Diff
Modified: releases/WebKitGTK/webkit-1.4/LayoutTests/ChangeLog (90149 => 90150)
--- releases/WebKitGTK/webkit-1.4/LayoutTests/ChangeLog 2011-06-30 19:31:20 UTC (rev 90149)
+++ releases/WebKitGTK/webkit-1.4/LayoutTests/ChangeLog 2011-06-30 19:32:45 UTC (rev 90150)
@@ -1,3 +1,16 @@
+2011-06-30 Martin Robinson <[email protected]>
+
+ Reviewed by Anders Carlsson.
+
+ [GTK] Crash observed with nspluginwrapper and flash
+ https://bugs.webkit.org/show_bug.cgi?id=62249
+
+ Added a test which verifies that WebKit does not crash when InvalidateRect
+ is called with a null instance.
+
+ * platform/gtk/plugins/invalidate-rect-with-null-npp-argument-expected.txt: Added.
+ * platform/gtk/plugins/invalidate-rect-with-null-npp-argument.html: Added.
+
2011-06-04 Martin Robinson <[email protected]>
Reviewed by Xan Lopez.
Added: releases/WebKitGTK/webkit-1.4/LayoutTests/platform/gtk/plugins/invalidate-rect-with-null-npp-argument-expected.txt (0 => 90150)
--- releases/WebKitGTK/webkit-1.4/LayoutTests/platform/gtk/plugins/invalidate-rect-with-null-npp-argument-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-1.4/LayoutTests/platform/gtk/plugins/invalidate-rect-with-null-npp-argument-expected.txt 2011-06-30 19:32:45 UTC (rev 90150)
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: line 0: PLUGIN: SUCCESS!
+
+This tests that when the plugin calls NPN_InvlidateRect we do not crash.
Property changes on: releases/WebKitGTK/webkit-1.4/LayoutTests/platform/gtk/plugins/invalidate-rect-with-null-npp-argument-expected.txt
___________________________________________________________________
Added: svn:eol-style
Added: releases/WebKitGTK/webkit-1.4/LayoutTests/platform/gtk/plugins/invalidate-rect-with-null-npp-argument.html (0 => 90150)
--- releases/WebKitGTK/webkit-1.4/LayoutTests/platform/gtk/plugins/invalidate-rect-with-null-npp-argument.html (rev 0)
+++ releases/WebKitGTK/webkit-1.4/LayoutTests/platform/gtk/plugins/invalidate-rect-with-null-npp-argument.html 2011-06-30 19:32:45 UTC (rev 90150)
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <script>
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+ </script>
+</head>
+<body>
+ <div>
+ <embed id=testPlugin type="application/x-webkit-test-netscape" test="call-invalidate-rect-with-null-npp-argument"></embed>
+ </div>
+ <p>This tests that when the plugin calls NPN_InvlidateRect we do not crash.</p>
+</body>
+</html>
Property changes on: releases/WebKitGTK/webkit-1.4/LayoutTests/platform/gtk/plugins/invalidate-rect-with-null-npp-argument.html
___________________________________________________________________
Added: svn:eol-style
Modified: releases/WebKitGTK/webkit-1.4/Source/WebCore/ChangeLog (90149 => 90150)
--- releases/WebKitGTK/webkit-1.4/Source/WebCore/ChangeLog 2011-06-30 19:31:20 UTC (rev 90149)
+++ releases/WebKitGTK/webkit-1.4/Source/WebCore/ChangeLog 2011-06-30 19:32:45 UTC (rev 90150)
@@ -1,5 +1,17 @@
2011-06-30 Martin Robinson <[email protected]>
+ Reviewed by Anders Carlsson.
+
+ [GTK] Crash observed with nspluginwrapper and flash
+ https://bugs.webkit.org/show_bug.cgi?id=62249
+
+ Test: plugins/invalidate-rect-with-null-npp-argument.html
+
+ * plugins/npapi.cpp:
+ (NPN_InvalidateRect): Guard against null instances here.
+
+2011-06-30 Martin Robinson <[email protected]>
+
Reviewed by Xan Lopez.
[Freetype] Many tests report ERROR: Failed to get glyph page zero.
Modified: releases/WebKitGTK/webkit-1.4/Source/WebCore/plugins/npapi.cpp (90149 => 90150)
--- releases/WebKitGTK/webkit-1.4/Source/WebCore/plugins/npapi.cpp 2011-06-30 19:31:20 UTC (rev 90149)
+++ releases/WebKitGTK/webkit-1.4/Source/WebCore/plugins/npapi.cpp 2011-06-30 19:32:45 UTC (rev 90150)
@@ -121,7 +121,14 @@
void NPN_InvalidateRect(NPP instance, NPRect* invalidRect)
{
- pluginViewForInstance(instance)->invalidateRect(invalidRect);
+ PluginView* view = pluginViewForInstance(instance);
+#if defined(TARGET_X11)
+ // NSPluginWrapper, a plugin wrapper binary that allows running 32-bit plugins
+ // on 64-bit architectures typically used in X11, will sometimes give us a null NPP here.
+ if (!view)
+ return;
+#endif
+ view->invalidateRect(invalidRect);
}
void NPN_InvalidateRegion(NPP instance, NPRegion invalidRegion)
Modified: releases/WebKitGTK/webkit-1.4/Source/WebKit2/ChangeLog (90149 => 90150)
--- releases/WebKitGTK/webkit-1.4/Source/WebKit2/ChangeLog 2011-06-30 19:31:20 UTC (rev 90149)
+++ releases/WebKitGTK/webkit-1.4/Source/WebKit2/ChangeLog 2011-06-30 19:32:45 UTC (rev 90150)
@@ -1,3 +1,13 @@
+2011-06-30 Martin Robinson <[email protected]>
+
+ Reviewed by Anders Carlsson.
+
+ [GTK] Crash observed with nspluginwrapper and flash
+ https://bugs.webkit.org/show_bug.cgi?id=62249
+
+ * WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp:
+ (WebKit::NPN_InvalidateRect): Guard against null instances here.
+
2011-03-18 Darin Adler <[email protected]>
Reviewed by Anders Carlsson.
Modified: releases/WebKitGTK/webkit-1.4/Source/WebKit2/WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp (90149 => 90150)
--- releases/WebKitGTK/webkit-1.4/Source/WebKit2/WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp 2011-06-30 19:31:20 UTC (rev 90149)
+++ releases/WebKitGTK/webkit-1.4/Source/WebKit2/WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp 2011-06-30 19:32:45 UTC (rev 90150)
@@ -560,6 +560,12 @@
static void NPN_InvalidateRect(NPP npp, NPRect* invalidRect)
{
+#if PLUGIN_ARCHITECTURE(X11)
+ // NSPluginWrapper, a plugin wrapper binary that allows running 32-bit plugins
+ // on 64-bit architectures typically used in X11, will sometimes give us a null NPP here.
+ if (!npp)
+ return;
+#endif
RefPtr<NetscapePlugin> plugin = NetscapePlugin::fromNPP(npp);
plugin->invalidate(invalidRect);
}
Modified: releases/WebKitGTK/webkit-1.4/Tools/ChangeLog (90149 => 90150)
--- releases/WebKitGTK/webkit-1.4/Tools/ChangeLog 2011-06-30 19:31:20 UTC (rev 90149)
+++ releases/WebKitGTK/webkit-1.4/Tools/ChangeLog 2011-06-30 19:32:45 UTC (rev 90150)
@@ -1,3 +1,18 @@
+2011-06-30 Martin Robinson <[email protected]>
+
+ Reviewed by Anders Carlsson.
+
+ [GTK] Crash observed with nspluginwrapper and flash
+ https://bugs.webkit.org/show_bug.cgi?id=62249
+
+ Added a TestNetscapePlugin test which verifies that WebKit properly
+ handles situations where InvalidateRect is called with a null instance.
+
+ * DumpRenderTree/TestNetscapePlugIn/Tests/x11/CallInvalidateRectWithNullNPPArgument.cpp: Added.
+ (CallInvalidateRectWithNullNPPArgument::CallInvalidateRectWithNullNPPArgument):
+ (CallInvalidateRectWithNullNPPArgument::NPP_New):
+ * GNUmakefile.am: Add the new file to sources list.
+
2011-04-14 Gustavo Noronha Silva <[email protected]>
Reviewed by Martin Robinson.
Added: releases/WebKitGTK/webkit-1.4/Tools/DumpRenderTree/TestNetscapePlugIn/Tests/x11/CallInvalidateRectWithNullNPPArgument.cpp (0 => 90150)
--- releases/WebKitGTK/webkit-1.4/Tools/DumpRenderTree/TestNetscapePlugIn/Tests/x11/CallInvalidateRectWithNullNPPArgument.cpp (rev 0)
+++ releases/WebKitGTK/webkit-1.4/Tools/DumpRenderTree/TestNetscapePlugIn/Tests/x11/CallInvalidateRectWithNullNPPArgument.cpp 2011-06-30 19:32:45 UTC (rev 90150)
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "PluginTest.h"
+
+#include "PluginObject.h"
+
+using namespace std;
+
+class CallInvalidateRectWithNullNPPArgument : public PluginTest {
+public:
+ CallInvalidateRectWithNullNPPArgument(NPP npp, const string& identifier)
+ : PluginTest(npp, identifier)
+ {
+ }
+
+private:
+ virtual NPError NPP_New(NPMIMEType pluginType, uint16_t mode, int16_t argc, char *argn[], char *argv[], NPSavedData *saved)
+ {
+ NPRect rect;
+ browser->invalidaterect(0, &rect);
+ pluginLog(m_npp, "SUCCESS!");
+ return NPERR_NO_ERROR;
+ }
+
+};
+
+static PluginTest::Register<CallInvalidateRectWithNullNPPArgument> callInvalidateRectWithNullNPPArgument("call-invalidate-rect-with-null-npp-argument");
Property changes on: releases/WebKitGTK/webkit-1.4/Tools/DumpRenderTree/TestNetscapePlugIn/Tests/x11/CallInvalidateRectWithNullNPPArgument.cpp
___________________________________________________________________
Added: svn:eol-style
Modified: releases/WebKitGTK/webkit-1.4/Tools/GNUmakefile.am (90149 => 90150)
--- releases/WebKitGTK/webkit-1.4/Tools/GNUmakefile.am 2011-06-30 19:31:20 UTC (rev 90149)
+++ releases/WebKitGTK/webkit-1.4/Tools/GNUmakefile.am 2011-06-30 19:32:45 UTC (rev 90150)
@@ -186,6 +186,7 @@
Tools/DumpRenderTree/TestNetscapePlugIn/Tests/NullNPPGetValuePointer.cpp \
Tools/DumpRenderTree/TestNetscapePlugIn/Tests/PassDifferentNPPStruct.cpp \
Tools/DumpRenderTree/TestNetscapePlugIn/Tests/PluginScriptableNPObjectInvokeDefault.cpp \
+ Tools/DumpRenderTree/TestNetscapePlugIn/Tests/x11/CallInvalidateRectWithNullNPPArgument.cpp \
Tools/DumpRenderTree/TestNetscapePlugIn/PluginTest.cpp \
Tools/DumpRenderTree/TestNetscapePlugIn/PluginTest.h \
Tools/DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp \
