[Webkit-unassigned] [Bug 66181] New: HTMLPlugInElement is leaked if the plugin requests the plugin element script object

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Aug 12 19:22:27 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=66181

           Summary: HTMLPlugInElement is leaked if the plugin requests the
                    plugin element script object
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: wez at chromium.org


Any plugin which requests the script object for the containing element causes the HTMLPlugInElement to generate an NPObject wrapper for itself, which holds a reference to it.  It returns this to the plugin, but also retains a reference internally, to return if the plugin requests the script object again.  This creates a cyclical reference which prevents the HTMLPlugInElement from being torn down.

To reproduce the issue:
1.  Arrange to detect HTMLPlugInElement leaks (e.g. and printout to constructor & destructor).
2.  Verify that you see HTMLPlugInElement torn-down, by running the TestNetscapePlugIn "getURL" test, for example.
3.  Run the TestNetscapePlugIn "testDOMAccess" test, which causes the plugin to request an NPObject for the plugin element, and to then release it when the plugin is torn down.
4.  If you're feeling eager, run that test several times from within the same page, creating and tearing down TestNetscapePlugIn elements, so that multiple elements will be leaked.

Actual Results:
The HTMLPlugInElement should be torn down correctly in (2), but not be in (3) and (4).

Expected Results:
The HTMLPlugInElement should be torn down when the plug-in is destroyed.

Builds & Platforms:
This has been observed running WebKit within the Chromium browser, on several platforms.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list