[icedtea-web] RFC: Fix fpr PR863: Error passing strings to applet methods in Chromium
Deepak Bhole
dbhole at redhat.com
Thu Mar 8 14:17:14 PST 2012
Hi,
Attached patch fixes PR863. Currently, the plug-in relies on the
"UTF8Characters" property of NPString to get the char* array. However
browsers like chromium don't always trim the array correctly, resulting
in reads beyond the length.
This patch checks for length in all places where UTF8Characters is used
and reads only upto the length.
ChangeLog:
2012-03-08 Deepak Bhole <dbhole at redhat.com>
* plugin/icedteanp/IcedTeaJavaRequestProcessor.cc
(createJavaObjectFromVariant): Account for length of the characters.
* plugin/icedteanp/IcedTeaNPPlugin.cc (plugin_get_documentbase): Same.
* plugin/icedteanp/IcedTeaPluginRequestProcessor.cc (_eval): Print the
string's c_str rather than utf8characters/
* plugin/icedteanp/IcedTeaPluginUtils.cc (printNPVariant): Account for
length of the characters.
(NPVariantToString): Same.
(isObjectJSArray): Same.
OK for 1.1, 1.2 and HEAD?
Cheers,
Deepak
-------------- next part --------------
diff -r d2aff3800f4f plugin/icedteanp/IcedTeaJavaRequestProcessor.cc
--- a/plugin/icedteanp/IcedTeaJavaRequestProcessor.cc Thu Mar 08 15:54:39 2012 +0100
+++ b/plugin/icedteanp/IcedTeaJavaRequestProcessor.cc Thu Mar 08 15:56:50 2012 -0500
@@ -905,9 +905,9 @@
{
className = "java.lang.String";
#if MOZILLA_VERSION_COLLAPSED < 1090200
- stringArg += NPVARIANT_TO_STRING(variant).utf8characters;
+ stringArg.append(NPVARIANT_TO_STRING(variant).utf8characters, NPVARIANT_TO_STRING(variant).utf8length);
#else
- stringArg += NPVARIANT_TO_STRING(variant).UTF8Characters;
+ stringArg.append(NPVARIANT_TO_STRING(variant).UTF8Characters, NPVARIANT_TO_STRING(variant).UTF8Length);
#endif
} else if (NPVARIANT_IS_OBJECT(variant))
{
diff -r d2aff3800f4f plugin/icedteanp/IcedTeaNPPlugin.cc
--- a/plugin/icedteanp/IcedTeaNPPlugin.cc Thu Mar 08 15:54:39 2012 +0100
+++ b/plugin/icedteanp/IcedTeaNPPlugin.cc Thu Mar 08 15:56:50 2012 -0500
@@ -1094,11 +1094,16 @@
href_id, &href);
// Strip everything after the last "/"
+ char *href_str;
#if MOZILLA_VERSION_COLLAPSED < 1090200
- gchar** parts = g_strsplit (NPVARIANT_TO_STRING(href).utf8characters, "/", -1);
+ href_str = (char*) malloc(sizeof(char)*NPVARIANT_TO_STRING(href).utf8length + 1);
+ snprintf(href_str, NPVARIANT_TO_STRING(href).utf8length+1, "%s", NPVARIANT_TO_STRING(href).utf8characters);
#else
- gchar** parts = g_strsplit (NPVARIANT_TO_STRING(href).UTF8Characters, "/", -1);
+ href_str = (char*) malloc(sizeof(char)*NPVARIANT_TO_STRING(href).UTF8Length + 1);
+ snprintf(href_str, NPVARIANT_TO_STRING(href).UTF8Length+1, "%s", NPVARIANT_TO_STRING(href).UTF8Characters);
#endif
+
+ gchar** parts = g_strsplit (href_str, "/", -1);
guint parts_sz = g_strv_length (parts);
std::string location_str;
@@ -1113,6 +1118,9 @@
// Release references.
browser_functions.releasevariantvalue(&href);
browser_functions.releasevariantvalue(&location);
+ g_strfreev(parts);
+ free(href_str);
+ href_str = NULL;
cleanup_done:
PLUGIN_DEBUG ("plugin_get_documentbase return\n");
PLUGIN_DEBUG("plugin_get_documentbase returning: %s\n", documentbase_copy);
diff -r d2aff3800f4f plugin/icedteanp/IcedTeaPluginRequestProcessor.cc
--- a/plugin/icedteanp/IcedTeaPluginRequestProcessor.cc Thu Mar 08 15:54:39 2012 +0100
+++ b/plugin/icedteanp/IcedTeaPluginRequestProcessor.cc Thu Mar 08 15:56:50 2012 -0500
@@ -842,12 +842,12 @@
script.utf8characters = script_str->c_str();
script.utf8length = script_str->size();
- PLUGIN_DEBUG("Evaluating: %s\n", script.utf8characters);
+ PLUGIN_DEBUG("Evaluating: %s\n", script_str->c_str());
#else
script.UTF8Characters = script_str->c_str();
script.UTF8Length = script_str->size();
- PLUGIN_DEBUG("Evaluating: %s\n", script.UTF8Characters);
+ PLUGIN_DEBUG("Evaluating: %s\n", script_str->c_str());
#endif
((AsyncCallThreadData*) data)->call_successful = browser_functions.evaluate(instance, window_ptr, &script, eval_variant);
diff -r d2aff3800f4f plugin/icedteanp/IcedTeaPluginUtils.cc
--- a/plugin/icedteanp/IcedTeaPluginUtils.cc Thu Mar 08 15:54:39 2012 +0100
+++ b/plugin/icedteanp/IcedTeaPluginUtils.cc Thu Mar 08 15:56:50 2012 -0500
@@ -669,9 +669,9 @@
else if (NPVARIANT_IS_STRING(variant))
{
#if MOZILLA_VERSION_COLLAPSED < 1090200
- PLUGIN_DEBUG("STRING: %s\n", NPVARIANT_TO_STRING(variant).utf8characters);
+ PLUGIN_DEBUG("STRING: %s (length=%d)\n", NPVARIANT_TO_STRING(variant).utf8characters, NPVARIANT_TO_STRING(variant).utf8length);
#else
- PLUGIN_DEBUG("STRING: %s\n", NPVARIANT_TO_STRING(variant).UTF8Characters);
+ PLUGIN_DEBUG("STRING: %s (length=%d)\n", NPVARIANT_TO_STRING(variant).UTF8Characters, NPVARIANT_TO_STRING(variant).UTF8Length);
#endif
}
else
@@ -712,11 +712,11 @@
{
free(str);
#if MOZILLA_VERSION_COLLAPSED < 1090200
- str = (char*) malloc(sizeof(char)*NPVARIANT_TO_STRING(variant).utf8length);
- sprintf(str, "%s", NPVARIANT_TO_STRING(variant).utf8characters);
+ str = (char*) malloc(sizeof(char)*NPVARIANT_TO_STRING(variant).utf8length + 1);
+ snprintf(str, NPVARIANT_TO_STRING(variant).utf8length+1, "%s", NPVARIANT_TO_STRING(variant).utf8characters);
#else
- str = (char*) malloc(sizeof(char)*NPVARIANT_TO_STRING(variant).UTF8Length);
- sprintf(str, "%s", NPVARIANT_TO_STRING(variant).UTF8Characters);
+ str = (char*) malloc(sizeof(char)*NPVARIANT_TO_STRING(variant).UTF8Length + 1);
+ snprintf(str, NPVARIANT_TO_STRING(variant).UTF8Length+1, "%s", NPVARIANT_TO_STRING(variant).UTF8Characters);
#endif
}
else
@@ -867,9 +867,9 @@
std::string constructor_name = std::string();
#if MOZILLA_VERSION_COLLAPSED < 1090200
- constructor_name.append(NPVARIANT_TO_STRING(constructor_str).utf8characters);
+ constructor_name.append(NPVARIANT_TO_STRING(constructor_str).utf8characters, NPVARIANT_TO_STRING(constructor_str).utf8length);
#else
- constructor_name.append(NPVARIANT_TO_STRING(constructor_str).UTF8Characters);
+ constructor_name.append(NPVARIANT_TO_STRING(constructor_str).UTF8Characters, NPVARIANT_TO_STRING(constructor_str).UTF8Length);
#endif
PLUGIN_DEBUG("Constructor for NPObject is %s\n", constructor_name.c_str());
More information about the distro-pkg-dev
mailing list