[webkit-help] NPAPI plugin crashes while calling npnfuncs->invoke in GtkLauncher

[Vanya Yani]

Seems like gmail doesn't auto-cc mailing lists when replying. Sad :(

>  char* message = (char *)"Hello from wcfplugin......";
>  // Get window object.
>  err = npnfuncs->getvalue(npp_, NPNVWindowNPObject, &window);
>  printf("getvalue:err:%d\n",err);

So far, so good. But the error check is missing.

>  // Get console object.
>  id = npnfuncs->getstringidentifier("content");
>  err = npnfuncs->getproperty(npp_, window, id, &consoleVar);
>  printf("getproperty:err:%d\n",err);

I see that your intention is to get "window.console", but you actually
get "window.content". I think, now your err is NPERR_GENERIC_ERROR and
your consoleVar has some random (or 0) value. I'm surprised, why you
need a printf here if you didn't even checked its output.

And since there is no error check (again!), you can't do the next:

>  NPObject* console = NPVARIANT_TO_OBJECT(consoleVar);

Now you have a pointer to some random location (or just a null pointer).

>  id = npnfuncs->getstringidentifier("func");

Does console object really has "func" function? You might want to call
console.log("some message").

>  err = npnfuncs->invoke(npp_, console, id, args_temp,
>             sizeof(args_temp) / sizeof(args_temp[0]),
>             &voidResponse);

No surprise that this will crash a browser. Don't know how it doesn't
crash in Firefox. Maybe you're lucky :)


Crash happens here:

../../Source/WebCore/bridge/NP_jsobject.cpp:211
211         if (o->_class == NPScriptObjectClass) {

So it might be a webkit fault that it doesn't check if your pointer is
null, but you shouldn't pass it in the first place.

When I change "content" to "console" and "func" to "log", I see a nice
console message:

** Message: console message:  @0: Hello from wcfplugin......

Error checking is important. Be more attentive next time.