All the crashes are actually the same problem in the end, but the crash happens at different moments. It's not a bug in WebKit, even though we could protect WebKit from crashing due to buggy plugins in some cases like in bug #137425. The bug in in the plugin that is not retaining the np object when returning it from NPP_GetValue. WebKit assumes the the plugin does the right think and releases that given reference. At some point the object is released and deallocated and both the plugin and WebKit still have references to the object thinking that it's still alive. That's why the crash is sometimes in the plugin when it tries to use the np object, or in WebKit for the very same reason. I don't know why it doesn't happen in other browsers, looking at firefox code they also release the object right after creating the internal wrapper in NPP_GetValue, I guess they keep another reference somewhere else. In WebKit, the mac port has a quirk PluginQuirks::ReturnsNonRetainedScriptableNPObject for this. In our case I'll just fix the plugin.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1636616 Title: GNOME Shell browser plugin is crashy To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-shell/+bug/1636616/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
