[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
aroben at apple.com
aroben at apple.com
Wed Dec 22 15:01:48 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit f373716ed13cf4dcb40193b6ec3e34bcadafec2d
Author: aroben at apple.com <aroben at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Oct 27 16:08:48 2010 +0000
Don't call NPP_GetValue if the plugin didn't provide an implementation
Fixes <http://webkit.org/b/48433> Crash in
NetscapePlugin::shouldLoadSrcURL when using Shockwave Director 10.3 in
WebKit2 on Windows
Reviewed by Eric Carlson.
WebKit2:
* WebProcess/Plugins/Netscape/NetscapePlugin.cpp:
(WebKit::NetscapePlugin::NPP_GetValue): Null-check the getvalue pointer
before using it to call NPP_GetValue.
WebKitTools:
Test that WebKit doesn't crash if the plugin passes 0 for its
NPP_GetValue pointer
* DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj:
* DumpRenderTree/TestNetscapePlugIn/win/TestNetscapePlugin.vcproj:
* DumpRenderTree/qt/TestNetscapePlugin/TestNetscapePlugin.pro:
* GNUmakefile.am:
Added NullNPPGetValuePointer.cpp.
* DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp:
* DumpRenderTree/TestNetscapePlugIn/PluginObject.h:
Set up a place to store the NPPluginFuncs struct the browser passed to us.
* DumpRenderTree/TestNetscapePlugIn/Tests/NullNPPGetValuePointer.cpp: Added.
(NullNPPGetValuePointer::NullNPPGetValuePointer): Null out the
NPP_GetValue pointer we passed to the browser to simulate a plugin that
doesn't implement NPP_GetValue.
(NullNPPGetValuePointer::NPP_GetValue): Print an error message. If this
function is called, it means that WebKit has changed in a way that
makes this test invalid.
* DumpRenderTree/TestNetscapePlugIn/main.cpp:
(NP_GetEntryPoints): Save the NPPluginFuncs struct the browser passed
to us so we can be naughty and modify it later.
LayoutTests:
Test that WebKit doesn't crash if the plugin passes 0 for its
NPP_GetValue pointer
* plugins/null-npp-getvalue-pointer-expected.txt: Added.
* plugins/null-npp-getvalue-pointer.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@70653 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 6f2bcba..af1c2ab 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,17 @@
+2010-10-27 Adam Roben <aroben at apple.com>
+
+ Test that WebKit doesn't crash if the plugin passes 0 for its
+ NPP_GetValue pointer
+
+ Test for <http://webkit.org/b/48433> Crash in
+ NetscapePlugin::shouldLoadSrcURL when using Shockwave Director 10.3 in
+ WebKit2 on Windows
+
+ Reviewed by Eric Carlson.
+
+ * plugins/null-npp-getvalue-pointer-expected.txt: Added.
+ * plugins/null-npp-getvalue-pointer.html: Added.
+
2010-10-27 Justin Schuh <jschuh at chromium.org>
Reviewed by Dirk Schulze.
diff --git a/LayoutTests/plugins/null-npp-getvalue-pointer-expected.txt b/LayoutTests/plugins/null-npp-getvalue-pointer-expected.txt
new file mode 100644
index 0000000..3811b91
--- /dev/null
+++ b/LayoutTests/plugins/null-npp-getvalue-pointer-expected.txt
@@ -0,0 +1,2 @@
+
+This tests that we don't crash when the plugin passes 0 for its NPP_GetValue pointer.
diff --git a/LayoutTests/plugins/null-npp-getvalue-pointer.html b/LayoutTests/plugins/null-npp-getvalue-pointer.html
new file mode 100644
index 0000000..8d879a5
--- /dev/null
+++ b/LayoutTests/plugins/null-npp-getvalue-pointer.html
@@ -0,0 +1,16 @@
+<html>
+<head>
+<body>
+<embed id="testPlugin" type="application/x-webkit-test-netscape" src="data:text/plain," test="null-npp-getvalue-pointer">
+</embed>
+
+<div>
+ This tests that we don't crash when the plugin passes 0 for its NPP_GetValue pointer.
+</div>
+<script>
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+</script>
+</body>
+</html>
+
diff --git a/WebKit2/ChangeLog b/WebKit2/ChangeLog
index 4e4c732..fed7d48 100644
--- a/WebKit2/ChangeLog
+++ b/WebKit2/ChangeLog
@@ -1,3 +1,17 @@
+2010-10-27 Adam Roben <aroben at apple.com>
+
+ Don't call NPP_GetValue if the plugin didn't provide an implementation
+
+ Fixes <http://webkit.org/b/48433> Crash in
+ NetscapePlugin::shouldLoadSrcURL when using Shockwave Director 10.3 in
+ WebKit2 on Windows
+
+ Reviewed by Eric Carlson.
+
+ * WebProcess/Plugins/Netscape/NetscapePlugin.cpp:
+ (WebKit::NetscapePlugin::NPP_GetValue): Null-check the getvalue pointer
+ before using it to call NPP_GetValue.
+
2010-10-27 Balazs Kelemen <kbalazs at webkit.org>
Reviewed by Andreas Kling.
diff --git a/WebKit2/WebProcess/Plugins/Netscape/NetscapePlugin.cpp b/WebKit2/WebProcess/Plugins/Netscape/NetscapePlugin.cpp
index 4799725..39968af 100644
--- a/WebKit2/WebProcess/Plugins/Netscape/NetscapePlugin.cpp
+++ b/WebKit2/WebProcess/Plugins/Netscape/NetscapePlugin.cpp
@@ -281,6 +281,9 @@ void NetscapePlugin::NPP_URLNotify(const char* url, NPReason reason, void* notif
NPError NetscapePlugin::NPP_GetValue(NPPVariable variable, void *value)
{
+ if (!m_pluginModule->pluginFuncs().getvalue)
+ return NPERR_GENERIC_ERROR;
+
return m_pluginModule->pluginFuncs().getvalue(&m_npp, variable, value);
}
diff --git a/WebKitTools/ChangeLog b/WebKitTools/ChangeLog
index 16ed905..b674b0f 100644
--- a/WebKitTools/ChangeLog
+++ b/WebKitTools/ChangeLog
@@ -1,3 +1,36 @@
+2010-10-27 Adam Roben <aroben at apple.com>
+
+ Test that WebKit doesn't crash if the plugin passes 0 for its
+ NPP_GetValue pointer
+
+ Test for <http://webkit.org/b/48433> Crash in
+ NetscapePlugin::shouldLoadSrcURL when using Shockwave Director 10.3 in
+ WebKit2 on Windows
+
+ Reviewed by Eric Carlson.
+
+ * DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj:
+ * DumpRenderTree/TestNetscapePlugIn/win/TestNetscapePlugin.vcproj:
+ * DumpRenderTree/qt/TestNetscapePlugin/TestNetscapePlugin.pro:
+ * GNUmakefile.am:
+ Added NullNPPGetValuePointer.cpp.
+
+ * DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp:
+ * DumpRenderTree/TestNetscapePlugIn/PluginObject.h:
+ Set up a place to store the NPPluginFuncs struct the browser passed to us.
+
+ * DumpRenderTree/TestNetscapePlugIn/Tests/NullNPPGetValuePointer.cpp: Added.
+ (NullNPPGetValuePointer::NullNPPGetValuePointer): Null out the
+ NPP_GetValue pointer we passed to the browser to simulate a plugin that
+ doesn't implement NPP_GetValue.
+ (NullNPPGetValuePointer::NPP_GetValue): Print an error message. If this
+ function is called, it means that WebKit has changed in a way that
+ makes this test invalid.
+
+ * DumpRenderTree/TestNetscapePlugIn/main.cpp:
+ (NP_GetEntryPoints): Save the NPPluginFuncs struct the browser passed
+ to us so we can be naughty and modify it later.
+
2010-10-27 Ademar de Souza Reis Jr <ademar.reis at openbossa.org>
Reviewed by Andreas Kling.
diff --git a/WebKitTools/DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj b/WebKitTools/DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj
index 00baa77..bf0aebf 100644
--- a/WebKitTools/DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj
+++ b/WebKitTools/DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj
@@ -132,6 +132,7 @@
BCD08B710E1059D200A7D0C1 /* AccessibilityControllerMac.mm in Sources */ = {isa = PBXBuildFile; fileRef = BCD08B700E1059D200A7D0C1 /* AccessibilityControllerMac.mm */; };
BCF6C6500C98E9C000AC063E /* GCController.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BCF6C64F0C98E9C000AC063E /* GCController.cpp */; };
C06F9ABC1267A7060058E1F6 /* PassDifferentNPPStruct.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C06F9ABB1267A7060058E1F6 /* PassDifferentNPPStruct.cpp */; };
+ C0EC3C9C12787F0500939164 /* NullNPPGetValuePointer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C0EC3C9B12787F0500939164 /* NullNPPGetValuePointer.cpp */; };
E1B7816511AF31B7007E1BC2 /* MockGeolocationProvider.mm in Sources */ = {isa = PBXBuildFile; fileRef = E1B7808711AF1669007E1BC2 /* MockGeolocationProvider.mm */; };
E1B7816711AF31C3007E1BC2 /* MockGeolocationProvider.h in Headers */ = {isa = PBXBuildFile; fileRef = E1B7808511AF1643007E1BC2 /* MockGeolocationProvider.h */; };
/* End PBXBuildFile section */
@@ -306,6 +307,7 @@
BCD08B700E1059D200A7D0C1 /* AccessibilityControllerMac.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = AccessibilityControllerMac.mm; path = mac/AccessibilityControllerMac.mm; sourceTree = "<group>"; };
BCF6C64F0C98E9C000AC063E /* GCController.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = GCController.cpp; sourceTree = "<group>"; };
C06F9ABB1267A7060058E1F6 /* PassDifferentNPPStruct.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PassDifferentNPPStruct.cpp; sourceTree = "<group>"; };
+ C0EC3C9B12787F0500939164 /* NullNPPGetValuePointer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NullNPPGetValuePointer.cpp; sourceTree = "<group>"; };
E1B7808511AF1643007E1BC2 /* MockGeolocationProvider.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = MockGeolocationProvider.h; path = mac/MockGeolocationProvider.h; sourceTree = "<group>"; };
E1B7808711AF1669007E1BC2 /* MockGeolocationProvider.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = MockGeolocationProvider.mm; path = mac/MockGeolocationProvider.mm; sourceTree = "<group>"; };
/* End PBXFileReference section */
@@ -462,6 +464,7 @@
1A215A7511F26072008AD0F5 /* DocumentOpenInDestroyStream.cpp */,
1A24BAA8120734EE00FBB059 /* NPRuntimeObjectFromDestroyedPlugin.cpp */,
1AC77DCE120605B6005C19EF /* NPRuntimeRemoveProperty.cpp */,
+ C0EC3C9B12787F0500939164 /* NullNPPGetValuePointer.cpp */,
C06F9ABB1267A7060058E1F6 /* PassDifferentNPPStruct.cpp */,
1AD9D2FD12028409001A70D1 /* PluginScriptableNPObjectInvokeDefault.cpp */,
);
@@ -747,6 +750,7 @@
1AC77DCF120605B6005C19EF /* NPRuntimeRemoveProperty.cpp in Sources */,
1A24BAA9120734EE00FBB059 /* NPRuntimeObjectFromDestroyedPlugin.cpp in Sources */,
C06F9ABC1267A7060058E1F6 /* PassDifferentNPPStruct.cpp in Sources */,
+ C0EC3C9C12787F0500939164 /* NullNPPGetValuePointer.cpp in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
diff --git a/WebKitTools/DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp b/WebKitTools/DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp
index 1df1c76..db73a9d 100644
--- a/WebKitTools/DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp
+++ b/WebKitTools/DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp
@@ -103,6 +103,7 @@ static NPObject* pluginAllocate(NPP npp, NPClass*);
static void pluginDeallocate(NPObject*);
NPNetscapeFuncs* browser;
+NPPluginFuncs* pluginFunctions;
static NPClass pluginClass = {
NP_CLASS_STRUCT_VERSION,
diff --git a/WebKitTools/DumpRenderTree/TestNetscapePlugIn/PluginObject.h b/WebKitTools/DumpRenderTree/TestNetscapePlugIn/PluginObject.h
index 6c30578..99d5bf6 100644
--- a/WebKitTools/DumpRenderTree/TestNetscapePlugIn/PluginObject.h
+++ b/WebKitTools/DumpRenderTree/TestNetscapePlugIn/PluginObject.h
@@ -38,6 +38,7 @@
class PluginTest;
extern NPNetscapeFuncs *browser;
+extern NPPluginFuncs* pluginFunctions;
typedef struct {
NPObject header;
diff --git a/WebKitTools/DumpRenderTree/TestNetscapePlugIn/Tests/NullNPPGetValuePointer.cpp b/WebKitTools/DumpRenderTree/TestNetscapePlugIn/Tests/NullNPPGetValuePointer.cpp
new file mode 100644
index 0000000..2c3aa30
--- /dev/null
+++ b/WebKitTools/DumpRenderTree/TestNetscapePlugIn/Tests/NullNPPGetValuePointer.cpp
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "PluginTest.h"
+
+#include "PluginObject.h"
+
+using namespace std;
+
+// Passing null for our NPP_GetValue function pointer should not crash.
+
+class NullNPPGetValuePointer : public PluginTest {
+public:
+ NullNPPGetValuePointer(NPP, const string& identifier);
+
+private:
+ virtual NPError NPP_GetValue(NPPVariable, void* value);
+};
+
+static PluginTest::Register<NullNPPGetValuePointer> registrar("null-npp-getvalue-pointer");
+
+NullNPPGetValuePointer::NullNPPGetValuePointer(NPP npp, const string& identifier)
+ : PluginTest(npp, identifier)
+{
+ // Be sneaky and null out the getvalue pointer the browser is holding. This simulates a plugin
+ // that doesn't implement NPP_GetValue (like Shockwave Director 10.3 on Windows). Note that if
+ // WebKit copies the NPPluginFuncs struct this technique will have no effect and WebKit will
+ // call into our NPP_GetValue implementation.
