From 03e582959aa09ce855f187e3a47a48062b60a5ff Mon Sep 17 00:00:00 2001
From: Grace Kloba <klobag@google.com>
Date: Tue, 16 Mar 2010 11:19:34 -0700
Subject: Fix the V8 NPObject reference count problem.

To match JSC version, after getNPObject() is called,
the object should have ref count 2. One will be released
in ~PluginView(). Another one will be released by
the plugin.

This should fix the crash of Flash using V8.

Fix http://b/issue?id=2511963
---
 WebCore/plugins/PluginView.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'WebCore/plugins')

diff --git a/WebCore/plugins/PluginView.cpp b/WebCore/plugins/PluginView.cpp
index a6a0cf7..dc2b832 100644
--- a/WebCore/plugins/PluginView.cpp
+++ b/WebCore/plugins/PluginView.cpp
@@ -831,7 +831,9 @@ NPObject* PluginView::getNPObject() {
     if (npErr != NPERR_NO_ERROR || !object)
         return 0;
 
-    _NPN_ReleaseObject(object);
+    // Bindings::CInstance (used in JSC version) retains the object, so in ~PluginView() it calls
+    // cleanupScriptObjectsForPlugin() to releases the object. To maintain the reference count,
+    // don't call _NPN_ReleaseObject(object) here.
     return object;
 #else
     return 0;
-- 
cgit v1.1