[chromium-bugs] Issue 20765 in chromium: Using a NPObject as an event listener crashes the browser

Tue, 01 Sep 2009 04:58:44 -0700 

Status: Unconfirmed
Owner: ----
Labels: Type-Bug Pri-2 OS-All Area-Misc

New issue 20765 by LittleManGopo: Using a NPObject as an event listener  
crashes the browser
http://code.google.com/p/chromium/issues/detail?id=20765

Chrome Version       : 4.0.204.0 (24877)
URLs (if applicable) :
Other browsers tested:
   Add OK or FAIL after other browsers where you have tested this issue:
      Safari 4: OK
   Firefox 3.x: OK
          IE 7: OK (not applicable because it does not use NPAPI)
          IE 8: OK (not applicable because it does not use NPAPI)

Adding a NPObject as an event listener crashes the browser.

What steps will reproduce the problem?
1. Have a plugin that produces a NPObject that implements at least
NP_HasProperty, NP_GetProperty
        * ("0" in npObject) should be "true", i.e. NP_HasProperty(npObject,0)
should return true.
        * npObject[0] should be "undefined", i.e.
NP_GetProperty(npObject,0,&result) should return true and result.type
should be Void

2. Load the plugin in an out of process Chrome browser (the issue does not
reproduce for an in-process instance)
3. Obtain a reference npObject to the implemented NPObject, for example
calling a plugin function like: npObject = plugin.getNPObject();
4. Call el.addEventListener("click", npObject, false);
5. The browser crashes

What is the expected result?

The browser should not crash and it should invoke "handleEvent" when the
event is fired.


What happens instead?

The browser crashes.


Please provide any additional information below. Attach a screenshot if
possible.

It seems that adding a NPObject as an event listener makes Chrome query for
property "0" when an event listener is added.
The crash happens if the NPObject returns "undefined" when queried for
property "0".

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---

Reply via email to