Mercurial > hg > release > icedtea-web-1.6

changeset 1283:090ff301b57d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixed 2714 - IcedTea-Web plugin sends uninitialized memory garbage across a pipe when NPN_GetValueForURL call Resolves an issue where, if IcedTea-Web's call to NPN_GetValueForURL fails, IcedTea-Web attempts to send uninitialized memory garbage across a pipe, which (usually) results in an error. At this point, IcedTea gives up, but does not inform Firefox that it has done so, and unless dom.ipc.plugins.asyncInit is true, this causes Firefox's UI to lock up in addition to the Java component failing to
author Jiri Vanek <jvanek@redhat.com>
date Thu, 07 Jan 2016 15:24:21 +0100
parents 0d9faf51357d
children 834746c2a271
files ChangeLog NEWS plugin/icedteanp/IcedTeaNPPlugin.cc
diffstat 3 files changed, 24 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Thu Jan 07 14:46:46 2016 +0100
+++ b/ChangeLog	Thu Jan 07 15:24:21 2016 +0100
@@ -1,3 +1,16 @@
+2016-01-07  Tiago Stürmer Daitx <tdaitx@gmail.com>
+            Jiri Vanek  <jvanek@redhat.com>
+
+	Resolves an issue where, if IcedTea's call to NPN_GetValueForURL fails,
+	IcedTea-Web attempts to send uninitialized memory garbage across a pipe, which
+	(usually) results in an error. At this point, IcedTea gives up, but does not
+	inform Firefox that it has done so, and unless dom.ipc.plugins.asyncInit is
+	true, this causes Firefox's UI to lock up in addition to the Java component failing to load.
+	* plugin/icedteanp/IcedTeaNPPlugin.cc: (onsume_plugin_message) initialize len
+	and proxy_info. (get_proxy_info) returns correct message if 
+	browser_functions.getvalueforurl returns error
+	* NEWS: mentioned PR2714
+
 2016-01-07  Jiri Vanek  <jvanek@redhat.com>
 
 	Codebase resolution of jnlp-href is now aligned with oracle plugin
--- a/NEWS	Thu Jan 07 14:46:46 2016 +0100
+++ b/NEWS	Thu Jan 07 15:24:21 2016 +0100
@@ -19,6 +19,7 @@
 * Plugin
   - RH1273691 - Escaped equals signs in deployment.properties not un-escaped when used
   - PR2746 - IcedTea-Web Plugin 1.6.1: net.sourceforge.jnlp.LaunchException 
+  - PR2714 - IcedTea-Web plugin sends uninitialized memory garbage across a pipe when NPN_GetValueForURL call fails
 
 New in release 1.6.1 (2015-09-11):
 * Enabled Entry-Point attribute check
--- a/plugin/icedteanp/IcedTeaNPPlugin.cc	Thu Jan 07 14:46:46 2016 +0100
+++ b/plugin/icedteanp/IcedTeaNPPlugin.cc	Thu Jan 07 15:24:21 2016 +0100
@@ -1154,13 +1154,13 @@
   if (g_str_has_prefix(parts[1], "PluginProxyInfo"))
   {
     gchar* proxy = NULL;
-    uint32_t len;
+    uint32_t len = 0;
 
     gchar* decoded_url = (gchar*) calloc(strlen(parts[4]) + 1, sizeof(gchar));
     IcedTeaPluginUtilities::decodeURL(parts[4], &decoded_url);
     PLUGIN_DEBUG("parts[0]=%s, parts[1]=%s, reference, parts[3]=%s, parts[4]=%s -- decoded_url=%s\n", parts[0], parts[1], parts[3], parts[4], decoded_url);
 
-    gchar* proxy_info;
+    gchar* proxy_info = NULL;
 
     proxy_info = g_strconcat ("plugin PluginProxyInfo reference ", parts[3], " ", NULL);
     if (get_proxy_info(decoded_url, &proxy, &len) == NPERR_NO_ERROR)
@@ -1331,10 +1331,16 @@
   }
   if (browser_functions.getvalueforurl)
   {
-
+      NPError err;
       // As in get_cookie_info, we use the first active instance
       gpointer instance=getFirstInTableInstance(instance_to_id_map);
-      browser_functions.getvalueforurl((NPP) instance, NPNURLVProxy, siteAddr, proxy, len);
+      err = browser_functions.getvalueforurl((NPP) instance, NPNURLVProxy, siteAddr, proxy, len);
+
+      if (err != NPERR_NO_ERROR) 
+      {
+        *proxy = (char *) malloc(sizeof **proxy * 7);
+        *len = g_strlcpy(*proxy, "DIRECT", 7);
+      }
   } else
   {
       return NPERR_GENERIC_ERROR;