Fix the V8 NPObject reference count problem.

To match JSC version, after getNPObject() is called, the object should have ref count 2. One will be released in ~PluginView(). Another one will be released by the plugin. This should fix the crash of Flash using V8. Fix http://b/issue?id=2511963
author: Grace Kloba <klobag@google.com> 2010-03-16 11:19:34 -0700
committer: Grace Kloba <klobag@google.com> 2010-03-16 11:19:34 -0700
commit: 03e582959aa09ce855f187e3a47a48062b60a5ff (patch)
tree: 9a9baa4c23d9de34157831cac72d246c1f8091f8 /WebCore/plugins
parent: 639bb38b20faf62d88712bc1a1bdf91897d15ee0 (diff)
download: external_webkit-03e582959aa09ce855f187e3a47a48062b60a5ff.zip
external_webkit-03e582959aa09ce855f187e3a47a48062b60a5ff.tar.gz
external_webkit-03e582959aa09ce855f187e3a47a48062b60a5ff.tar.bz2
1 files changed, 3 insertions, 1 deletions
diff --git a/WebCore/plugins/PluginView.cpp b/WebCore/plugins/PluginView.cpp
index a6a0cf7..dc2b832 100644
--- a/WebCore/plugins/PluginView.cpp
+++ b/WebCore/plugins/PluginView.cpp
@@ -831,7 +831,9 @@ NPObject* PluginView::getNPObject() {
     if (npErr != NPERR_NO_ERROR || !object)
         return 0;
 
-    _NPN_ReleaseObject(object);
+    // Bindings::CInstance (used in JSC version) retains the object, so in ~PluginView() it calls
+    // cleanupScriptObjectsForPlugin() to releases the object. To maintain the reference count,
+    // don't call _NPN_ReleaseObject(object) here.
     return object;
 #else
     return 0;
author	Grace Kloba <klobag@google.com>	2010-03-16 11:19:34 -0700
committer	Grace Kloba <klobag@google.com>	2010-03-16 11:19:34 -0700
commit	03e582959aa09ce855f187e3a47a48062b60a5ff (patch)
tree	9a9baa4c23d9de34157831cac72d246c1f8091f8 /WebCore/plugins
parent	639bb38b20faf62d88712bc1a1bdf91897d15ee0 (diff)
download	external_webkit-03e582959aa09ce855f187e3a47a48062b60a5ff.zip external_webkit-03e582959aa09ce855f187e3a47a48062b60a5ff.tar.gz external_webkit-03e582959aa09ce855f187e3a47a48062b60a5ff.tar.bz2