[rfc][icedtea-web] Fix NPE on Applet launch due to missing AppletStub

[Jiri Vanek]

On 08/07/2013 04:36 PM, Adam Domurad wrote:
> On 08/06/2013 05:12 PM, Jacob Wisor wrote:
>> Hello there!
>>
>>> @@ -716,6 +717,7 @@ public class Launcher {
>>> String appletName = file.getApplet().getMainClass();
>>> Class appletClass = loader.loadClass(appletName);
>>> Applet applet = (Applet) appletClass.newInstance();
>>> + applet.setStub((AppletStub)cont);
>>
>> You may want to catch a possible SecurityException in case the AppletStub has already been set. Malicious code may attach to the JVM process executing the Launcher and try either to replace the AppletStub or render the Launcher effectively inoperable by intentionally causing an unhandled SecurityException every time a specific applet or any applet is run and hence terminate the attacked JVM.
>>
>
> I don't think so. setAppletStub is a public final method that we can always make use of, since we will have necessary permissions here.
> There is nothing malicious about trying to set your own AppletStub before we do.
>
> Regards,
> -Adam
>
>> Regards,
>> Jacob
>>
>>> // Finish setting up appletInstance.
>>> appletInstance.setApplet(applet);
>>> appletInstance.getAppletEnvironment().setApplet(applet);
>>
>> "Adam Domurad"<adomurad at xxxxxxxxxx> wrote:
>>> Hi all. There is a problem that sometimes a showStatus() on an applet
>>> results in an NPE on applet load, due to a missing AppletStub. This
>>> patch sets it to NetxPanel (the container) as soon as possible.
>>>
>>> This helps stabilize a test case I'm working on.
>>>
>>> Cheers,
>>> -Adam
>


I'm o  with it as it is. I'm not sure if Adam is able of push anymore, if not, I will push at the end of the week.

J.