Changeset 135751 in webkit

Timestamp:

Nov 26, 2012, 12:02:10 PM (13 years ago)

Author:

Lucas Forschler

Message:

Merged r132713. <rdar://problem/12589195>

Location:

branches/safari-536.28-branch

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/plugins/npruntime/npruntime-calls-with-null-npp-expected.txt (copied) (copied from trunk/LayoutTests/plugins/npruntime/npruntime-calls-with-null-npp-expected.txt )
• LayoutTests/plugins/npruntime/npruntime-calls-with-null-npp.html (copied) (copied from trunk/LayoutTests/plugins/npruntime/npruntime-calls-with-null-npp.html )
• Source/WebKit2/ChangeLog (modified) (1 diff)
• Source/WebKit2/WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp (modified) (1 diff)
• Source/WebKit2/WebProcess/Plugins/Netscape/NetscapePlugin.cpp (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/DumpRenderTree/DumpRenderTree.gypi (modified) (1 diff)
• Tools/DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj (modified) (5 diffs)
• Tools/DumpRenderTree/TestNetscapePlugIn/PluginTest.cpp (modified) (2 diffs)
• Tools/DumpRenderTree/TestNetscapePlugIn/PluginTest.h (modified) (2 diffs)
• Tools/DumpRenderTree/TestNetscapePlugIn/Tests/NPRuntimeCallsWithNullNPP.cpp (copied) (copied from trunk/Tools/DumpRenderTree/TestNetscapePlugIn/Tests/NPRuntimeCallsWithNullNPP.cpp )
• Tools/DumpRenderTree/TestNetscapePlugIn/win/TestNetscapePlugin.vcproj (modified) (1 diff)
• Tools/DumpRenderTree/qt/TestNetscapePlugin/TestNetscapePlugin.pro (modified) (1 diff)
• Tools/GNUmakefile.am (modified) (1 diff)

branches/safari-536.28-branch/LayoutTests/ChangeLog

@@ +1 @@
+2012-11-26  Lucas Forschler  <lforschler@apple.com>
+
+        Merge r132713
+
+    2012-10-26  Anders Carlsson  <andersca@apple.com> 
+
+            Crash when making NPRuntime calls with a null NPP pointer 
+            https://bugs.webkit.org/show_bug.cgi?id=100569 
+
+            Reviewed by Darin Adler. 
+
+            Add new tests. 
+
+            * plugins/npruntime/npruntime-calls-with-null-npp-expected.txt: Added. 
+            * plugins/npruntime/npruntime-calls-with-null-npp.html: Added. 
+
 2012-11-18  Simon Fraser  <simon.fraser@apple.com>
 

branches/safari-536.28-branch/Source/WebKit2/ChangeLog

@@ +1 @@
+2012-11-26  Lucas Forschler  <lforschler@apple.com>
+
+        Merge r132713
+
+    2012-10-26  Anders Carlsson  <andersca@apple.com>
+
+            Crash when making NPRuntime calls with a null NPP pointer
+            https://bugs.webkit.org/show_bug.cgi?id=100569
+            <rdar://problem/11726426>
+            <rdar://problem/12352836>
+
+            Reviewed by Darin Adler.
+
+            Finally bite the bullet and remove the assertion from NetscapePlugin::fromNPP. The WebKit1 equivalent of this
+            function used to return the plug-in currently being initialized in NPP_New, but we've never done that in WebKit2
+            and it has never been necessary. The crashes fixed here are not from calls underneath NPP_New so fixing it wouldn't
+            do us any good anyway.
+
+            Also, make the PluginDestructionProtector handle a null plug-in gracefully.
+
+            * WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp:
+            (WebKit::PluginDestructionProtector::PluginDestructionProtector):
+            (PluginDestructionProtector):
+            * WebProcess/Plugins/Netscape/NetscapePlugin.cpp:
+            (WebKit::NetscapePlugin::fromNPP):
+
 2012-11-16  Lucas Forschler  <lforschler@apple.com>
 

branches/safari-536.28-branch/Source/WebKit2/WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp

@@ -50 +50 @@
 public:
     explicit PluginDestructionProtector(NetscapePlugin* plugin)
-        : m_protector(static_cast<Plugin*>(plugin)->controller())
     {
+        if (plugin)
+            m_protector = adoptPtr(new PluginController::PluginDestructionProtector(static_cast<Plugin*>(plugin)->controller()));
     }
     
 private:
-    PluginController::PluginDestructionProtector m_protector;
+    OwnPtr<PluginController::PluginDestructionProtector> m_protector;
 };
 

branches/safari-536.28-branch/Source/WebKit2/WebProcess/Plugins/Netscape/NetscapePlugin.cpp

