Bug 616400 - When a plugin returns a failure code from NPP_New, but creates JS objects in the process, anyone trying to script those objects after NPP_New fails will crash (Silverlight crash @NPObjWrapper_NewResolve). Call nsJSNPRuntime::OnPluginDestroy on a failed-init case just as we do in a normal cleanup case. r=josh a=blocker

This commit is contained in:
Benjamin Smedberg 2011-02-03 16:10:45 -05:00
Родитель ab99d7c286
Коммит 7a678cff38
1 изменённых файлов: 2 добавлений и 6 удалений

Просмотреть файл

@ -414,19 +414,15 @@ nsNPAPIPluginInstance::InitializePlugin()
mRunning = RUNNING;
nsresult newResult = library->NPP_New((char*)mimetype, &mNPP, (PRUint16)mode, count, (char**)names, (char**)values, NULL, &error);
if (NS_FAILED(newResult)) {
mRunning = DESTROYED;
return newResult;
}
mInPluginInitCall = oldVal;
NPP_PLUGIN_LOG(PLUGIN_LOG_NORMAL,
("NPP New called: this=%p, npp=%p, mime=%s, mode=%d, argc=%d, return=%d\n",
this, &mNPP, mimetype, mode, count, error));
if (error != NPERR_NO_ERROR) {
if (NS_FAILED(newResult) || error != NPERR_NO_ERROR) {
mRunning = DESTROYED;
nsJSNPRuntime::OnPluginDestroy(&mNPP);
return NS_ERROR_FAILURE;
}