The bug is related to the mozilla bugzilla bug: https://bugzilla.mozilla.org/show_bug.cgi?id=338905.
In file deploy/src/plugin/solaris/nscore/JSObject.cpp, there is a
comment snippet in line 265:
/*
* when JSObject is GCed after plugin is destroyed, inst is NULL
* and code is JAVA_PLUGIN_JNIJS_FINALIZE. In this case, we still
* need consume message from spontaneous pipe and ask browser to
* release native JSObject, or spontaneous pipe will be corrupted
* and resource leak
*/
The comment's idea is that, if code isn't JAVA_PLUGIN_JNIJS_FINALIZE, the function should go on handling the following message instead of consuming the message and return.
But the real code conflicts with this comment:
267: if (code != JAVA_PLUGIN_JNIJS_FINALIZE) {
if (inst == NULL || inst->IsDestroyPending()) {
// Consume the message
int raw_msg_len;
......
I think that we should change the line 267 to "if (code == JAVA_PLUGIN_JNIJS_FINALIZE) {". The test case for bug 338905 can run correctly with the change applies.