+ pluginFunctions->getvalue = 0;
+}
+
+NPError NullNPPGetValuePointer::NPP_GetValue(NPPVariable, void*)
+{
+ pluginLog(m_npp, "NPP_GetValue was called but should not have been. Maybe WebKit copied the NPPluginFuncs struct, which would invalidate this test.");
+ return NPERR_GENERIC_ERROR;
+}
diff --git a/WebKitTools/DumpRenderTree/TestNetscapePlugIn/main.cpp b/WebKitTools/DumpRenderTree/TestNetscapePlugIn/main.cpp
index e240c42..24ba3b8 100644
--- a/WebKitTools/DumpRenderTree/TestNetscapePlugIn/main.cpp
+++ b/WebKitTools/DumpRenderTree/TestNetscapePlugIn/main.cpp
@@ -81,6 +81,8 @@ NPError STDCALL NP_GetEntryPoints(NPPluginFuncs *pluginFuncs)
CRASH();
#endif
+ pluginFunctions = pluginFuncs;
+
pluginFuncs->version = (NP_VERSION_MAJOR << 8) | NP_VERSION_MINOR;
pluginFuncs->size = sizeof(pluginFuncs);
pluginFuncs->newp = NPP_New;
diff --git a/WebKitTools/DumpRenderTree/TestNetscapePlugIn/win/TestNetscapePlugin.vcproj b/WebKitTools/DumpRenderTree/TestNetscapePlugIn/win/TestNetscapePlugin.vcproj
index 6c9d162..74042bc 100644
--- a/WebKitTools/DumpRenderTree/TestNetscapePlugIn/win/TestNetscapePlugin.vcproj
+++ b/WebKitTools/DumpRenderTree/TestNetscapePlugIn/win/TestNetscapePlugin.vcproj
@@ -383,6 +383,10 @@
>
</File>
<File
+ RelativePath="..\Tests\NullNPPGetValuePointer.cpp"
+ >
+ </File>
+ <File
RelativePath="..\Tests\PassDifferentNPPStruct.cpp"
>
</File>
diff --git a/WebKitTools/DumpRenderTree/qt/TestNetscapePlugin/TestNetscapePlugin.pro b/WebKitTools/DumpRenderTree/qt/TestNetscapePlugin/TestNetscapePlugin.pro
index 740ebb8..b958025 100644
--- a/WebKitTools/DumpRenderTree/qt/TestNetscapePlugin/TestNetscapePlugin.pro
+++ b/WebKitTools/DumpRenderTree/qt/TestNetscapePlugin/TestNetscapePlugin.pro
@@ -31,6 +31,7 @@ SOURCES = PluginObject.cpp \
Tests/DocumentOpenInDestroyStream.cpp \
Tests/NPRuntimeObjectFromDestroyedPlugin.cpp \
Tests/NPRuntimeRemoveProperty.cpp \
+ Tests/NullNPPGetValuePointer.cpp \
Tests/PassDifferentNPPStruct.cpp \
Tests/PluginScriptableNPObjectInvokeDefault.cpp
diff --git a/WebKitTools/GNUmakefile.am b/WebKitTools/GNUmakefile.am
index e77c84f..2700869 100644
--- a/WebKitTools/GNUmakefile.am
+++ b/WebKitTools/GNUmakefile.am
@@ -169,6 +169,7 @@ TestNetscapePlugin_libtestnetscapeplugin_la_SOURCES = \
WebKitTools/DumpRenderTree/TestNetscapePlugIn/Tests/DocumentOpenInDestroyStream.cpp \
WebKitTools/DumpRenderTree/TestNetscapePlugIn/Tests/NPRuntimeObjectFromDestroyedPlugin.cpp \
WebKitTools/DumpRenderTree/TestNetscapePlugIn/Tests/NPRuntimeRemoveProperty.cpp \
+ WebKitTools/DumpRenderTree/TestNetscapePlugIn/Tests/NullNPPGetValuePointer.cpp \
WebKitTools/DumpRenderTree/TestNetscapePlugIn/Tests/PassDifferentNPPStruct.cpp \
WebKitTools/DumpRenderTree/TestNetscapePlugIn/Tests/PluginScriptableNPObjectInvokeDefault.cpp \
WebKitTools/DumpRenderTree/TestNetscapePlugIn/PluginTest.cpp \
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list