[webkit-help] NPAPI plugin crashes while calling npnfuncs->invoke in GtkLauncher

souvik.datta at wipro.com souvik.datta at wipro.com
Fri Mar 16 00:08:57 PDT 2012

Hello Vanya, 

I absolutely agree with you that we should check for NULL in very function call. But the issue seems to be some where else.
We actually wanted window.content and not window.console. There is a Java script function named "func()" which is present in the html page (i.e, in window.content)
Therefore, Firefox behavior is correct. It is calling the "func" of "window.content".

In GtkLauncher, when I change  "func()" to "log()" and "content" to "console", it is working fine. But moment, I change the "console" to "content" and "log" to "func"
it throws segmentation fault. I have found that in case of "content", NPObject* console is found to be NULL. Here is the code snippet:

id = npnfuncs->getstringidentifier("content");  
npnfuncs->getproperty(npp_, window, id, &consoleVar);
console = NPVARIANT_TO_OBJECT(consoleVar);

The segmentation fault is happening because I am passing NPObject pointer i.,e console (which is NULL in  this case) to:
  err = npnfuncs->invoke(npp_, console, id, args_temp,
             sizeof(args_temp) / sizeof(args_temp[0]),

Can you please tell me what could be the reason which is causing Webkit to not recognize "window.content"?


From: vanuan at gmail.com [vanuan at gmail.com] on behalf of Vanya Yani [iyani at luxoft.com]
Sent: Friday, March 16, 2012 3:27 AM
To: Souvik Datta (WT01 - PES-Auto-Practice)
Cc: webkit-help at lists.webkit.org
Subject: Re: [webkit-help] NPAPI plugin crashes while calling npnfuncs->invoke in GtkLauncher

Seems like gmail doesn't auto-cc mailing lists when replying. Sad :(

>  char* message = (char *)"Hello from wcfplugin......";
>  // Get window object.
>  err = npnfuncs->getvalue(npp_, NPNVWindowNPObject, &window);
>  printf("getvalue:err:%d\n",err);

So far, so good. But the error check is missing.

>  // Get console object.
>  id = npnfuncs->getstringidentifier("content");
>  err = npnfuncs->getproperty(npp_, window, id, &consoleVar);
>  printf("getproperty:err:%d\n",err);

I see that your intention is to get "window.console", but you actually
get "window.content". I think, now your err is NPERR_GENERIC_ERROR and
your consoleVar has some random (or 0) value. I'm surprised, why you
need a printf here if you didn't even checked its output.

And since there is no error check (again!), you can't do the next:

>  NPObject* console = NPVARIANT_TO_OBJECT(consoleVar);

Now you have a pointer to some random location (or just a null pointer).

>  id = npnfuncs->getstringidentifier("func");

Does console object really has "func" function? You might want to call
console.log("some message").

>  err = npnfuncs->invoke(npp_, console, id, args_temp,
>             sizeof(args_temp) / sizeof(args_temp[0]),
>             &voidResponse);

No surprise that this will crash a browser. Don't know how it doesn't
crash in Firefox. Maybe you're lucky :)

Crash happens here:

211         if (o->_class == NPScriptObjectClass) {

So it might be a webkit fault that it doesn't check if your pointer is
null, but you shouldn't pass it in the first place.

When I change "content" to "console" and "func" to "log", I see a nice
console message:

** Message: console message:  @0: Hello from wcfplugin......

Error checking is important. Be more attentive next time.

Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. 


More information about the webkit-help mailing list