browser-plugin: The NPObject returned by NPP_GetValue should be retained
The Mozilla documentation says: "And as always when working with reference counted NPObjects, the caller is responsible for calling NPN_ReleaseObject on the NPObject to drop the reference." Browsers assume that the plugin does the right thing and always call NPN_ReleaseObject. At some point the object is released and deallocated and both the plugin and browser still have references to the object thinking that it's still alive. That's why the crash is sometimes in the plugin when it tries to use the np object, and sometimes in the browser. https://bugzilla.gnome.org/post_bug.cgi
This commit is contained in:
parent
d81a6bdf41
commit
d5c0514e21
@ -1029,6 +1029,7 @@ NPP_GetValue(NPP instance,
|
|||||||
if (!instance->pdata)
|
if (!instance->pdata)
|
||||||
return NPERR_INVALID_INSTANCE_ERROR;
|
return NPERR_INVALID_INSTANCE_ERROR;
|
||||||
|
|
||||||
|
funcs.retainobject (instance->pdata);
|
||||||
*(NPObject**)value = instance->pdata;
|
*(NPObject**)value = instance->pdata;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user