@@ -112 +112 @@
 PassRefPtr<NetscapePlugin> NetscapePlugin::fromNPP(NPP npp)
 {
-    if (npp)
-        return static_cast<NetscapePlugin*>(npp->ndata);
-
-    // FIXME: Return the current NetscapePlugin here.
-    ASSERT_NOT_REACHED();
-    return 0;
+    if (!npp)
+        return 0;
+
+    return static_cast<NetscapePlugin*>(npp->ndata);
 }
 

branches/safari-536.28-branch/Tools/ChangeLog

@@ +1 @@
+2012-11-26  Lucas Forschler  <lforschler@apple.com>
+
+        Merge r132713
+
+    2012-10-26  Anders Carlsson  <andersca@apple.com>
+
+            Crash when making NPRuntime calls with a null NPP pointer
+            https://bugs.webkit.org/show_bug.cgi?id=100569
+
+            Reviewed by Darin Adler.
+
+            Add new NPRuntimeCallsWithNullNPP plug-in test.
+
+            * DumpRenderTree/DumpRenderTree.gypi:
+            * DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj:
+            * DumpRenderTree/TestNetscapePlugIn/PluginTest.cpp:
+            (PluginTest::NPN_ReleaseVariantValue):
+            (PluginTest::netscapeFuncs):
+            * DumpRenderTree/TestNetscapePlugIn/PluginTest.h:
+            (PluginTest):
+            * DumpRenderTree/TestNetscapePlugIn/Tests/NPRuntimeCallsWithNullNPP.cpp: Added.
+            (NPRuntimeCallsWithNullNPP):
+            (NPRuntimeCallsWithNullNPP::NPRuntimeCallsWithNullNPP):
+            (NPRuntimeCallsWithNullNPP::NPP_New):
+            * DumpRenderTree/TestNetscapePlugIn/win/TestNetscapePlugin.vcproj:
+            * DumpRenderTree/qt/TestNetscapePlugin/TestNetscapePlugin.pro:
+            * GNUmakefile.am:
+
 2012-11-16  Lucas Forschler  <lforschler@apple.com>
 

branches/safari-536.28-branch/Tools/DumpRenderTree/DumpRenderTree.gypi

@@ -68 +68 @@
             'TestNetscapePlugIn/Tests/GetUserAgentWithNullNPPFromNPPNew.cpp',
             'TestNetscapePlugIn/Tests/NPPNewFails.cpp',
+            'TestNetscapePlugIn/Tests/NPRuntimeCallsWithNullNPP.cpp',
             'TestNetscapePlugIn/Tests/NPRuntimeObjectFromDestroyedPlugin.cpp',
             'TestNetscapePlugIn/Tests/NPRuntimeRemoveProperty.cpp',

branches/safari-536.28-branch/Tools/DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj

@@ -51 +51 @@
                 1ACF898D132EF41C00E915D4 /* NPDeallocateCalledBeforeNPShutdown.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1ACF898B132EF41C00E915D4 /* NPDeallocateCalledBeforeNPShutdown.cpp */; };
                 1AD4CB2212A6D1350027A7AF /* GetUserAgentWithNullNPPFromNPPNew.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1AD4CB2012A6D1350027A7AF /* GetUserAgentWithNullNPPFromNPPNew.cpp */; };
+                1AD8683F163B2FD000A28583 /* NPRuntimeCallsWithNullNPP.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1AD8683D163B2FD000A28583 /* NPRuntimeCallsWithNullNPP.cpp */; };
                 1AD9D2FE12028409001A70D1 /* PluginScriptableNPObjectInvokeDefault.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1AD9D2FD12028409001A70D1 /* PluginScriptableNPObjectInvokeDefault.cpp */; };
                 1AFF66BC137DEFD200791696 /* GetURLNotifyWithURLThatFailsToLoad.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1AFF66BB137DEA8300791696 /* GetURLNotifyWithURLThatFailsToLoad.cpp */; };
@@ -250 +251 @@
                 1ACF898B132EF41C00E915D4 /* NPDeallocateCalledBeforeNPShutdown.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NPDeallocateCalledBeforeNPShutdown.cpp; sourceTree = "<group>"; };
                 1AD4CB2012A6D1350027A7AF /* GetUserAgentWithNullNPPFromNPPNew.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = GetUserAgentWithNullNPPFromNPPNew.cpp; sourceTree = "<group>"; };
+                1AD8683D163B2FD000A28583 /* NPRuntimeCallsWithNullNPP.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NPRuntimeCallsWithNullNPP.cpp; sourceTree = "<group>"; };
                 1AD9D2FD12028409001A70D1 /* PluginScriptableNPObjectInvokeDefault.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PluginScriptableNPObjectInvokeDefault.cpp; sourceTree = "<group>"; };
                 1AFF66BB137DEA8300791696 /* GetURLNotifyWithURLThatFailsToLoad.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = GetURLNotifyWithURLThatFailsToLoad.cpp; sourceTree = "<group>"; };
@@ -488 +490 @@
                                 BC0E24DE0E2D9451001B6BC2 /* AccessibilityUIElement.h */,
                                 BC0E26140E2DA4C6001B6BC2 /* AccessibilityUIElementMac.mm */,
+                                BC0E26140E2DA4C6001B6BC3 /* AccessibilityCommonMac.mm */,
                                 BCA18B360C9B021900114369 /* AppleScriptController.h */,
                                 BCA18B370C9B021900114369 /* AppleScriptController.m */,
@@ -548 +551 @@
                                 5113DE6615F6CBE5005EC8B3 /* NPPNewFails.cpp */,
                                 C031182A134E4A2B00919757 /* NPPSetWindowCalledDuringDestruction.cpp */,
+                                1AD8683D163B2FD000A28583 /* NPRuntimeCallsWithNullNPP.cpp */,
                                 1A24BAA8120734EE00FBB059 /* NPRuntimeObjectFromDestroyedPlugin.cpp */,
                                 1AC77DCE120605B6005C19EF /* NPRuntimeRemoveProperty.cpp */,
@@ -908 +912 @@
                                 5113DE6715F6CBE5005EC8B3 /* NPPNewFails.cpp in Sources */,
                                 1C5C9B2E15F103AA0035558E /* LogNPPSetWindow.cpp in Sources */,
+                                1AD8683F163B2FD000A28583 /* NPRuntimeCallsWithNullNPP.cpp in Sources */,
                         );
                         runOnlyForDeploymentPostprocessing = 0;

