Bug 1363290 - Part 3: Proxy win32's SetCursorPos for plugins in chrome process. r=jimm, r=jed

SetCursorPos is used by Flash's relative cursor motion behavior. It is blocked by the plugin sandbox. This patch allows it to run by proxying it on the main process. --HG-- extra : histedit_source : 85515d398c0c107c2258185c0591a943b26e724a
2017-05-16 14:47:09 -07:00 · 2017-05-16 14:47:09 -07:00 · f2774deb20
--- a/dom/plugins/ipc/PPluginModule.ipdl
+++ b/dom/plugins/ipc/PPluginModule.ipdl
@ -169,6 +169,8 @@ parent:
  // Used to broker the GetOpenFileName/GetSaveFileName file pickers on Windows.
  intr GetFileName(GetFileNameFunc aFunc, OpenFileNameIPC aOfnIn)
    returns (OpenFileNameRetIPC aOfnOut, bool aResult);
+
+  intr SetCursorPos(int x, int y) returns (bool aResult);
 };

 } // namespace plugins
--- a/dom/plugins/ipc/PluginModuleChild.cpp
+++ b/dom/plugins/ipc/PluginModuleChild.cpp
@ -107,6 +107,10 @@ typedef BOOL (WINAPI *GetOpenFileNameWPtr)(LPOPENFILENAMEW lpofn);
 static GetOpenFileNameWPtr sGetOpenFileNameWPtrStub = nullptr;
 typedef BOOL (WINAPI *GetSaveFileNameWPtr)(LPOPENFILENAMEW lpofn);
 static GetSaveFileNameWPtr sGetSaveFileNameWPtrStub = nullptr;
+
+typedef BOOL (WINAPI *SetCursorPosPtr)(int x, int y);
+static SetCursorPosPtr sSetCursorPosPtrStub = nullptr;
+
 #endif

 /* static */
@ -2233,6 +2237,38 @@ PMCGetOpenFileNameW(LPOPENFILENAMEW aLpofn)
 {
    return PMCGetFileNameW(OPEN_FUNC, aLpofn);
 }
+
+BOOL WINAPI PMCSetCursorPos(int x, int y);
+
+class SetCursorPosTaskData : public PluginThreadTaskData
+{
+public:
+    SetCursorPosTaskData(int x, int y) : mX(x), mY(y) {}
+    bool RunTask() { return PMCSetCursorPos(mX, mY); }
+private:
+    int mX, mY;
+};
+
+// static
+BOOL WINAPI
+PMCSetCursorPos(int x, int y)
+{
+    if (!IsPluginThread()) {
+        SetCursorPosTaskData scpData(x, y);
+        return PostToPluginThread(&scpData);
+    }
+
+    PluginModuleChild* chromeInstance = PluginModuleChild::GetChrome();
+    if (chromeInstance) {
+        bool ret = FALSE;
+        chromeInstance->CallSetCursorPos(x, y, &ret);
+        return ret;
+    }
+
+    return sSetCursorPosPtrStub(x, y);
+}
+
+
 #endif

 PPluginInstanceChild*
@ -2265,6 +2301,11 @@ PluginModuleChild::AllocPPluginInstanceChild(const nsCString& aMimeType,
                                 (void**) &sGetKeyStatePtrStub);
    }

+    if (!sSetCursorPosPtrStub) {
+        sUser32Intercept.AddHook("SetCursorPos", reinterpret_cast<intptr_t>(PMCSetCursorPos),
+                                 (void**) &sSetCursorPosPtrStub);
+    }
+
    sComDlg32Intercept.Init("comdlg32.dll");
    if (!sGetSaveFileNameWPtrStub) {
        sComDlg32Intercept.AddHook("GetSaveFileNameW", reinterpret_cast<intptr_t>(PMCGetSaveFileNameW),
--- a/dom/plugins/ipc/PluginModuleParent.cpp
+++ b/dom/plugins/ipc/PluginModuleParent.cpp
@ -3358,3 +3358,15 @@ PluginModuleChromeParent::AnswerGetFileName(const GetFileNameFunc& aFunc,
    return IPC_FAIL_NO_REASON(this);
 #endif
 }
+
+mozilla::ipc::IPCResult
+PluginModuleChromeParent::AnswerSetCursorPos(const int &x, const int &y,
+                                             bool* aResult)
+{
+#if defined(XP_WIN)
+    *aResult = ::SetCursorPos(x, y);
+    return IPC_OK();
+#else
+    return PluginModuleParent::AnswerSetCursorPos(x, y, aResult);
+#endif
+}
--- a/dom/plugins/ipc/PluginModuleParent.h
+++ b/dom/plugins/ipc/PluginModuleParent.h
@ -225,6 +225,12 @@ protected:
      return IPC_FAIL_NO_REASON(this);
    }

+    virtual mozilla::ipc::IPCResult
+    AnswerSetCursorPos(const int &x, const int &y, bool* aResult) override
+    {
+      return IPC_FAIL_NO_REASON(this);
+    }
+
 protected:
    void SetChildTimeout(const int32_t aChildTimeout);
    static void TimeoutChanged(const char* aPref, void* aModule);
@ -538,6 +544,10 @@ class PluginModuleChromeParent
                      const OpenFileNameIPC& aOfnIn,
                      OpenFileNameRetIPC* aOfnOut, bool* aResult) override;

+    // Proxy SetCursorPos on Windows.
+    virtual mozilla::ipc::IPCResult
+    AnswerSetCursorPos(const int &x, const int &y, bool* aResult) override;
+
 private:
    virtual void
    EnteredCxxStack() override;
--- a/ipc/ipdl/sync-messages.ini
+++ b/ipc/ipdl/sync-messages.ini
@ -775,6 +775,8 @@ description =
 description =
 [PPluginModule::GetFileName]
 description =
+[PPluginModule::SetCursorPos]
+description =
 [PPluginScriptableObject::NPN_Evaluate]
 description =
 [PPluginScriptableObject::Invalidate]
--- a/toolkit/xre/test/win/TestDllInterceptor.cpp
+++ b/toolkit/xre/test/win/TestDllInterceptor.cpp
@ -397,6 +397,20 @@ bool TestProcessCaretEvents(void* aFunc)
  return true;
 }

+bool TestSetCursorPos(void* aFunc)
+{
+  auto patchedSetCursorPos =
+    reinterpret_cast<decltype(&SetCursorPos)>(aFunc);
+  POINT cursorPos;
+  BOOL ok = GetCursorPos(&cursorPos);
+  if (ok) {
+    ok = patchedSetCursorPos(cursorPos.x, cursorPos.y);
+  } else {
+    ok = patchedSetCursorPos(512, 512);
+  }
+  return ok;
+}
+
 static DWORD sTlsIndex = 0;

 bool TestTlsAlloc(void* aFunc)
@ -517,6 +531,7 @@ int main()
 #ifdef _M_IX86
      TestHook(TestSendMessageTimeoutW, "user32.dll", "SendMessageTimeoutW") &&
 #endif
+      TestHook(TestSetCursorPos, "user32.dll", "SetCursorPos") &&
      TestHook(TestTlsAlloc, "kernel32.dll", "TlsAlloc") &&
      TestHook(TestTlsFree, "kernel32.dll", "TlsFree") &&
 #ifdef _M_IX86