[Webkit-unassigned] [Bug 58282] Core Animation plugin layers are incorrectly released

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jun 13 14:54:14 PDT 2011


--- Comment #6 from Stuart Morgan <stuartmorgan at chromium.org>  2011-06-13 14:54:14 PST ---
I want to capture here what I've learned from discussions I've had with various plugin vendors since filing this, to make it clear that this is *very* hard for plugins to work around correctly:
- If a plugin follow the spec as written, every single WebKit.framework-based app will crash if it loads that plugin
- If a plugin vendor ignores the spec, it will leak CA layer in every compliant browser.
- The seemingly logic approach of special-casing browsers that do the wrong thing by doing a UA-check to do the retain is, as far as I can tell, impossible to get right. It's impossible to enumerate the apps that are wrong because every WebKit.framework-based app is wrong, and they could have basically any UA.

That leaves whitelisting browsers that *aren't* broken, which is horrible. It means anyone who writes a browser that implements the spec has to get every CA plugin to special-case them, or satisfy the checks done by every plugin (which of course a browser developer won't even know because most plugins are closed-source).

And even if we accept that, it's still not clear what check a plugin vendor should actually do. If the plugin looks for "WebKit", it leaks in WebKit2 and in anything Chromium based. So it has to look for WebKit, but not WebKit2, and not Chrome. But any number of apps could be Chromium-based (and at least a couple of other browsers are), and they may not have Chrome in their UA, so then they leak too. And meanwhile any app without WebKit in its UA that uses WebKit.framework will crash.

I considered suggesting to plugin vendors that they look for WebKit.framework being loaded in the app--but that doesn't work because there are plugins that themselves load WebKit.framework, and most apps don't have OOP plugins.

Apple could make this whole mess go away by shipping a fixed version of WebKit.framework in 10.6.x. Then all a plugin vendor would have to do is check the OS version (or maybe the WebKit version) and not retain for 10.6.x+. The only downside to this is that until plugin vendors updated, things would leak in WebKit.framework apps. That seems a whole lot better than WebKit.framework apps maybe leaking, maybe crashing, and maybe being okay, indefinitely, based on what each individual plugin vendor checks for. Especially given that the number of plugins using CA is still quite small, and evangelizing all of them to add an OS-version-based check would be quite easy.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list