Bug 30419 - NPN_UserAgent leaks its return value
Summary: NPN_UserAgent leaks its return value
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.5
: P2 Normal
Assignee: Nobody
Keywords: InRadar
Depends on:
Reported: 2009-10-15 17:55 PDT by Dan Webb
Modified: 2022-06-20 17:08 PDT (History)
7 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Dan Webb 2009-10-15 17:55:35 PDT
Each call to NPN_UserAgent leaks an NSString object on the Mac.

How I discovered the bug:  I was calling NPN_UserAgent in NPP_HandleEvent, and I noticed a slow leak.  I opened ObjectAlloc.tracetemplate and did a trace of Safari, and it showed a leak of an object of roughly 170 bytes happening at nearly 60 times per second, and the stack trace showed the leak coming from NPN_UserAgent.
Comment 1 Alexey Proskuryakov 2009-10-15 19:57:24 PDT
I cannot reproduce this with ToT. Could you please post a full stack trace? Also, are you seeing this in Safari on Mac OS X 10.5?

Could you please try to reproduce this with a nightly build from <http://nightly.webkit.org>?
Comment 2 Dan Webb 2009-10-21 16:07:30 PDT
I reproduced it in Monday's ToT WebKit build.

Stack trace of one of the leaked objects (from ObjectAlloc):
  21 Safari 0x2c92
  20 AppKit NSApplicationMain
  19 AppKit -[NSApplication run]
  18 Safari 0xc303
  17 AppKit -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
  16 AppKit _DPSNextEvent
  15 HIToolbox BlockUntilNextEventMatchingListInMode
  14 HIToolbox ReceiveNextEventCommon
  13 HIToolbox RunCurrentEventLoopInMode
  12 CoreFoundation CFRunLoopRunInMode
  11 CoreFoundation CFRunLoopRunSpecific
  10 WebKit WebNetscapePluginEventHandlerCarbon::sendNullEvent() /Users/dwebb/Keyhole-local/WebKit/WebKit/mac/Plugins/WebNetscapePluginEventHandlerCarbon.mm:124
   9 WebKit WebNetscapePluginEventHandlerCarbon::sendEvent(EventRecord*) /Users/dwebb/Keyhole-local/WebKit/WebKit/mac/Plugins/WebNetscapePluginEventHandlerCarbon.mm:420
   8 WebKit -[WebNetscapePluginDocumentView sendEvent:isDrawRect:] /Users/dwebb/Keyhole-local/WebKit/WebKit/mac/Plugins/WebNetscapePluginView.mm:672
   7 libnpgeplugin.dylib Private_HandleEvent(_NPP*, void*)
   6 libnpgeplugin.dylib nsPluginInstance::HandleEvent(void*) scons-out/opt/obj/apps/earth/plugin/idlglue/staticglue/moz/plugin.cc:164
   5 libnpgeplugin.dylib GetNPSupportedModels(_NPP*, bool*, bool*, bool*)
   4 WebKit NPN_UserAgent /Users/dwebb/Keyhole-local/WebKit/WebKit/mac/Plugins/npapi.mm:120
   3 Foundation -[NSCFString UTF8String]
   2 Foundation bytesInEncoding
   1 CoreFoundation __CFDataInit
   0 CoreFoundation _CFRuntimeCreateInstance

If you want to reproduce it using the Google Earth plugin, download the installer from here, install it, and reload the page (might require Safari restart):
Comment 3 Mark Rowe (bdash) 2009-10-21 16:16:08 PDT
That appears to show the char* buffer returned by NPN_UserAgent is being leaked.  I would assume that the caller of NPN_UserAgent is responsible for freeing that memory.  Is that not the case?
Comment 4 Dan Webb 2009-10-21 16:35:38 PDT
Hmm, I assumed that the string was owned by npapi, since the docs didn't mention anything about handing off ownership of the C string.

I googled around a bit and found some example code that doesn't free the string:
Comment 5 Alexey Proskuryakov 2009-10-21 16:49:48 PDT
If I'm looking at the right place, Mozilla does return a pointer to static buffer: <http://mxr.mozilla.org/mozilla-central/source/modules/plugin/base/src/nsPluginHost.cpp#2612> indeed.
Comment 6 Ahmad Saleem 2022-06-20 11:04:43 PDT
I am not able to find any reference about NPN_UserAgent in Webkit Github mirror except within Layout Tests for plugins?

Considering that they might be disabled (skipped) as well, can we mark this as "RESOLVED WONTFIX"? Since NPAPI plugin support is now removed and Safari 14 onward does not support it. Thanks!
Comment 7 Radar WebKit Bug Importer 2022-06-20 11:05:00 PDT