Diff
Modified: trunk/LayoutTests/ChangeLog (90147 => 90148)
--- trunk/LayoutTests/ChangeLog 2011-06-30 19:26:17 UTC (rev 90147)
+++ trunk/LayoutTests/ChangeLog 2011-06-30 19:31:01 UTC (rev 90148)
@@ -1,3 +1,16 @@
+2011-06-30 Martin Robinson <[email protected]>
+
+ Reviewed by Anders Carlsson.
+
+ [GTK] Crash observed with nspluginwrapper and flash
+ https://bugs.webkit.org/show_bug.cgi?id=62249
+
+ Added a test which verifies that WebKit does not crash when InvalidateRect
+ is called with a null instance.
+
+ * platform/gtk/plugins/invalidate-rect-with-null-npp-argument-expected.txt: Added.
+ * platform/gtk/plugins/invalidate-rect-with-null-npp-argument.html: Added.
+
2011-06-30 Tab Atkins <[email protected]>
Reviewed by Adam Barth.
Added: trunk/LayoutTests/platform/gtk/plugins/invalidate-rect-with-null-npp-argument-expected.txt (0 => 90148)
--- trunk/LayoutTests/platform/gtk/plugins/invalidate-rect-with-null-npp-argument-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/gtk/plugins/invalidate-rect-with-null-npp-argument-expected.txt 2011-06-30 19:31:01 UTC (rev 90148)
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: line 0: PLUGIN: SUCCESS!
+
+This tests that when the plugin calls NPN_InvlidateRect we do not crash.
Property changes on: trunk/LayoutTests/platform/gtk/plugins/invalidate-rect-with-null-npp-argument-expected.txt
___________________________________________________________________
Added: svn:eol-style
Added: trunk/LayoutTests/platform/gtk/plugins/invalidate-rect-with-null-npp-argument.html (0 => 90148)
--- trunk/LayoutTests/platform/gtk/plugins/invalidate-rect-with-null-npp-argument.html (rev 0)
+++ trunk/LayoutTests/platform/gtk/plugins/invalidate-rect-with-null-npp-argument.html 2011-06-30 19:31:01 UTC (rev 90148)
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <script>
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+ </script>
+</head>
+<body>
+ <div>
+ <embed id=testPlugin type="application/x-webkit-test-netscape" test="call-invalidate-rect-with-null-npp-argument"></embed>
+ </div>
+ <p>This tests that when the plugin calls NPN_InvlidateRect we do not crash.</p>
+</body>
+</html>
Property changes on: trunk/LayoutTests/platform/gtk/plugins/invalidate-rect-with-null-npp-argument.html
___________________________________________________________________
Added: svn:eol-style
Modified: trunk/Source/WebCore/ChangeLog (90147 => 90148)
--- trunk/Source/WebCore/ChangeLog 2011-06-30 19:26:17 UTC (rev 90147)
+++ trunk/Source/WebCore/ChangeLog 2011-06-30 19:31:01 UTC (rev 90148)
@@ -1,3 +1,15 @@
+2011-06-30 Martin Robinson <[email protected]>
+
+ Reviewed by Anders Carlsson.
+
+ [GTK] Crash observed with nspluginwrapper and flash
+ https://bugs.webkit.org/show_bug.cgi?id=62249
+
+ Test: plugins/invalidate-rect-with-null-npp-argument.html
+
+ * plugins/npapi.cpp:
+ (NPN_InvalidateRect): Guard against null instances here.
+
2011-06-30 Levi Weintraub <[email protected]>
Reviewed by Eric Seidel.
Modified: trunk/Source/WebCore/plugins/npapi.cpp (90147 => 90148)
--- trunk/Source/WebCore/plugins/npapi.cpp 2011-06-30 19:26:17 UTC (rev 90147)
+++ trunk/Source/WebCore/plugins/npapi.cpp 2011-06-30 19:31:01 UTC (rev 90148)
@@ -121,7 +121,14 @@
void NPN_InvalidateRect(NPP instance, NPRect* invalidRect)
{
- pluginViewForInstance(instance)->invalidateRect(invalidRect);
+ PluginView* view = pluginViewForInstance(instance);
+#if defined(TARGET_X11)
+ // NSPluginWrapper, a plugin wrapper binary that allows running 32-bit plugins
+ // on 64-bit architectures typically used in X11, will sometimes give us a null NPP here.
+ if (!view)
+ return;
+#endif
+ view->invalidateRect(invalidRect);
}
void NPN_InvalidateRegion(NPP instance, NPRegion invalidRegion)
Modified: trunk/Source/WebKit2/ChangeLog (90147 => 90148)
--- trunk/Source/WebKit2/ChangeLog 2011-06-30 19:26:17 UTC (rev 90147)
+++ trunk/Source/WebKit2/ChangeLog 2011-06-30 19:31:01 UTC (rev 90148)
@@ -1,3 +1,13 @@
+2011-06-30 Martin Robinson <[email protected]>
+
+ Reviewed by Anders Carlsson.
