Currently, if a plugin calls NPN_SetException and passes us a null NPObject*, we would crash. Additionally, if an NPN_SetException is coming from an out of process plugin, it is very likely that the NPObject* is pointing to an object living in the plugin's memory space in the plugin process, rather than in the renderer process where the exception is actually being thrown. This will allow Chromium to just pass in a null NPObject* rather than trying to ferry an object that wouldn't be used anyway between processses.
Created attachment 43318 [details] patch
Comment on attachment 43318 [details] patch > Index: WebCore/ChangeLog ... > + Handle the case of a null NPObject* in NPN_SetException in > + the V8 bindings. I had to read the bug summary to understand this patch. It would be good to put more of the justification for this change here in the ChangeLog. Otherwise, R=me
(In reply to comment #2) > (From update of attachment 43318 [details]) > > Index: WebCore/ChangeLog > ... > > + Handle the case of a null NPObject* in NPN_SetException in > > + the V8 bindings. > > I had to read the bug summary to understand this patch. It would be > good to put more of the justification for this change here in the > ChangeLog. > > Otherwise, R=me Done and committed: http://trac.webkit.org/changeset/51054