branches/safari-536.28-branch/Tools/DumpRenderTree/TestNetscapePlugIn/PluginTest.cpp

@@ -219 +219 @@
 }
 
+void PluginTest::NPN_ReleaseVariantValue(NPVariant* variant)
+{
+    browser->releasevariantvalue(variant);
+}
+
 #ifdef XP_MACOSX
 bool PluginTest::NPN_ConvertPoint(double sourceX, double sourceY, NPCoordinateSpace sourceSpace, double *destX, double *destY, NPCoordinateSpace destSpace)
@@ -253 +258 @@
 }
 
+NPNetscapeFuncs* PluginTest::netscapeFuncs()
+{
+    return browser;
+}
+
 void PluginTest::waitUntilDone()
 {

branches/safari-536.28-branch/Tools/DumpRenderTree/TestNetscapePlugIn/PluginTest.h

@@ -90 +90 @@
     void NPN_ReleaseObject(NPObject*);
     bool NPN_RemoveProperty(NPObject*, NPIdentifier propertyName);
+    void NPN_ReleaseVariantValue(NPVariant*);
 
 #ifdef XP_MACOSX
@@ -124 +125 @@
 
     const std::string& identifier() const { return m_identifier; }
+
+    static NPNetscapeFuncs* netscapeFuncs();
 
     void waitUntilDone();

branches/safari-536.28-branch/Tools/DumpRenderTree/TestNetscapePlugIn/win/TestNetscapePlugin.vcproj

@@ -435 +435 @@
                         </File>
                         <File
+                                RelativePath="..\Tests\NPRuntimeCallsWithNullNPP.cpp"
+                                >
+                        </File>            
+                        <File
                                 RelativePath="..\Tests\NPRuntimeObjectFromDestroyedPlugin.cpp"
                                 >

branches/safari-536.28-branch/Tools/DumpRenderTree/qt/TestNetscapePlugin/TestNetscapePlugin.pro

@@ -25 +25 @@
     Tests/NPPNewFails.cpp \
     Tests/NPPSetWindowCalledDuringDestruction.cpp \
+    Tests/NPRuntimeCallsWithNullNPP.cpp \
     Tests/NPRuntimeObjectFromDestroyedPlugin.cpp \
     Tests/NPRuntimeRemoveProperty.cpp \

branches/safari-536.28-branch/Tools/GNUmakefile.am

@@ -216 +216 @@
         Tools/DumpRenderTree/TestNetscapePlugIn/Tests/NPDeallocateCalledBeforeNPShutdown.cpp \
         Tools/DumpRenderTree/TestNetscapePlugIn/Tests/NPPSetWindowCalledDuringDestruction.cpp \
+    Tools/DumpRenderTree/TestNetscapePlugIn/Tests/NPRuntimeCallsWithNullNPP.cpp \
         Tools/DumpRenderTree/TestNetscapePlugIn/Tests/NPRuntimeObjectFromDestroyedPlugin.cpp \
         Tools/DumpRenderTree/TestNetscapePlugIn/Tests/NPRuntimeRemoveProperty.cpp \