Reviewed by Dan Bernstein.
authorap@apple.com <ap@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 19 Feb 2010 00:37:08 +0000 (00:37 +0000)
committerap@apple.com <ap@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 19 Feb 2010 00:37:08 +0000 (00:37 +0000)
        https://bugs.webkit.org/show_bug.cgi?id=35134
        <rdar://problem/7246280> Crash when a plugin calls NPN_SetStatus(0)

        Test: plugins/set-status.html

        * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
        (WebKit::NetscapePluginInstanceProxy::status):
        (WebKit::NetscapePluginInstanceProxy::loadURL):
        Added null checks for CFStringCreateWithCString arguments.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@54993 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/plugins/set-status-expected.txt [new file with mode: 0644]
LayoutTests/plugins/set-status.html [new file with mode: 0644]
WebKit/mac/ChangeLog
WebKit/mac/Plugins/Hosted/NetscapePluginInstanceProxy.mm

index fe3d6a4..edb5110 100644 (file)
@@ -1,3 +1,14 @@
+2010-02-18  Alexey Proskuryakov  <ap@apple.com>
+
+        Reviewed by Dan Bernstein.
+
+        https://bugs.webkit.org/show_bug.cgi?id=35134
+        <rdar://problem/7246280> Crash when a plugin calls NPN_SetStatus(0)
+
+        * plugins/set-status-expected.txt: Added.
+        * plugins/set-status.html: Added.
+        While at it, also test that we process UTF-8.
+
 2010-02-18  Dan Bernstein  <mitz@apple.com>
 
         Reviewed by John Sullivan.
diff --git a/LayoutTests/plugins/set-status-expected.txt b/LayoutTests/plugins/set-status-expected.txt
new file mode 100644 (file)
index 0000000..9bfe6ac
--- /dev/null
@@ -0,0 +1,3 @@
+UI DELEGATE STATUS CALLBACK: setStatusText:PАSS
+
+PASS if status bar says "PASS".
diff --git a/LayoutTests/plugins/set-status.html b/LayoutTests/plugins/set-status.html
new file mode 100644 (file)
index 0000000..2501904
--- /dev/null
@@ -0,0 +1,15 @@
+<html>
+<meta charset="utf-8">
+<body>
+<embed name="plg" type="application/x-webkit-test-netscape"></embed>
+<p>PASS if status bar says "PASS".</p>
+<script>
+    if (window.layoutTestController) {
+        layoutTestController.dumpStatusCallbacks();
+        layoutTestController.dumpAsText();
+    }
+
+    plg.setStatus(); // Try sending a null string, which used to cause a crash.
+    plg.setStatus("PАSS");
+
+</script></body></html>
index ec76133..004f8e5 100644 (file)
@@ -1,3 +1,17 @@
+2010-02-18  Alexey Proskuryakov  <ap@apple.com>
+
+        Reviewed by Dan Bernstein.
+
+        https://bugs.webkit.org/show_bug.cgi?id=35134
+        <rdar://problem/7246280> Crash when a plugin calls NPN_SetStatus(0)
+
+        Test: plugins/set-status.html
+
+        * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
+        (WebKit::NetscapePluginInstanceProxy::status):
+        (WebKit::NetscapePluginInstanceProxy::loadURL):
+        Added null checks for CFStringCreateWithCString arguments.
+
 2010-02-17  Dmitry Titov  <dimich@chromium.org>
 
         Reviewed by David Levin, Darin Fisher, Simon Hausmann.
index d11f25c..766cfce 100644 (file)
@@ -504,11 +504,12 @@ void NetscapePluginInstanceProxy::stopTimers()
 
 void NetscapePluginInstanceProxy::status(const char* message)
 {
-    RetainPtr<CFStringRef> status(AdoptCF, CFStringCreateWithCString(NULL, message, kCFStringEncodingUTF8));
-    
+    if (!message)
+        return;
+    RetainPtr<CFStringRef> status(AdoptCF, CFStringCreateWithCString(0, message, kCFStringEncodingUTF8));
     if (!status)
         return;
-    
+
     WebView *wv = [m_pluginView webView];
     [[wv _UIDelegateForwarder] webView:wv setStatusText:(NSString *)status.get()];
 }
@@ -525,6 +526,8 @@ NPError NetscapePluginInstanceProxy::loadURL(const char* url, const char* target
 
         if (flags & PostDataIsFile) {
             // If we're posting a file, buf is either a file URL or a path to the file.
+            if (!postData)
+                return NPERR_INVALID_PARAM;
             RetainPtr<CFStringRef> bufString(AdoptCF, CFStringCreateWithCString(kCFAllocatorDefault, postData, kCFStringEncodingWindowsLatin1));
             if (!bufString)
                 return NPERR_INVALID_PARAM;