Changeset 127595 in webkit


Ignore:
Timestamp:
Sep 5, 2012, 8:39:16 AM (13 years ago)
Author:
beidson@apple.com
Message:

Frequent crashes in PluginView::scriptObject under runtimeObjectCustomGetOwnPropertySlot
<rdar://problem/12142226> and https://bugs.webkit.org/show_bug.cgi?id=95026

Source/WebKit2:

Patch partially by Andras Becsi <andras.becsi@nokia.com>

Reviewed by Andy Estes.

If a plug-in fails to initialize then the m_plugin pointer is cleared out.
When accessing the script object it is appropriate to unconditionally null check m_plugin.

  • WebProcess/Plugins/PluginView.cpp:

(WebKit::PluginView::scriptObject): Null check m_plugin before trying to use it.

Tools:

Reviewed by Andy Estes.

Add a plug-in that always fails to initialize:

  • DumpRenderTree/TestNetscapePlugIn/Tests/NPPNewFails.cpp: Added.

(NPPNewFails):
(NPPNewFails::NPPNewFails):
(NPPNewFails::NPP_New):

Add it to all the project files:

  • DumpRenderTree/DumpRenderTree.gypi:
  • DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj:
  • DumpRenderTree/TestNetscapePlugIn/CMakeLists.txt:
  • DumpRenderTree/TestNetscapePlugIn/win/TestNetscapePlugin.vcproj:
  • DumpRenderTree/qt/TestNetscapePlugin/TestNetscapePlugin.pro:

LayoutTests:

Reviewed by Andy Estes.

  • plugins/npp-new-fails-expected.txt: Added.
  • plugins/npp-new-fails.html: Added.
Location:
trunk
Files:
3 added
9 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r127584 r127595  
     12012-09-05  Brady Eidson  <beidson@apple.com>
     2
     3        Frequent crashes in PluginView::scriptObject under runtimeObjectCustomGetOwnPropertySlot
     4        <rdar://problem/12142226> and https://bugs.webkit.org/show_bug.cgi?id=95026
     5
     6        Reviewed by Andy Estes.
     7
     8        * plugins/npp-new-fails-expected.txt: Added.
     9        * plugins/npp-new-fails.html: Added.
     10
    1112012-09-05  Dominik Röttsches  <dominik.rottsches@intel.com>
    212

  • trunk/Source/WebKit2/ChangeLog

    r127582 r127595  
     12012-09-05  Brady Eidson  <beidson@apple.com>
     2
     3        Frequent crashes in PluginView::scriptObject under runtimeObjectCustomGetOwnPropertySlot
     4        <rdar://problem/12142226> and https://bugs.webkit.org/show_bug.cgi?id=95026
     5
     6        Patch partially by Andras Becsi  <andras.becsi@nokia.com>
     7
     8        Reviewed by Andy Estes.
     9
     10        If a plug-in fails to initialize then the m_plugin pointer is cleared out.
     11        When accessing the script object it is appropriate to unconditionally null check m_plugin.
     12
     13        * WebProcess/Plugins/PluginView.cpp:
     14        (WebKit::PluginView::scriptObject): Null check m_plugin before trying to use it.
     15
    1162012-09-05  Christophe Dumez  <christophe.dumez@intel.com>
    217

  • trunk/Source/WebKit2/WebProcess/Plugins/PluginView.cpp

    r127513 r127595  
    551551        return 0;
    552552
     553    // The plug-in can be null here if it failed to initialize previously.
     554    if (!m_plugin)
     555        return 0;
     556
    553557    // If the plug-in exists but is not initialized then we're still initializing asynchronously.
    554558    // We need to wait here until initialization has either succeeded or failed.
     
    559563    }
    560564
    561     // The plug-in can be null here if it failed to initialize.
     565    // The plug-in can be null here if it still failed to initialize.
    562566    if (!m_isInitialized || !m_plugin)
    563567        return 0;

  • trunk/Tools/ChangeLog

    r127583 r127595  
     12012-09-05  Brady Eidson  <beidson@apple.com>
     2
     3        Frequent crashes in PluginView::scriptObject under runtimeObjectCustomGetOwnPropertySlot
     4        <rdar://problem/12142226> and https://bugs.webkit.org/show_bug.cgi?id=95026
     5
     6        Reviewed by Andy Estes.
     7
     8        Add a plug-in that always fails to initialize:
     9        * DumpRenderTree/TestNetscapePlugIn/Tests/NPPNewFails.cpp: Added.
     10        (NPPNewFails):
     11        (NPPNewFails::NPPNewFails):
     12        (NPPNewFails::NPP_New):
     13
     14        Add it to all the project files:
     15        * DumpRenderTree/DumpRenderTree.gypi:
     16        * DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj:
     17        * DumpRenderTree/TestNetscapePlugIn/CMakeLists.txt:
     18        * DumpRenderTree/TestNetscapePlugIn/win/TestNetscapePlugin.vcproj:
     19        * DumpRenderTree/qt/TestNetscapePlugin/TestNetscapePlugin.pro:
     20
    1212012-09-05  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
    222