+
+ [GTK] Crash observed with nspluginwrapper and flash
+ https://bugs.webkit.org/show_bug.cgi?id=62249
+
+ * WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp:
+ (WebKit::NPN_InvalidateRect): Guard against null instances here.
+
2011-06-30 Mark Rowe <[email protected]>
Reviewed by Anders Carlsson.
Modified: trunk/Source/WebKit2/WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp (90147 => 90148)
--- trunk/Source/WebKit2/WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp 2011-06-30 19:26:17 UTC (rev 90147)
+++ trunk/Source/WebKit2/WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp 2011-06-30 19:31:01 UTC (rev 90148)
@@ -593,6 +593,12 @@
static void NPN_InvalidateRect(NPP npp, NPRect* invalidRect)
{
+#if PLUGIN_ARCHITECTURE(X11)
+ // NSPluginWrapper, a plugin wrapper binary that allows running 32-bit plugins
+ // on 64-bit architectures typically used in X11, will sometimes give us a null NPP here.
+ if (!npp)
+ return;
+#endif
RefPtr<NetscapePlugin> plugin = NetscapePlugin::fromNPP(npp);
plugin->invalidate(invalidRect);
}
Modified: trunk/Tools/ChangeLog (90147 => 90148)
--- trunk/Tools/ChangeLog 2011-06-30 19:26:17 UTC (rev 90147)
+++ trunk/Tools/ChangeLog 2011-06-30 19:31:01 UTC (rev 90148)
@@ -1,3 +1,18 @@
+2011-06-30 Martin Robinson <[email protected]>
+
+ Reviewed by Anders Carlsson.
+
+ [GTK] Crash observed with nspluginwrapper and flash
+ https://bugs.webkit.org/show_bug.cgi?id=62249
+
+ Added a TestNetscapePlugin test which verifies that WebKit properly
+ handles situations where InvalidateRect is called with a null instance.
+
+ * DumpRenderTree/TestNetscapePlugIn/Tests/x11/CallInvalidateRectWithNullNPPArgument.cpp: Added.
+ (CallInvalidateRectWithNullNPPArgument::CallInvalidateRectWithNullNPPArgument):
+ (CallInvalidateRectWithNullNPPArgument::NPP_New):
+ * GNUmakefile.am: Add the new file to sources list.
+
2011-06-30 Eric Seidel <[email protected]>
Reviewed by Adam Barth.
Added: trunk/Tools/DumpRenderTree/TestNetscapePlugIn/Tests/x11/CallInvalidateRectWithNullNPPArgument.cpp (0 => 90148)
--- trunk/Tools/DumpRenderTree/TestNetscapePlugIn/Tests/x11/CallInvalidateRectWithNullNPPArgument.cpp (rev 0)
+++ trunk/Tools/DumpRenderTree/TestNetscapePlugIn/Tests/x11/CallInvalidateRectWithNullNPPArgument.cpp 2011-06-30 19:31:01 UTC (rev 90148)
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "PluginTest.h"
+
+#include "PluginObject.h"
+
+using namespace std;
+
+class CallInvalidateRectWithNullNPPArgument : public PluginTest {
+public:
+ CallInvalidateRectWithNullNPPArgument(NPP npp, const string& identifier)
+ : PluginTest(npp, identifier)
+ {
+ }
+
+private:
+ virtual NPError NPP_New(NPMIMEType pluginType, uint16_t mode, int16_t argc, char *argn[], char *argv[], NPSavedData *saved)
+ {
+ NPRect rect;
+ browser->invalidaterect(0, &rect);
+ pluginLog(m_npp, "SUCCESS!");
+ return NPERR_NO_ERROR;
+ }
+
+};
+
+static PluginTest::Register<CallInvalidateRectWithNullNPPArgument> callInvalidateRectWithNullNPPArgument("call-invalidate-rect-with-null-npp-argument");
Property changes on: trunk/Tools/DumpRenderTree/TestNetscapePlugIn/Tests/x11/CallInvalidateRectWithNullNPPArgument.cpp
___________________________________________________________________
Added: svn:eol-style
Modified: trunk/Tools/GNUmakefile.am (90147 => 90148)
--- trunk/Tools/GNUmakefile.am 2011-06-30 19:26:17 UTC (rev 90147)
+++ trunk/Tools/GNUmakefile.am 2011-06-30 19:31:01 UTC (rev 90148)
@@ -254,6 +254,7 @@
Tools/DumpRenderTree/TestNetscapePlugIn/Tests/NullNPPGetValuePointer.cpp \
Tools/DumpRenderTree/TestNetscapePlugIn/Tests/PassDifferentNPPStruct.cpp \
Tools/DumpRenderTree/TestNetscapePlugIn/Tests/PluginScriptableNPObjectInvokeDefault.cpp \
+ Tools/DumpRenderTree/TestNetscapePlugIn/Tests/x11/CallInvalidateRectWithNullNPPArgument.cpp \
Tools/DumpRenderTree/TestNetscapePlugIn/PluginTest.cpp \
Tools/DumpRenderTree/TestNetscapePlugIn/PluginTest.h \
Tools/DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp \
