/hg/icedtea-web: Fix array index out of bounds due to malformed ...

aazores at icedtea.classpath.org aazores at icedtea.classpath.org
Thu Oct 24 07:15:26 PDT 2013 

changeset 2ab117a919e5 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=2ab117a919e5
author: Andrew Azores <aazores at redhat.com>
date: Thu Oct 24 10:11:37 2013 -0400

	Fix array index out of bounds due to malformed plugin message (PR539)
	Failed calls to getString and getMember on JSObjects should not produce malformed
	result strings. "null" is appended to result rather than empty string.

	* plugin/icedteanp/IcedTeaPluginRequestProcessor.cc: (_getMember,
	_getString) append "null" to result when call is unsuccessful
	* tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.html:
	new test to ensure failed calls to getMember and getString on JSObject do
	not produce malformed results
	* tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.js:
	same
	* tests/reproducers/simple/JSObjectWithoutToString/srcs/JSObjectWithoutToString.java:
	same
	* tests/reproducers/simple/JSObjectWithoutToString/testcases/JSObjectWithoutToStringTest.java:
	same


diffstat:

 ChangeLog                                                                                   |  15 ++
 plugin/icedteanp/IcedTeaPluginRequestProcessor.cc                                           |   7 +-
 tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.html     |  25 +++
 tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.js       |   8 +
 tests/reproducers/simple/JSObjectWithoutToString/srcs/JSObjectWithoutToString.java          |  11 +
 tests/reproducers/simple/JSObjectWithoutToString/testcases/JSObjectWithoutToStringTest.java |  64 ++++++++++
 6 files changed, 129 insertions(+), 1 deletions(-)

diffs (170 lines):

diff -r df5cb12080fa -r 2ab117a919e5 ChangeLog
--- a/ChangeLog	Wed Oct 23 17:52:18 2013 +0200
+++ b/ChangeLog	Thu Oct 24 10:11:37 2013 -0400
@@ -1,3 +1,18 @@
+2013-10-24  Andrew Azores  <aazores at redhat.com>
+
+	Fix array index out of bounds due to malformed plugin message (PR539)
+	* plugin/icedteanp/IcedTeaPluginRequestProcessor.cc: (_getMember,
+	_getString) append "null" to result when call is unsuccessful
+	* tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.html:
+	new test to ensure failed calls to getMember and getString on JSObject do
+	not produce malformed results
+	* tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.js:
+	same
+	* tests/reproducers/simple/JSObjectWithoutToString/srcs/JSObjectWithoutToString.java:
+	same
+	* tests/reproducers/simple/JSObjectWithoutToString/testcases/JSObjectWithoutToStringTest.java:
+	same
+
 2013-10-23  Jiri Vanek  <jvanek at redhat.com>
 
 	C-part of plugin is now also trying to follow XDG
diff -r df5cb12080fa -r 2ab117a919e5 plugin/icedteanp/IcedTeaPluginRequestProcessor.cc
--- a/plugin/icedteanp/IcedTeaPluginRequestProcessor.cc	Wed Oct 23 17:52:18 2013 +0200
+++ b/plugin/icedteanp/IcedTeaPluginRequestProcessor.cc	Thu Oct 24 10:11:37 2013 -0400
@@ -810,7 +810,9 @@
     {
         createJavaObjectFromVariant(instance, *member_ptr, &member_ptr_str);
         ((AsyncCallThreadData*) data)->result.append(member_ptr_str);
-
+    } else
+    {
+        ((AsyncCallThreadData*) data)->result.append("null");
     }
     ((AsyncCallThreadData*) data)->result_ready = true;
 
@@ -956,6 +958,9 @@
     if (((AsyncCallThreadData*) data)->call_successful)
     {
         createJavaObjectFromVariant(instance, tostring_result, &(((AsyncCallThreadData*) data)->result));
+    } else
+    {
+        ((AsyncCallThreadData*) data)->result.append("null");
     }
     ((AsyncCallThreadData*) data)->result_ready = true;
 
diff -r df5cb12080fa -r 2ab117a919e5 tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.html
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.html	Thu Oct 24 10:11:37 2013 -0400
@@ -0,0 +1,25 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html lang="en-US">
+  <head>
+    <title>JavaScript to Java LiveConnect - Function return values from applet</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+
+    <script language="JavaScript" src="JSObjectWithoutToString.js"></script>
+
+  </head>
+  <body>
+
+    <h2> The JSObjectWithoutToString html page</h2> 
+
+
+    <applet code="JSObjectWithoutToString" archive="JSObjectWithoutToString.jar" width="1000" height="100" id="jswithouttostring" MAYSCRIPT>
+    </applet>
+
+    <div id="messageDiv"></div>
+
+    <script laguage="javascript">
+        doToStringTest();
+    </script> 
+
+  </body>
+</html>
diff -r df5cb12080fa -r 2ab117a919e5 tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.js
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.js	Thu Oct 24 10:11:37 2013 -0400
@@ -0,0 +1,8 @@
+function doToStringTest(){
+    var applet = document.getElementById('jswithouttostring');
+
+    var null_obj = Object.create(null);
+
+    applet.callJSToString(null_obj);
+}
+
diff -r df5cb12080fa -r 2ab117a919e5 tests/reproducers/simple/JSObjectWithoutToString/srcs/JSObjectWithoutToString.java
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/JSObjectWithoutToString/srcs/JSObjectWithoutToString.java	Thu Oct 24 10:11:37 2013 -0400
@@ -0,0 +1,11 @@
+import java.applet.Applet;
+import netscape.javascript.JSObject;
+
+public class JSObjectWithoutToString extends Applet {
+
+    public void callJSToString(JSObject jso) {
+        System.out.println(jso.toString());
+        System.out.println("*** APPLET FINISHED ***");
+    }
+
+}
diff -r df5cb12080fa -r 2ab117a919e5 tests/reproducers/simple/JSObjectWithoutToString/testcases/JSObjectWithoutToStringTest.java
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/simple/JSObjectWithoutToString/testcases/JSObjectWithoutToStringTest.java	Thu Oct 24 10:11:37 2013 -0400
@@ -0,0 +1,64 @@
+/* JSObjectWithoutToStringTest.java
+Copyright (C) 2013 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
+import net.sourceforge.jnlp.ProcessResult;
+import net.sourceforge.jnlp.ServerAccess;
+import net.sourceforge.jnlp.ServerAccess.AutoClose;
+import net.sourceforge.jnlp.browsertesting.BrowserTest;
+import net.sourceforge.jnlp.browsertesting.Browsers;
+import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener;
+import net.sourceforge.jnlp.annotations.KnownToFail;
+import net.sourceforge.jnlp.annotations.NeedsDisplay;
+import net.sourceforge.jnlp.annotations.TestInBrowsers;
+import org.junit.Assert;
+
+import org.junit.Test;
+
+public class JSObjectWithoutToStringTest extends BrowserTest {
+
+	private static final String appletCloseString = AutoOkClosingListener.MAGICAL_OK_CLOSING_STRING;
+
+    @Test
+    @NeedsDisplay
+    @TestInBrowsers(testIn={Browsers.one})
+    public void testJSObjectWithoutToString() throws Exception {
+		ProcessResult pr = server.executeBrowser("/JSObjectWithoutToString.html", AutoClose.CLOSE_ON_CORRECT_END);
+        Assert.assertFalse("IndexOutOfBounds exception should not have occurred", pr.stderr.contains("java.lang.ArrayIndexOutOfBoundsException"));
+        Assert.assertTrue("Applet should have completed normally", pr.stdout.contains(appletCloseString));
+    }
+
+}

More information about the distro-pkg-dev mailing list