to call
NPN_ReleaseObject() on my NPObject resulting in a crash.
Is there anything wrong with my understanding of NPAPI memory management? If
not, then would it be right for the webkit to trigger the Garbage collection
forcefully before unloading the plug-in to prevent this crash?.
Regards,
Chandan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20110303/f5d671be/attachment.html>