Mercurial > hg > release > icedtea-web-1.2

changeset 358:d65bd94e0ba9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fixes PR518, ensures null termination of strings based off of NPVariant results.
author Adam Domurad <adomurad@redhat.com>
date Fri, 08 Jun 2012 13:44:25 -0400
parents d7375e2a9076
children a49edd57b1b3
files ChangeLog NEWS plugin/icedteanp/IcedTeaJavaRequestProcessor.cc plugin/icedteanp/IcedTeaNPPlugin.cc plugin/icedteanp/IcedTeaPluginUtils.cc plugin/icedteanp/IcedTeaPluginUtils.h
diffstat 6 files changed, 46 insertions(+), 40 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Fri Jun 01 16:05:18 2012 -0400
+++ b/ChangeLog	Fri Jun 08 13:44:25 2012 -0400
@@ -1,3 +1,19 @@
+2012-06-04  Adam Domurad  <adomurad@redhat.com>
+
+        This patch fixes PR518, ensures null termination of strings based off
+        of NPVariant results.
+	* NEWS: Added line about fixing PR518
+        * plugin/icedteanp/IcedTeaPluginUtils.h: Added declaration of 
+        NPVariantAsString
+        * plugin/icedteanp/IcedTeaPluginUtils.cc
+        (NPVariantAsString): New. Converts an NPVariant to a 
+        std::string, assumes it is a string.
+        (isObjectJSArray): Now uses NPVariantAsString, minor cleanup.
+        * plugin/icedteanp/IcedTeaJavaRequestProcessor.cc
+        (plugin_get_documentbase): Now uses NPVariantAsString.
+        * plugin/icedteanp/IcedTeaNPPlugin.cc
+        (NPVariantToString): Now uses NPVariantAsString, minor cleanup.
+
 2012-06-01  Deepak Bhole <dbhole@redhat.com>
 
 	PR863: Error passing strings to applet methods in Chromium
--- a/NEWS	Fri Jun 01 16:05:18 2012 -0400
+++ b/NEWS	Fri Jun 08 13:44:25 2012 -0400
@@ -14,6 +14,7 @@
 * Plugin
   - PR863: Error passing strings to applet methods in Chromium
   - PR895: IcedTea-Web searches for missing classes on each loadClass or findClass
+  - PR518: NPString.utf8characters not guaranteed to be nul-terminated
 
 New in release 1.2 (2012-03-05):
 * Security updates:
--- a/plugin/icedteanp/IcedTeaJavaRequestProcessor.cc	Fri Jun 01 16:05:18 2012 -0400
+++ b/plugin/icedteanp/IcedTeaJavaRequestProcessor.cc	Fri Jun 08 13:44:25 2012 -0400
@@ -904,11 +904,7 @@
     } else if (NPVARIANT_IS_STRING(variant))
     {
     	className = "java.lang.String";
-#if MOZILLA_VERSION_COLLAPSED < 1090200
-    	stringArg.append(NPVARIANT_TO_STRING(variant).utf8characters, NPVARIANT_TO_STRING(variant).utf8length);
-#else
-    	stringArg.append(NPVARIANT_TO_STRING(variant).UTF8Characters, NPVARIANT_TO_STRING(variant).UTF8Length);
-#endif
+    	stringArg = IcedTeaPluginUtilities::NPVariantAsString(variant);
     } else if (NPVARIANT_IS_OBJECT(variant))
     {
 
--- a/plugin/icedteanp/IcedTeaNPPlugin.cc	Fri Jun 01 16:05:18 2012 -0400
+++ b/plugin/icedteanp/IcedTeaNPPlugin.cc	Fri Jun 08 13:44:25 2012 -0400
@@ -1093,17 +1093,10 @@
   browser_functions.getproperty(instance, NPVARIANT_TO_OBJECT(location), 
                                href_id, &href);
 
+  std::string href_str = IcedTeaPluginUtilities::NPVariantAsString(href);
+
   // Strip everything after the last "/"
-  char *href_str;
-#if MOZILLA_VERSION_COLLAPSED < 1090200
-  href_str = (char*) malloc(sizeof(char)*NPVARIANT_TO_STRING(href).utf8length + 1);
-  snprintf(href_str, NPVARIANT_TO_STRING(href).utf8length+1, "%s", NPVARIANT_TO_STRING(href).utf8characters);
-#else
-  href_str = (char*) malloc(sizeof(char)*NPVARIANT_TO_STRING(href).UTF8Length + 1);
-  snprintf(href_str, NPVARIANT_TO_STRING(href).UTF8Length+1, "%s", NPVARIANT_TO_STRING(href).UTF8Characters);
-#endif
-
-  gchar** parts = g_strsplit (href_str, "/", -1);
+  gchar** parts = g_strsplit (href_str.c_str(), "/", -1);
   guint parts_sz = g_strv_length (parts);
 
