Each call to NPN_UserAgent leaks an NSString object on the Mac.
How I discovered the bug: I was calling NPN_UserAgent in NPP_HandleEvent, and I noticed a slow leak. I opened ObjectAlloc.tracetemplate and did a trace of Safari, and it showed a leak of an object of roughly 170 bytes happening at nearly 60 times per second, and the stack trace showed the leak coming from NPN_UserAgent.
I cannot reproduce this with ToT. Could you please post a full stack trace? Also, are you seeing this in Safari on Mac OS X 10.5?
Could you please try to reproduce this with a nightly build from <http://nightly.webkit.org>?
I reproduced it in Monday's ToT WebKit build.
Stack trace of one of the leaked objects (from ObjectAlloc):
21 Safari 0x2c92
20 AppKit NSApplicationMain
19 AppKit -[NSApplication run]
18 Safari 0xc303
17 AppKit -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
16 AppKit _DPSNextEvent
15 HIToolbox BlockUntilNextEventMatchingListInMode
14 HIToolbox ReceiveNextEventCommon
13 HIToolbox RunCurrentEventLoopInMode
12 CoreFoundation CFRunLoopRunInMode
11 CoreFoundation CFRunLoopRunSpecific
10 WebKit WebNetscapePluginEventHandlerCarbon::sendNullEvent() /Users/dwebb/Keyhole-local/WebKit/WebKit/mac/Plugins/WebNetscapePluginEventHandlerCarbon.mm:124
9 WebKit WebNetscapePluginEventHandlerCarbon::sendEvent(EventRecord*) /Users/dwebb/Keyhole-local/WebKit/WebKit/mac/Plugins/WebNetscapePluginEventHandlerCarbon.mm:420
8 WebKit -[WebNetscapePluginDocumentView sendEvent:isDrawRect:] /Users/dwebb/Keyhole-local/WebKit/WebKit/mac/Plugins/WebNetscapePluginView.mm:672
7 libnpgeplugin.dylib Private_HandleEvent(_NPP*, void*)
6 libnpgeplugin.dylib nsPluginInstance::HandleEvent(void*) scons-out/opt/obj/apps/earth/plugin/idlglue/staticglue/moz/plugin.cc:164
5 libnpgeplugin.dylib GetNPSupportedModels(_NPP*, bool*, bool*, bool*)
4 WebKit NPN_UserAgent /Users/dwebb/Keyhole-local/WebKit/WebKit/mac/Plugins/npapi.mm:120
3 Foundation -[NSCFString UTF8String]
2 Foundation bytesInEncoding
1 CoreFoundation __CFDataInit
0 CoreFoundation _CFRuntimeCreateInstance
If you want to reproduce it using the Google Earth plugin, download the installer from here, install it, and reload the page (might require Safari restart):
That appears to show the char* buffer returned by NPN_UserAgent is being leaked. I would assume that the caller of NPN_UserAgent is responsible for freeing that memory. Is that not the case?
Hmm, I assumed that the string was owned by npapi, since the docs didn't mention anything about handing off ownership of the C string.
I googled around a bit and found some example code that doesn't free the string:
If I'm looking at the right place, Mozilla does return a pointer to static buffer: <http://mxr.mozilla.org/mozilla-central/source/modules/plugin/base/src/nsPluginHost.cpp#2612> indeed.
I am not able to find any reference about NPN_UserAgent in Webkit Github mirror except within Layout Tests for plugins?
Considering that they might be disabled (skipped) as well, can we mark this as "RESOLVED WONTFIX"? Since NPAPI plugin support is now removed and Safari 14 onward does not support it. Thanks!