[webkit-dev] NPN_InvokeDefault failure
tmalsbar at codeaurora.org
tmalsbar at codeaurora.org
Thu Apr 26 10:47:43 PDT 2012
Hello,
Calling NPN_InvokeDefault from a plugin fails sometimes using the latest
built for gtk (using JavaScriptCore). The failure occurs because the
if (!rootObject || !rootObject->isValid())
check fails in NP_jsobject.cpp at _NPN_InvokeDefault.
The repro steps run some unit tests for the plugin being developed, which
behaves roughly as follows for each test:
1. create <object>
2. run test code
3. remove <object>
The test code passes in a JS function to the plugin that is later called
via NPN_InvokeDefault.
Digging through the code a bit shows me that a new rootObject is created
for each instance of the plugin. When the JS function value is converted
to an NPVariant before calling the plugin it calls findRootObject to
assign a rootObject. At that point there are multiple rootObjects in the
root object set:
globalObject=0x7fa1438bc150
rootObject=0x24d35f0 rootObject->globalObject=0x7fa1438bc150
rootObject=0x23e4b50 rootObject->globalObject=0x7fa1438bc150
rootObject=0x250d890 rootObject->globalObject=0x7fa1438bc150
rootObject=0x2576d30 rootObject->globalObject=0x7fa1438bc150
rootObject=0x2593830 rootObject->globalObject=0x7fa1438bc150
findRootObject picks the first one, which does not belong to the instance
of the plugin that is being called. The problem is that the first
rootObject is invalidated before the plugin calls NPN_InvokeDefault.
I'm unsure what the proper fix should be.
Thanks in advance for any help,
-Todd
More information about the webkit-dev
mailing list