Title: [112714] trunk/Source/WebCore
- Revision
- 112714
- Author
- commit-qu...@webkit.org
- Date
- 2012-03-30 13:19:22 -0700 (Fri, 30 Mar 2012)
Log Message
[BlackBerry] Make sure strings do not leak in PluginViewBlackberry.
https://bugs.webkit.org/show_bug.cgi?id=82764
Update PluginViewBlackBerry to follow the changes in
BlackBerry::Platform::Window which now returns std::string instead of char* for
strings. Also copy the windowGroup and rootGroup strings in PluginViewPrivate
instead of just saving a pointer to the returned memory, which could become
invalid at any time.
Patch by Joe Mason <jma...@rim.com> on 2012-03-30
Reviewed by Rob Buis.
* plugins/blackberry/PluginViewBlackBerry.cpp:
(WebCore::PluginView::setNPWindowIfNeeded):
(WebCore::PluginView::platformGetValue):
(WebCore::PluginView::platformDestroy):
* plugins/blackberry/PluginViewPrivateBlackBerry.h:
(PluginViewPrivate):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (112713 => 112714)
--- trunk/Source/WebCore/ChangeLog 2012-03-30 20:03:10 UTC (rev 112713)
+++ trunk/Source/WebCore/ChangeLog 2012-03-30 20:19:22 UTC (rev 112714)
@@ -1,3 +1,23 @@
+2012-03-30 Joe Mason <jma...@rim.com>
+
+ [BlackBerry] Make sure strings do not leak in PluginViewBlackberry.
+ https://bugs.webkit.org/show_bug.cgi?id=82764
+
+ Update PluginViewBlackBerry to follow the changes in
+ BlackBerry::Platform::Window which now returns std::string instead of char* for
+ strings. Also copy the windowGroup and rootGroup strings in PluginViewPrivate
+ instead of just saving a pointer to the returned memory, which could become
+ invalid at any time.
+
+ Reviewed by Rob Buis.
+
+ * plugins/blackberry/PluginViewBlackBerry.cpp:
+ (WebCore::PluginView::setNPWindowIfNeeded):
+ (WebCore::PluginView::platformGetValue):
+ (WebCore::PluginView::platformDestroy):
+ * plugins/blackberry/PluginViewPrivateBlackBerry.h:
+ (PluginViewPrivate):
+
2012-03-30 Anders Carlsson <ander...@apple.com>
Another build fix.
Modified: trunk/Source/WebCore/plugins/blackberry/PluginViewBlackBerry.cpp (112713 => 112714)
--- trunk/Source/WebCore/plugins/blackberry/PluginViewBlackBerry.cpp 2012-03-30 20:03:10 UTC (rev 112713)
+++ trunk/Source/WebCore/plugins/blackberry/PluginViewBlackBerry.cpp 2012-03-30 20:19:22 UTC (rev 112714)
@@ -2,7 +2,7 @@
* Copyright (C) 2006, 2007 Apple Inc. All rights reserved.
* Copyright (C) 2008 Collabora Ltd. All rights reserved.
* Copyright (C) 2009 Girish Ramakrishnan <gir...@forwardbias.in>
- * Copyright (C) 2011 Research In Motion Limited. All rights reserved.
+ * Copyright (C) 2011, 2012 Research In Motion Limited. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -973,8 +973,11 @@
m_npWindow.type = NPWindowTypeDrawable;
BlackBerry::Platform::Graphics::Window* window = frameView->hostWindow()->platformPageClient()->platformWindow();
- if (window)
- ((NPSetWindowCallbackStruct*)m_npWindow.ws_info)->windowGroup = window->windowGroup();
+ if (window) {
+ // Make a local copy of the window group to be sure it doesn't go out of scope while the ws_info struct exists
+ m_private->m_windowGroup = window->windowGroup();
+ ((NPSetWindowCallbackStruct*) m_npWindow.ws_info)->windowGroup = m_private->m_windowGroup.c_str();
+ }
PluginView::setCurrentPluginView(this);
JSC::JSLock::DropAllLocks dropAllLocks(JSC::SilenceAssertionsOnly);
@@ -1093,8 +1096,12 @@
if (frameView) {
BlackBerry::Platform::Graphics::Window *window = frameView->hostWindow()->platformPageClient()->platformWindow();
if (window) {
+ // Make a copy of the root group to be sure it doesn't go out of scope.
+ m_private->m_rootGroup = window->rootGroup();
+
+ // Store it into value through an indirect pointer.
void** tempValue = static_cast<void**>(value);
- *tempValue = (void*)window->rootGroup();
+ *tempValue = reinterpret_cast<void*>(const_cast<char*>(m_private->m_rootGroup.c_str()));
if (*tempValue) {
*result = NPERR_NO_ERROR;
@@ -1111,8 +1118,12 @@
if (frameView) {
BlackBerry::Platform::Graphics::Window* window = frameView->hostWindow()->platformPageClient()->platformWindow();
if (window) {
+ // Make a copy of the window group to be sure it doesn't go out of scope.
+ m_private->m_windowGroup = window->windowGroup();
+
+ // Store it into value through an indirect pointer.
void** tempValue = static_cast<void**>(value);
- *tempValue = reinterpret_cast<void*>(const_cast<char*>(window->windowGroup()));
+ *tempValue = reinterpret_cast<void*>(const_cast<char*>(m_private->m_windowGroup.c_str()));
if (*tempValue) {
*result = NPERR_NO_ERROR;
@@ -1272,6 +1283,10 @@
if (!m_private)
return;
+ // ws_info->windowGroup points to memory in m_private, which is about to go away (unless it is uninitialized at this point)
+ if (m_npWindow.ws_info)
+ ((NPSetWindowCallbackStruct*)m_npWindow.ws_info)->windowGroup = 0;
+
// This will unlock the idle (if we have locked it).
m_private->preventIdle(false);
Modified: trunk/Source/WebCore/plugins/blackberry/PluginViewPrivateBlackBerry.h (112713 => 112714)
--- trunk/Source/WebCore/plugins/blackberry/PluginViewPrivateBlackBerry.h 2012-03-30 20:03:10 UTC (rev 112713)
+++ trunk/Source/WebCore/plugins/blackberry/PluginViewPrivateBlackBerry.h 2012-03-30 20:19:22 UTC (rev 112714)
@@ -83,6 +83,8 @@
bool m_isBackgroundPlaying;
std::string m_pluginUniquePrefix;
+ std::string m_windowGroup;
+ std::string m_rootGroup;
BlackBerry::Platform::IntRectRegion m_invalidateRegion;
friend class PluginView;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
