[Webkit-unassigned] [Bug 16815] New: Crash with navigator.plugins and navigator.mimeTypes after plugins.refresh

Thu Jan 10 07:08:21 PST 2008

http://bugs.webkit.org/show_bug.cgi?id=16815

           Summary: Crash with navigator.plugins and navigator.mimeTypes
                    after plugins.refresh
           Product: WebKit
           Version: 525+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Plug-ins
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: hausmann at kde.org

The implementation of navigator.plugins and navigator.mimeTypes in
kjs_navigator.cpp uses pointers to the Mime and Plugin objects retrieved from
the PluginInfoStore. navigator.plugins.refresh() deletes those objects but
there may still be Plugin and MimeType objects around with stale pointers. The
attached testcase reproduces the crash.

We ran into this while trying to make plugins work better for the Qt platform
and the second attachment to this report includes a proposed patch. The patch
only demonstrates the concept, it is incomplete with regards to the
implementation of PluginStoreQt and the implementations on the other platforms.
If the concept finds approval we will try to implement the proposed API changes
for the other platforms.

We propose to change PluginInfoStore to return values and store those values in
the JavaScript binding objects. In addition we're adding a Frame pointer
parameter that allows binding the PluginInfoStore to the context of a Frame or
in the case of the Qt port to an entire QWebPage instance.

-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.