Changeset 70653 in webkit


Ignore:
Timestamp:
Oct 27, 2010 9:08:48 AM (13 years ago)
Author:
Adam Roben
Message:

Don't call NPP_GetValue if the plugin didn't provide an implementation

Fixes <http://webkit.org/b/48433> Crash in
NetscapePlugin::shouldLoadSrcURL when using Shockwave Director 10.3 in
WebKit2 on Windows

Reviewed by Eric Carlson.

WebKit2:

  • WebProcess/Plugins/Netscape/NetscapePlugin.cpp:

(WebKit::NetscapePlugin::NPP_GetValue): Null-check the getvalue pointer
before using it to call NPP_GetValue.

WebKitTools:

Test that WebKit doesn't crash if the plugin passes 0 for its
NPP_GetValue pointer

  • DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj:
  • DumpRenderTree/TestNetscapePlugIn/win/TestNetscapePlugin.vcproj:
  • DumpRenderTree/qt/TestNetscapePlugin/TestNetscapePlugin.pro:
  • GNUmakefile.am:

Added NullNPPGetValuePointer.cpp.

  • DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp:
  • DumpRenderTree/TestNetscapePlugIn/PluginObject.h:

Set up a place to store the NPPluginFuncs struct the browser passed to us.

  • DumpRenderTree/TestNetscapePlugIn/Tests/NullNPPGetValuePointer.cpp: Added.

(NullNPPGetValuePointer::NullNPPGetValuePointer): Null out the
NPP_GetValue pointer we passed to the browser to simulate a plugin that
doesn't implement NPP_GetValue.
(NullNPPGetValuePointer::NPP_GetValue): Print an error message. If this
function is called, it means that WebKit has changed in a way that
makes this test invalid.

  • DumpRenderTree/TestNetscapePlugIn/main.cpp:

(NP_GetEntryPoints): Save the NPPluginFuncs struct the browser passed
to us so we can be naughty and modify it later.

LayoutTests:

Test that WebKit doesn't crash if the plugin passes 0 for its
NPP_GetValue pointer

  • plugins/null-npp-getvalue-pointer-expected.txt: Added.
  • plugins/null-npp-getvalue-pointer.html: Added.
Location:
trunk
Files:
3 added
11 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r70652 r70653  
     12010-10-27  Adam Roben  <aroben@apple.com>
     2
     3        Test that WebKit doesn't crash if the plugin passes 0 for its
     4        NPP_GetValue pointer
     5
     6        Test for <http://webkit.org/b/48433> Crash in
     7        NetscapePlugin::shouldLoadSrcURL when using Shockwave Director 10.3 in
     8        WebKit2 on Windows
     9
     10        Reviewed by Eric Carlson.
     11
     12        * plugins/null-npp-getvalue-pointer-expected.txt: Added.
     13        * plugins/null-npp-getvalue-pointer.html: Added.
     14
    1152010-10-27  Justin Schuh  <jschuh@chromium.org>
    216

  • trunk/WebKit2/ChangeLog

    r70645 r70653  
     12010-10-27  Adam Roben  <aroben@apple.com>
     2
     3        Don't call NPP_GetValue if the plugin didn't provide an implementation
     4
     5        Fixes <http://webkit.org/b/48433> Crash in
     6        NetscapePlugin::shouldLoadSrcURL when using Shockwave Director 10.3 in
     7        WebKit2 on Windows
     8
     9        Reviewed by Eric Carlson.
     10
     11        * WebProcess/Plugins/Netscape/NetscapePlugin.cpp:
     12        (WebKit::NetscapePlugin::NPP_GetValue): Null-check the getvalue pointer
     13        before using it to call NPP_GetValue.
     14
    1152010-10-27  Balazs Kelemen  <kbalazs@webkit.org>
    216