   std::string location_str;
@@ -1119,8 +1112,6 @@
   browser_functions.releasevariantvalue(&href);
   browser_functions.releasevariantvalue(&location);
   g_strfreev(parts);
-  free(href_str);
-  href_str = NULL;
  cleanup_done:
   PLUGIN_DEBUG ("plugin_get_documentbase return\n");
   PLUGIN_DEBUG("plugin_get_documentbase returning: %s\n", documentbase_copy);
--- a/plugin/icedteanp/IcedTeaPluginUtils.cc	Fri Jun 01 16:05:18 2012 -0400
+++ b/plugin/icedteanp/IcedTeaPluginUtils.cc	Fri Jun 08 13:44:25 2012 -0400
@@ -668,11 +668,8 @@
     }
     else if (NPVARIANT_IS_STRING(variant))
     {
-#if MOZILLA_VERSION_COLLAPSED < 1090200
-    	PLUGIN_DEBUG("STRING: %s (length=%d)\n", NPVARIANT_TO_STRING(variant).utf8characters, NPVARIANT_TO_STRING(variant).utf8length);
-#else
-    	PLUGIN_DEBUG("STRING: %s (length=%d)\n", NPVARIANT_TO_STRING(variant).UTF8Characters, NPVARIANT_TO_STRING(variant).UTF8Length);
-#endif
+    	std::string str = IcedTeaPluginUtilities::NPVariantAsString(variant);
+    	PLUGIN_DEBUG("STRING: %s (length=%d)\n", str.c_str(), str.size());
     }
     else
     {
@@ -684,7 +681,7 @@
 IcedTeaPluginUtilities::NPVariantToString(NPVariant variant, std::string* result)
 {
 	char* str = (char*) malloc(sizeof(char)*32); // enough for everything except string
-
+    bool was_string_already = false;
     if (NPVARIANT_IS_VOID(variant))
     {
         sprintf(str, "%p", variant);
@@ -710,21 +707,15 @@
     }
     else if (NPVARIANT_IS_STRING(variant))
     {
-    	free(str);
-#if MOZILLA_VERSION_COLLAPSED < 1090200
-    	str = (char*) malloc(sizeof(char)*NPVARIANT_TO_STRING(variant).utf8length + 1);
-    	snprintf(str, NPVARIANT_TO_STRING(variant).utf8length+1, "%s", NPVARIANT_TO_STRING(variant).utf8characters);
-#else
-    	str = (char*) malloc(sizeof(char)*NPVARIANT_TO_STRING(variant).UTF8Length + 1);
-    	snprintf(str, NPVARIANT_TO_STRING(variant).UTF8Length+1, "%s", NPVARIANT_TO_STRING(variant).UTF8Characters);
-#endif
+    	result->append(IcedTeaPluginUtilities::NPVariantAsString(variant));
+    	was_string_already = true;
     }
     else
     {
         sprintf(str, "[Object %p]", variant);
     }
-
-    result->append(str);
+    if (!was_string_already)
+        result->append(str);
     free(str);
 }
 
@@ -864,13 +855,7 @@
     browser_functions.invoke(instance, constructor, toString, NULL, 0, &constructor_str);
     IcedTeaPluginUtilities::printNPVariant(constructor_str);
 
-    std::string constructor_name = std::string();
-
-#if MOZILLA_VERSION_COLLAPSED < 1090200
-    constructor_name.append(NPVARIANT_TO_STRING(constructor_str).utf8characters, NPVARIANT_TO_STRING(constructor_str).utf8length);
-#else
-    constructor_name.append(NPVARIANT_TO_STRING(constructor_str).UTF8Characters, NPVARIANT_TO_STRING(constructor_str).UTF8Length);
-#endif
+    std::string constructor_name = IcedTeaPluginUtilities::NPVariantAsString(constructor_str);
 
     PLUGIN_DEBUG("Constructor for NPObject is %s\n", constructor_name.c_str());
 
@@ -913,6 +898,20 @@
     PLUGIN_DEBUG("SENDING URL: %s\n", *decoded_url);
 }
 
+/* Copies a variant data type into a C++ string */
+std::string
+IcedTeaPluginUtilities::NPVariantAsString(NPVariant variant)
+{
+#if MOZILLA_VERSION_COLLAPSED < 1090200
+  return std::string((
+    NPVARIANT_TO_STRING(variant).utf8characters,
+    NPVARIANT_TO_STRING(variant).utf8ength);
+#else
+  return std::string(
+    NPVARIANT_TO_STRING(variant).UTF8Characters,
+    NPVARIANT_TO_STRING(variant).UTF8Length);
+#endif
+}
 
 /**
  * Posts a function for execution on the plug-in thread and wait for result.
--- a/plugin/icedteanp/IcedTeaPluginUtils.h	Fri Jun 01 16:05:18 2012 -0400
+++ b/plugin/icedteanp/IcedTeaPluginUtils.h	Fri Jun 08 13:44:25 2012 -0400
@@ -205,6 +205,9 @@
     	/* Converts the given integer to a string */
     	static void itoa(int i, std::string* result);
 
+    	/* Copies a variant data type into a C++ string */
+    	static std::string NPVariantAsString(NPVariant variant);
+
     	/* Frees the given vector and the strings that its contents point to */
     	static void freeStringPtrVector(std::vector<std::string*>* v);