[Webkit-unassigned] [Bug 56455] New: [Qt] [Symbian] NPPlugin crash when page reload happens while keeping the NPObject with JavaScript

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Mar 16 03:47:27 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=56455

           Summary: [Qt] [Symbian] NPPlugin crash when page reload happens
                    while keeping the NPObject with JavaScript
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: S60 Hardware
        OS/Version: Other
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Plug-ins
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: chandan.jc at gmail.com


We have developed an NPAPI plugin that handles JavaScript requests and does some asynchronous processing and returns back the result by invoking a callback in JavaScript. 
The result of processing is given back to JavaScript as an NPObject. 
Following is the code snippet of what is being done from HTML/JavaScript side:

<html>
Hello World!!
<body>
<embed  id="serviceFactory" type="application/x-sfw-plugin" height="0" hidden=true > </embed>
<script>

    try{
        function callback(iter)
        {
            window.location.reload();            
        }

        var mimetype = navigator.mimeTypes["application/x-sfw-plugin"];
        if(mimetype)
            {
            var plugin = mimetype.enabledPlugin;
            if(plugin)
            {    
                alert('Yes plugin present');            
                var factory = document.getElementById("serviceFactory");
                factory.makeAsyncCall(callback);
            }
            else
            {
                alert('No Plugin present');
            }
            }
        else
            {
             alert('No plugin for this Mime type');
            }
    }
    catch(e){
        alert('ex '+e);
    }

</script>
</body>
</html>


Once javascript callback gets invoked, I'm just calling window.location.reload(). 

In the plug-in class I'm creating a new NPObject through NPN_CreateObject() passing a reference to my NPClass structure (which is globally placed in my plug-in dll.). 
I'm calling NPN_InvokeDefault() and passing this NPObject for it to be available in JS callback. 
Once JS callback calls window.location.reload(), the plugins should be unloaded and all the data allocated by the plug-ins should be released. 
But the NPObject that I had passed through NPN_InvokeDefault(myNpObject) is there with Webkit, and unload() function in PluginPackageSymbian.cpp is calling m_pluginLoader->unload(); 
This results in unloading of my plug-in dll, which means the globally placed NPClass is also destroyed. 

Later when JavaScript Garbage collector gets triggered, it is calling NPN_ReleaseObject(myNpObject) , resulting in a crash (As the NPClass function pointers are no more valid).

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list