[webkit-reviews] review denied: [Bug 13203] REGRESSION: Repro crash in -[WebBaseNetscapePluginView(WebNPPCallbacks) destroyStream:reason:] navigating away from page with DivX movie plug-in : [Attachment 13839] patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Mar 27 21:51:26 PDT 2007


Darin Adler <darin at apple.com> has denied 's request for review:
Bug 13203: REGRESSION: Repro crash in
-[WebBaseNetscapePluginView(WebNPPCallbacks) destroyStream:reason:] navigating
away from page with DivX movie plug-in
http://bugs.webkit.org/show_bug.cgi?id=13203

Attachment 13839: patch
http://bugs.webkit.org/attachment.cgi?id=13839&action=edit

------- Additional Comments from Darin Adler <darin at apple.com>
This fix is incorrect. There's no guarantee that we won't create a new stream
with the same pointer value as an old stream. While this change greatly
decreases the chance of the bug happening, it would be better to find a fix
that fixes the problem completely.

To do a correct fix, we need to understand more about exactly what the DivX
plug-in is doing. Does it destroy the same stream twice? Does it destroy a
stream after we destroy it?

A correct fix for this will presumably involve keeping the NPStream objects
around for a longer time.

+	     char* filename = reinterpret_cast<char*>(malloc(bufSize));

These kinds of casts are done with static_cast, not reinterpret_cast. The
malloc function returns a void* and you can and should cast from one of those
without using reinterpret_cast.



More information about the webkit-reviews mailing list