Safari plugin crashes on NPN_GetValue

Question

My plugin code crashes when I call the NPN_GetValue. Basically I created a scriptable object which has a 'getDevice' method that can return a device array to JavaScript. Below is the code snippet.

static bool mainNPObjectInvoke(NPObject *obj, NPIdentifier identifier, const NPVariant *args, uint32_t argCount, NPVariant *result)
{
    printf("create main object");
    MainNPObject *mainObject = (MainNPObject *)obj;

    if (identifier == methodIdentifiers[METHOD_ID_GET_DEVICES])
    {
        NPObject *windowObj = NULL;
        browser->getvalue(mainObject->npp, NPNVWindowNPObject, &windowObj);
        // it crashed here
    ....
    }
}

I created the MainNPObject instance with below method.

NPObject *createMainNPObject(NPP npp)
{
    MainNPObject *object = (MainNPObject *)browser->createobject(npp, &mainNPClass);
    object->npp = npp;

    theMainObject = object;

    return (NPObject *)object;
}

The createMainNPObject is called in the plugin function I provided to browser.

NPError NPP_GetValue(NPP instance, NPPVariable variable, void *value)
{
    PluginObject *obj = instance->pdata;

    switch (variable) {
        case NPPVpluginCoreAnimationLayer:
            if (!obj->rootLayer)
                setupLayerHierarchy(obj);

            *(CALayer **)value = obj->rootLayer;

            return NPERR_NO_ERROR;

        case NPPVpluginScriptableNPObject:

            if (!obj->mainObject)
            {
                obj->mainObject = createMainNPObject(instance);
            }
 ....
}

And the allocate function is as below.

static NPObject *mainNPObjectAllocate(NPP npp, NPClass *class)
{
    initializeIdentifiers();

    MainNPObject *mainObject = malloc(sizeof(MainNPObject));
    mainObject->deviceManager = [[DeviceManager alloc] init];

    return (NPObject *)mainObject;
}

Definition of MainNPObject:

typedef struct
{
    NPObject *npobject;
    NPP npp;
    DeviceManager *deviceManager;
} MainNPObject;

By debugging the code, I found that the system raised an EXC_BAD_ACCESS when calling the browser->getValue and it looks like the npp pointer is invalid.

0x00007fff83f82dab  <+0019>  je     0x7fff83f82db9 <_ZN6WebKit14NetscapePlugin7fromNPPEP4_NPP+33>
0x00007fff83f82dad  <+0021>  incl   0x8(%rax)

Can someone help me out?

Thanks!

I added my allocate function into original post. Thanks a lot! — cs2k, May 05 '12 at 02:11

score 0 · Accepted Answer · answered May 05 '12 at 05:25

0

Hmm; not seeing anything obvious. Try adding another parameter (an int?) to your structure and set it during allocate or immediately afterwords, then later on check to see if it's still the value you set before you call getvalue. See if your struct is somehow getting corrupt. That happened to me once when I was casting the NPObject funny in a non-obvious way.

answered May 05 '12 at 05:25

taxilian

14,229
4
34
73

I added an int member to the MainNPObject and set the value to 25 in allocate. The value is correctly passed in when I checked in the invoke method. Also I create a static MainNPObject to record the object. Comparing it with the one passed in from browser, they are the same. The plugin always crashes at the point of WebKit::NetscapePlugin::fromNPP. Now I am totally lost. I have uploaded the project to dropbox, may I ask you to have a further look? https://www.dropbox.com/s/fvv74iu98a2c16f/NPAPI_Core_Animation_Movie_Plugin.zip – cs2k May 05 '12 at 07:33
Finally I found the root cause. I wrongly declare the NPObject member in the MainNPObject struct as a pointer! When the browser calls the invoke method, the npp member points to somewhere else due to this reason. taxilian, I marked your comment as answer since it gives me the right direction to investigate. Thanks. – cs2k May 06 '12 at 10:59

Safari plugin crashes on NPN_GetValue

1 Answers1

Linked