Hello, Calling NPN_InvokeDefault from a plugin fails sometimes using the latest built for gtk (using JavaScriptCore). The failure occurs because the if (!rootObject || !rootObject->isValid()) check fails in NP_jsobject.cpp@_NPN_InvokeDefault.
The repro steps run some unit tests for the plugin being developed, which behaves roughly as follows for each test: 1. create <object> 2. run test code 3. remove <object> The test code passes in a JS function to the plugin that is later called via NPN_InvokeDefault. Digging through the code a bit shows me that a new rootObject is created for each instance of the plugin. When the JS function value is converted to an NPVariant before calling the plugin it calls findRootObject to assign a rootObject. At that point there are multiple rootObjects in the root object set: globalObject=0x7fa1438bc150 rootObject=0x24d35f0 rootObject->globalObject=0x7fa1438bc150 rootObject=0x23e4b50 rootObject->globalObject=0x7fa1438bc150 rootObject=0x250d890 rootObject->globalObject=0x7fa1438bc150 rootObject=0x2576d30 rootObject->globalObject=0x7fa1438bc150 rootObject=0x2593830 rootObject->globalObject=0x7fa1438bc150 findRootObject picks the first one, which does not belong to the instance of the plugin that is being called. The problem is that the first rootObject is invalidated before the plugin calls NPN_InvokeDefault. I'm unsure what the proper fix should be. Thanks in advance for any help, -Todd _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev