[Webkit-unassigned] [Bug 66181] HTMLPlugInElement persists until page teardown if the plugin requests the script object for it
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Aug 25 12:49:43 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=66181
--- Comment #15 from wez at chromium.org 2011-08-25 12:49:43 PST ---
(In reply to comment #14)
> I've got 32-bit Safari running, and a Single-Process window opening, but it segfaults running the TestNetscapePlugIn test, in different ways depending on whether I run it with the system WebKit framework or my debug build.
Since the test crashes Safari 32-bit Single-Process, I've instead verified that:
1. Running single-process, the plugin does cause HTMLPlugInElement::getNPObject() to be invoked, before Safari crashes.
2. Running multi-process, with HTMLPlugInElement modified to call getNPObject itself in getInstance(), the HTMLPlugInElements are not released until the page is closed.
3. Running multi-process, with the modification in (2), and my patch applied, the elements are torn down as they are removed from the document, as you'd expect.
These tests were run with removedFromDocument() modified to invoke gcController().garbageCollectNow(), so as to force timely collection of the element reference.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list