  • trunk/WebKit2/WebProcess/Plugins/Netscape/NetscapePlugin.cpp

    r70265 r70653  
    282282NPError NetscapePlugin::NPP_GetValue(NPPVariable variable, void *value)
    283283{
     284    if (!m_pluginModule->pluginFuncs().getvalue)
     285        return NPERR_GENERIC_ERROR;
     286
    284287    return m_pluginModule->pluginFuncs().getvalue(&m_npp, variable, value);
    285288}

  • trunk/WebKitTools/ChangeLog

    r70650 r70653  
     12010-10-27  Adam Roben  <aroben@apple.com>
     2
     3        Test that WebKit doesn't crash if the plugin passes 0 for its
     4        NPP_GetValue pointer
     5
     6        Test for <http://webkit.org/b/48433> Crash in
     7        NetscapePlugin::shouldLoadSrcURL when using Shockwave Director 10.3 in
     8        WebKit2 on Windows
     9
     10        Reviewed by Eric Carlson.
     11
     12        * DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj:
     13        * DumpRenderTree/TestNetscapePlugIn/win/TestNetscapePlugin.vcproj:
     14        * DumpRenderTree/qt/TestNetscapePlugin/TestNetscapePlugin.pro:
     15        * GNUmakefile.am:
     16        Added NullNPPGetValuePointer.cpp.
     17
     18        * DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp:
     19        * DumpRenderTree/TestNetscapePlugIn/PluginObject.h:
     20        Set up a place to store the NPPluginFuncs struct the browser passed to us.
     21
     22        * DumpRenderTree/TestNetscapePlugIn/Tests/NullNPPGetValuePointer.cpp: Added.
     23        (NullNPPGetValuePointer::NullNPPGetValuePointer): Null out the
     24        NPP_GetValue pointer we passed to the browser to simulate a plugin that
     25        doesn't implement NPP_GetValue.
     26        (NullNPPGetValuePointer::NPP_GetValue): Print an error message. If this
     27        function is called, it means that WebKit has changed in a way that
     28        makes this test invalid.
     29
     30        * DumpRenderTree/TestNetscapePlugIn/main.cpp:
     31        (NP_GetEntryPoints): Save the NPPluginFuncs struct the browser passed
     32        to us so we can be naughty and modify it later.
     33
    1342010-10-27  Ademar de Souza Reis Jr  <ademar.reis@openbossa.org>
    235

  • trunk/WebKitTools/DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj

    r70614 r70653  
    133133                BCF6C6500C98E9C000AC063E /* GCController.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BCF6C64F0C98E9C000AC063E /* GCController.cpp */; };
    134134                C06F9ABC1267A7060058E1F6 /* PassDifferentNPPStruct.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C06F9ABB1267A7060058E1F6 /* PassDifferentNPPStruct.cpp */; };
     135                C0EC3C9C12787F0500939164 /* NullNPPGetValuePointer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C0EC3C9B12787F0500939164 /* NullNPPGetValuePointer.cpp */; };
    135136                E1B7816511AF31B7007E1BC2 /* MockGeolocationProvider.mm in Sources */ = {isa = PBXBuildFile; fileRef = E1B7808711AF1669007E1BC2 /* MockGeolocationProvider.mm */; };
    136137                E1B7816711AF31C3007E1BC2 /* MockGeolocationProvider.h in Headers */ = {isa = PBXBuildFile; fileRef = E1B7808511AF1643007E1BC2 /* MockGeolocationProvider.h */; };
     
    307308                BCF6C64F0C98E9C000AC063E /* GCController.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = GCController.cpp; sourceTree = "<group>"; };
    308309                C06F9ABB1267A7060058E1F6 /* PassDifferentNPPStruct.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PassDifferentNPPStruct.cpp; sourceTree = "<group>"; };
     310                C0EC3C9B12787F0500939164 /* NullNPPGetValuePointer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NullNPPGetValuePointer.cpp; sourceTree = "<group>"; };
    309311                E1B7808511AF1643007E1BC2 /* MockGeolocationProvider.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = MockGeolocationProvider.h; path = mac/MockGeolocationProvider.h; sourceTree = "<group>"; };
    310312                E1B7808711AF1669007E1BC2 /* MockGeolocationProvider.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = MockGeolocationProvider.mm; path = mac/MockGeolocationProvider.mm; sourceTree = "<group>"; };
     
