[Webkit-unassigned] [Bug 58282] New: Core Animation plugin layers are incorrectly released

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 11 15:55:09 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=58282

           Summary: Core Animation plugin layers are incorrectly released
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh
        OS/Version: Mac OS X 10.6
            Status: NEW
          Severity: Major
          Priority: P2
         Component: Plug-ins
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: stuartmorgan at chromium.org
                CC: simon.fraser at apple.com


WebKit's Core Animation drawing model has the following code (in WebNetscapePluginView.mm):

            // The plug-in gives us a retained layer.
            _pluginLayer.adoptNS((CALayer *)value);

meaning that the plugin will be release'd later. This is a clear violation of the CA spec as accepted: https://wiki.mozilla.org/NPAPI:CoreAnimationDrawingModel

I understand that in the pre-confirmed-spec implementation this code was correct, but Safari's implementation should match the spec. Matching the spec would mean that plugins not written to spec would leak, and those written to spec would be correct. The current behavior means that plugins not written to spec are okay, but those written to spec crash. That's clearly worse.


I found this bug because a plugin developer argued that their leaky code was correct when I pointed it out to them; they were building their plugin so that it wouldn't crash in Safari, rather than to match the spec. That means that Safari's incorrect implementation is almost certainly leading to the creation of plugins that leak when run in Chromium or Firefox. (The best case scenario as it stands now is that plugins do UA detection, which will probably mean niche browsers will get a broken behavior).

Please fix this, and reach out to plugin vendors using CA to get them to match the spec to avoid the resulting leaks.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list