Changeset 90148 in webkit

Timestamp:

Jun 30, 2011 12:31:01 PM (13 years ago)

Author:

Martin Robinson

Message:

2011-06-30 Martin Robinson <​mrobinson@igalia.com>

Reviewed by Anders Carlsson.

[GTK] Crash observed with nspluginwrapper and flash
​https://bugs.webkit.org/show_bug.cgi?id=62249

Added a test which verifies that WebKit does not crash when InvalidateRect
is called with a null instance.

• platform/gtk/plugins/invalidate-rect-with-null-npp-argument-expected.txt: Added.
• platform/gtk/plugins/invalidate-rect-with-null-npp-argument.html: Added.

2011-06-30 Martin Robinson <​mrobinson@igalia.com>

Reviewed by Anders Carlsson.

[GTK] Crash observed with nspluginwrapper and flash
​https://bugs.webkit.org/show_bug.cgi?id=62249

Test: plugins/invalidate-rect-with-null-npp-argument.html

• plugins/npapi.cpp: (NPN_InvalidateRect): Guard against null instances here.

2011-06-30 Martin Robinson <​mrobinson@igalia.com>

Reviewed by Anders Carlsson.

[GTK] Crash observed with nspluginwrapper and flash
​https://bugs.webkit.org/show_bug.cgi?id=62249

• WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp: (WebKit::NPN_InvalidateRect): Guard against null instances here.

2011-06-30 Martin Robinson <​mrobinson@igalia.com>

Reviewed by Anders Carlsson.

[GTK] Crash observed with nspluginwrapper and flash
​https://bugs.webkit.org/show_bug.cgi?id=62249

Added a TestNetscapePlugin test which verifies that WebKit properly
handles situations where InvalidateRect is called with a null instance.

• DumpRenderTree/TestNetscapePlugIn/Tests/x11/CallInvalidateRectWithNullNPPArgument.cpp: Added. (CallInvalidateRectWithNullNPPArgument::CallInvalidateRectWithNullNPPArgument): (CallInvalidateRectWithNullNPPArgument::NPP_New):
• GNUmakefile.am: Add the new file to sources list.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/platform/gtk/plugins/invalidate-rect-with-null-npp-argument-expected.txt (added)
• LayoutTests/platform/gtk/plugins/invalidate-rect-with-null-npp-argument.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/plugins/npapi.cpp (modified) (1 diff)
• Source/WebKit2/ChangeLog (modified) (1 diff)
• Source/WebKit2/WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/DumpRenderTree/TestNetscapePlugIn/Tests/x11 (added)
• Tools/DumpRenderTree/TestNetscapePlugIn/Tests/x11/CallInvalidateRectWithNullNPPArgument.cpp (added)
• Tools/GNUmakefile.am (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2011-06-30  Martin Robinson  <mrobinson@igalia.com>
+
+        Reviewed by Anders Carlsson.
+
+        [GTK] Crash observed with nspluginwrapper and flash
+        https://bugs.webkit.org/show_bug.cgi?id=62249
+
+        Added a test which verifies that WebKit does not crash when InvalidateRect
+        is called with a null instance.
+
+        * platform/gtk/plugins/invalidate-rect-with-null-npp-argument-expected.txt: Added.
+        * platform/gtk/plugins/invalidate-rect-with-null-npp-argument.html: Added.
+
 2011-06-30  Tab Atkins  <jackalmage@gmail.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-06-30  Martin Robinson  <mrobinson@igalia.com>
+
+        Reviewed by Anders Carlsson.
+
+        [GTK] Crash observed with nspluginwrapper and flash
+        https://bugs.webkit.org/show_bug.cgi?id=62249
+
+        Test: plugins/invalidate-rect-with-null-npp-argument.html
+
+        * plugins/npapi.cpp:
+        (NPN_InvalidateRect): Guard against null instances here.
+
 2011-06-30  Levi Weintraub  <leviw@chromium.org>
 

trunk/Source/WebCore/plugins/npapi.cpp

@@ -122 +122 @@
 void NPN_InvalidateRect(NPP instance, NPRect* invalidRect)
 {
-    pluginViewForInstance(instance)->invalidateRect(invalidRect);
+    PluginView* view = pluginViewForInstance(instance);
+#if defined(TARGET_X11)
+    // NSPluginWrapper, a plugin wrapper binary that allows running 32-bit plugins
+    // on 64-bit architectures typically used in X11, will sometimes give us a null NPP here.
+    if (!view)
+        return;
+#endif
+    view->invalidateRect(invalidRect);
 }
 

trunk/Source/WebKit2/ChangeLog

@@ +1 @@
+2011-06-30  Martin Robinson  <mrobinson@igalia.com>
+
+        Reviewed by Anders Carlsson.
+
+        [GTK] Crash observed with nspluginwrapper and flash
+        https://bugs.webkit.org/show_bug.cgi?id=62249
+
+        * WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp:
+        (WebKit::NPN_InvalidateRect): Guard against null instances here.
+
 2011-06-30  Mark Rowe  <mrowe@apple.com>
 

trunk/Source/WebKit2/WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp

@@ -594 +594 @@
 static void NPN_InvalidateRect(NPP npp, NPRect* invalidRect)
 {
+#if PLUGIN_ARCHITECTURE(X11)
+    // NSPluginWrapper, a plugin wrapper binary that allows running 32-bit plugins
+    // on 64-bit architectures typically used in X11, will sometimes give us a null NPP here.
+    if (!npp)
+        return;
+#endif
     RefPtr<NetscapePlugin> plugin = NetscapePlugin::fromNPP(npp);
     plugin->invalidate(invalidRect);

trunk/Tools/ChangeLog

@@ +1 @@
+2011-06-30  Martin Robinson  <mrobinson@igalia.com>
+
+        Reviewed by Anders Carlsson.
+
+        [GTK] Crash observed with nspluginwrapper and flash
+        https://bugs.webkit.org/show_bug.cgi?id=62249
+
+        Added a TestNetscapePlugin test which verifies that WebKit properly
+        handles situations where InvalidateRect is called with a null instance.
+
+        * DumpRenderTree/TestNetscapePlugIn/Tests/x11/CallInvalidateRectWithNullNPPArgument.cpp: Added.
+        (CallInvalidateRectWithNullNPPArgument::CallInvalidateRectWithNullNPPArgument):
+        (CallInvalidateRectWithNullNPPArgument::NPP_New):
+        * GNUmakefile.am: Add the new file to sources list.
+
 2011-06-30  Eric Seidel  <eric@webkit.org>
 

trunk/Tools/GNUmakefile.am

@@ -255 +255 @@
         Tools/DumpRenderTree/TestNetscapePlugIn/Tests/PassDifferentNPPStruct.cpp \
         Tools/DumpRenderTree/TestNetscapePlugIn/Tests/PluginScriptableNPObjectInvokeDefault.cpp \
+        Tools/DumpRenderTree/TestNetscapePlugIn/Tests/x11/CallInvalidateRectWithNullNPPArgument.cpp \
         Tools/DumpRenderTree/TestNetscapePlugIn/PluginTest.cpp \
         Tools/DumpRenderTree/TestNetscapePlugIn/PluginTest.h \