  • trunk/Tools/DumpRenderTree/DumpRenderTree.gypi

    r126652 r127595  
    9797            'TestNetscapePlugIn/Tests/GetURLWithJavaScriptURLDestroyingPlugin.cpp',
    9898            'TestNetscapePlugIn/Tests/GetUserAgentWithNullNPPFromNPPNew.cpp',
     99            'TestNetscapePlugIn/Tests/NPPNewFails.cpp',
    99100            'TestNetscapePlugIn/Tests/NPRuntimeObjectFromDestroyedPlugin.cpp',
    100101            'TestNetscapePlugIn/Tests/NPRuntimeRemoveProperty.cpp',

  • trunk/Tools/DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj

    r127047 r127595  
    7171                4AD6A11413C8124000EA9737 /* FormValue.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4AD6A11313C8124000EA9737 /* FormValue.cpp */; };
    7272                5106803E15CC7B10001A8A23 /* SlowNPPNew.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5106803D15CC7B10001A8A23 /* SlowNPPNew.cpp */; };
     73                5113DE6715F6CBE5005EC8B3 /* NPPNewFails.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5113DE6615F6CBE5005EC8B3 /* NPPNewFails.cpp */; };
    7374                515C0CD015EE785700F5A613 /* LogNPPSetWindow.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 515C0CCF15EE785700F5A613 /* LogNPPSetWindow.cpp */; };
    7475                515F429C15C07872007C8F90 /* PluginScriptableObjectOverridesAllProperties.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 515F429B15C07872007C8F90 /* PluginScriptableObjectOverridesAllProperties.cpp */; };
     
    287288                4AD6A11313C8124000EA9737 /* FormValue.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FormValue.cpp; sourceTree = "<group>"; };
    288289                5106803D15CC7B10001A8A23 /* SlowNPPNew.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = SlowNPPNew.cpp; path = TestNetscapePlugIn/Tests/SlowNPPNew.cpp; sourceTree = SOURCE_ROOT; };
     290                5113DE6615F6CBE5005EC8B3 /* NPPNewFails.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NPPNewFails.cpp; sourceTree = "<group>"; };
    289291                515C0CCF15EE785700F5A613 /* LogNPPSetWindow.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = LogNPPSetWindow.cpp; sourceTree = "<group>"; };
    290292                515F429B15C07872007C8F90 /* PluginScriptableObjectOverridesAllProperties.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PluginScriptableObjectOverridesAllProperties.cpp; sourceTree = "<group>"; };
     
    560562                                515C0CCF15EE785700F5A613 /* LogNPPSetWindow.cpp */,
    561563                                1ACF898B132EF41C00E915D4 /* NPDeallocateCalledBeforeNPShutdown.cpp */,
     564                                5113DE6615F6CBE5005EC8B3 /* NPPNewFails.cpp */,
    562565                                C031182A134E4A2B00919757 /* NPPSetWindowCalledDuringDestruction.cpp */,
    563566                                1A24BAA8120734EE00FBB059 /* NPRuntimeObjectFromDestroyedPlugin.cpp */,
     
    922925                                51CACBD815D96FD000EB53A2 /* EvaluateJSWithinNPP_New.cpp in Sources */,
    923926                                515C0CD015EE785700F5A613 /* LogNPPSetWindow.cpp in Sources */,
     927                                5113DE6715F6CBE5005EC8B3 /* NPPNewFails.cpp in Sources */,
    924928                        );
    925929                        runOnlyForDeploymentPostprocessing = 0;

  • trunk/Tools/DumpRenderTree/TestNetscapePlugIn/CMakeLists.txt

    r123859 r127595  
    1515    ${WEBKIT_TESTNETSCAPEPLUGIN_DIR}/Tests/GetUserAgentWithNullNPPFromNPPNew.cpp
    1616    ${WEBKIT_TESTNETSCAPEPLUGIN_DIR}/Tests/NPDeallocateCalledBeforeNPShutdown.cpp
     17    ${WEBKIT_TESTNETSCAPEPLUGIN_DIR}/Tests/NPPNewFails.cpp
    1718    ${WEBKIT_TESTNETSCAPEPLUGIN_DIR}/Tests/NPPSetWindowCalledDuringDestruction.cpp
    1819    ${WEBKIT_TESTNETSCAPEPLUGIN_DIR}/Tests/NPRuntimeObjectFromDestroyedPlugin.cpp

  • trunk/Tools/DumpRenderTree/TestNetscapePlugIn/win/TestNetscapePlugin.vcproj

    r123936 r127595  
    427427                        </File>
    428428                        <File
     429                                RelativePath="..\Tests\NPPNewFails.cpp"
     430                                >
     431                        </File>
     432                        <File
    429433                                RelativePath="..\Tests\NPPSetWindowCalledDuringDestruction.cpp"
    430434                                >

  • trunk/Tools/DumpRenderTree/qt/TestNetscapePlugin/TestNetscapePlugin.pro

    r123936 r127595  
    2323    Tests/GetUserAgentWithNullNPPFromNPPNew.cpp \
    2424    Tests/NPDeallocateCalledBeforeNPShutdown.cpp \
     25    Tests/NPPNewFails.cpp \
    2526    Tests/NPPSetWindowCalledDuringDestruction.cpp \
    2627    Tests/NPRuntimeObjectFromDestroyedPlugin.cpp \
Note: See TracChangeset for help on using the changeset viewer.