[gnome-shell/gnome-3-18] browser-plugin: The NPObject returned by NPP_GetValue should be retained



commit a8c769e0ff990ce511acfcd87e2369e88e4c85cf
Author: Carlos Garcia Campos <cgarcia igalia com>
Date:   Fri Oct 28 15:33:11 2016 +0200

    browser-plugin: The NPObject returned by NPP_GetValue should be retained
    
    The Mozilla documentation says: "And as always when working with
    reference counted NPObjects, the caller is responsible for calling
    NPN_ReleaseObject on the NPObject to drop the reference."
    
    Browsers assume that the plugin does the right thing and always call
    NPN_ReleaseObject. At some point the object is released and deallocated
    and both the plugin and browser still have references to the object
    thinking that it's still alive. That's why the crash is sometimes in the
    plugin when it tries to use the np object, and sometimes in the browser.
    
    https://bugzilla.gnome.org/post_bug.cgi

 browser-plugin/browser-plugin.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/browser-plugin/browser-plugin.c b/browser-plugin/browser-plugin.c
index c65711e..3305ad8 100644
--- a/browser-plugin/browser-plugin.c
+++ b/browser-plugin/browser-plugin.c
@@ -1043,6 +1043,7 @@ NPP_GetValue(NPP          instance,
     if (!instance->pdata)
       return NPERR_INVALID_INSTANCE_ERROR;
 
+    funcs.retainobject (instance->pdata);
     *(NPObject**)value = instance->pdata;
     break;
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]