85417 2012-05-02 14:01:40 -0700 NPN_InvokeDefault fails due to invalid rootObject 2022-06-28 09:25:36 -0700 1 1 1 Unclassified WebKit New Bugs 528+ (Nightly build) PC Linux RESOLVED WONTFIX InRadar P2 Normal --- 0 tmalsbar webkit-unassigned andersca ap mrobinson svillar tmalsbar webkit-bug-importer oldest_to_newest 614641 0 tmalsbar 2012-05-02 14:01:40 -0700 Calling NPN_InvokeDefault from a plugin fails sometimes using the latest (git-svn-id: http://svn.webkit.org/repository/webkit/trunk@115246 268f45cc-cd09-0410-ab3c-d52691b4dbfc) built for gtk (using JavaScriptCore). The failure occurs because the if (!rootObject || !rootObject->isValid()) check fails in NP_jsobject.cpp at _NPN_InvokeDefault. The repro steps run some unit tests for the plugin being developed, which behaves roughly as follows for each test: 1. create <object> 2. run test code 3. remove <object> The test code passes in a JS function to the plugin that is later called via NPN_InvokeDefault. Digging through the code a bit shows me that a new rootObject is created for each instance of the plugin. When the JS function value is converted to an NPVariant before calling the plugin it calls findRootObject to assign a rootObject. At that point there are multiple rootObjects in the root object set: globalObject=0x7fa1438bc150 rootObject=0x24d35f0 rootObject->globalObject=0x7fa1438bc150 rootObject=0x23e4b50 rootObject->globalObject=0x7fa1438bc150 rootObject=0x250d890 rootObject->globalObject=0x7fa1438bc150 rootObject=0x2576d30 rootObject->globalObject=0x7fa1438bc150 rootObject=0x2593830 rootObject->globalObject=0x7fa1438bc150 findRootObject picks the first one, which does not belong to the instance of the plugin that is being called. The first rootObject is invalidated before the plugin calls NPN_InvokeDefault. 621684 1 svillar 2012-05-11 09:12:25 -0700 it'd be awesome if you could provide a simplified version of the plugin or at least a test case. I was unable to reproduce it actually. 1878722 2 mrobinson 2022-06-28 03:40:14 -0700 Support for plugins was removed in https://trac.webkit.org/changeset/265753/webkit. 1878726 3 webkit-bug-importer 2022-06-28 03:41:15 -0700 <rdar://problem/96050372>