# HG changeset patch # User Jiri Vanek # Date 1452176661 -3600 # Node ID 090ff301b57d391fcb32eac35f483038d13da3ce # Parent 0d9faf51357de8c0b1d5e905a0023807d471d33b Fixed 2714 - IcedTea-Web plugin sends uninitialized memory garbage across a pipe when NPN_GetValueForURL call Resolves an issue where, if IcedTea-Web's call to NPN_GetValueForURL fails, IcedTea-Web attempts to send uninitialized memory garbage across a pipe, which (usually) results in an error. At this point, IcedTea gives up, but does not inform Firefox that it has done so, and unless dom.ipc.plugins.asyncInit is true, this causes Firefox's UI to lock up in addition to the Java component failing to diff -r 0d9faf51357d -r 090ff301b57d ChangeLog --- a/ChangeLog Thu Jan 07 14:46:46 2016 +0100 +++ b/ChangeLog Thu Jan 07 15:24:21 2016 +0100 @@ -1,3 +1,16 @@ +2016-01-07 Tiago Stürmer Daitx + Jiri Vanek + + Resolves an issue where, if IcedTea's call to NPN_GetValueForURL fails, + IcedTea-Web attempts to send uninitialized memory garbage across a pipe, which + (usually) results in an error. At this point, IcedTea gives up, but does not + inform Firefox that it has done so, and unless dom.ipc.plugins.asyncInit is + true, this causes Firefox's UI to lock up in addition to the Java component failing to load. + * plugin/icedteanp/IcedTeaNPPlugin.cc: (onsume_plugin_message) initialize len + and proxy_info. (get_proxy_info) returns correct message if + browser_functions.getvalueforurl returns error + * NEWS: mentioned PR2714 + 2016-01-07 Jiri Vanek Codebase resolution of jnlp-href is now aligned with oracle plugin diff -r 0d9faf51357d -r 090ff301b57d NEWS --- a/NEWS Thu Jan 07 14:46:46 2016 +0100 +++ b/NEWS Thu Jan 07 15:24:21 2016 +0100 @@ -19,6 +19,7 @@ * Plugin - RH1273691 - Escaped equals signs in deployment.properties not un-escaped when used - PR2746 - IcedTea-Web Plugin 1.6.1: net.sourceforge.jnlp.LaunchException + - PR2714 - IcedTea-Web plugin sends uninitialized memory garbage across a pipe when NPN_GetValueForURL call fails New in release 1.6.1 (2015-09-11): * Enabled Entry-Point attribute check diff -r 0d9faf51357d -r 090ff301b57d plugin/icedteanp/IcedTeaNPPlugin.cc --- a/plugin/icedteanp/IcedTeaNPPlugin.cc Thu Jan 07 14:46:46 2016 +0100 +++ b/plugin/icedteanp/IcedTeaNPPlugin.cc Thu Jan 07 15:24:21 2016 +0100 @@ -1154,13 +1154,13 @@ if (g_str_has_prefix(parts[1], "PluginProxyInfo")) { gchar* proxy = NULL; - uint32_t len; + uint32_t len = 0; gchar* decoded_url = (gchar*) calloc(strlen(parts[4]) + 1, sizeof(gchar)); IcedTeaPluginUtilities::decodeURL(parts[4], &decoded_url); PLUGIN_DEBUG("parts[0]=%s, parts[1]=%s, reference, parts[3]=%s, parts[4]=%s -- decoded_url=%s\n", parts[0], parts[1], parts[3], parts[4], decoded_url); - gchar* proxy_info; + gchar* proxy_info = NULL; proxy_info = g_strconcat ("plugin PluginProxyInfo reference ", parts[3], " ", NULL); if (get_proxy_info(decoded_url, &proxy, &len) == NPERR_NO_ERROR) @@ -1331,10 +1331,16 @@ } if (browser_functions.getvalueforurl) { - + NPError err; // As in get_cookie_info, we use the first active instance gpointer instance=getFirstInTableInstance(instance_to_id_map); - browser_functions.getvalueforurl((NPP) instance, NPNURLVProxy, siteAddr, proxy, len); + err = browser_functions.getvalueforurl((NPP) instance, NPNURLVProxy, siteAddr, proxy, len); + + if (err != NPERR_NO_ERROR) + { + *proxy = (char *) malloc(sizeof **proxy * 7); + *len = g_strlcpy(*proxy, "DIRECT", 7); + } } else { return NPERR_GENERIC_ERROR;