    463465                                1A24BAA8120734EE00FBB059 /* NPRuntimeObjectFromDestroyedPlugin.cpp */,
    464466                                1AC77DCE120605B6005C19EF /* NPRuntimeRemoveProperty.cpp */,
     467                                C0EC3C9B12787F0500939164 /* NullNPPGetValuePointer.cpp */,
    465468                                C06F9ABB1267A7060058E1F6 /* PassDifferentNPPStruct.cpp */,
    466469                                1AD9D2FD12028409001A70D1 /* PluginScriptableNPObjectInvokeDefault.cpp */,
     
    748751                                1A24BAA9120734EE00FBB059 /* NPRuntimeObjectFromDestroyedPlugin.cpp in Sources */,
    749752                                C06F9ABC1267A7060058E1F6 /* PassDifferentNPPStruct.cpp in Sources */,
     753                                C0EC3C9C12787F0500939164 /* NullNPPGetValuePointer.cpp in Sources */,
    750754                        );
    751755                        runOnlyForDeploymentPostprocessing = 0;

  • trunk/WebKitTools/DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp

    r68630 r70653  
    104104
    105105NPNetscapeFuncs* browser;
     106NPPluginFuncs* pluginFunctions;
    106107
    107108static NPClass pluginClass = {

  • trunk/WebKitTools/DumpRenderTree/TestNetscapePlugIn/PluginObject.h

    r68630 r70653  
    3939
    4040extern NPNetscapeFuncs *browser;
     41extern NPPluginFuncs* pluginFunctions;
    4142
    4243typedef struct {

  • trunk/WebKitTools/DumpRenderTree/TestNetscapePlugIn/main.cpp

    r69986 r70653  
    8181        CRASH();
    8282#endif
     83
     84    pluginFunctions = pluginFuncs;
    8385
    8486    pluginFuncs->version = (NP_VERSION_MAJOR << 8) | NP_VERSION_MINOR;

  • trunk/WebKitTools/DumpRenderTree/TestNetscapePlugIn/win/TestNetscapePlugin.vcproj

    r70265 r70653  
    384384                        </File>
    385385                        <File
     386                                RelativePath="..\Tests\NullNPPGetValuePointer.cpp"
     387                                >
     388                        </File>
     389                        <File
    386390                                RelativePath="..\Tests\PassDifferentNPPStruct.cpp"
    387391                                >

  • trunk/WebKitTools/DumpRenderTree/qt/TestNetscapePlugin/TestNetscapePlugin.pro

    r70196 r70653  
    3232          Tests/NPRuntimeObjectFromDestroyedPlugin.cpp \
    3333          Tests/NPRuntimeRemoveProperty.cpp \
     34          Tests/NullNPPGetValuePointer.cpp \
    3435          Tests/PassDifferentNPPStruct.cpp \
    3536          Tests/PluginScriptableNPObjectInvokeDefault.cpp

  • trunk/WebKitTools/GNUmakefile.am

    r70238 r70653  
    170170        WebKitTools/DumpRenderTree/TestNetscapePlugIn/Tests/NPRuntimeObjectFromDestroyedPlugin.cpp \
    171171        WebKitTools/DumpRenderTree/TestNetscapePlugIn/Tests/NPRuntimeRemoveProperty.cpp \
     172        WebKitTools/DumpRenderTree/TestNetscapePlugIn/Tests/NullNPPGetValuePointer.cpp \
    172173        WebKitTools/DumpRenderTree/TestNetscapePlugIn/Tests/PassDifferentNPPStruct.cpp \
    173174        WebKitTools/DumpRenderTree/TestNetscapePlugIn/Tests/PluginScriptableNPObjectInvokeDefault.cpp \
Note: See TracChangeset for help on using the changeset viewer.