bug 535073: prevent plugins from corrupting the stack by making word-size stores to pointers to NPBool (unsigned char). r=bsmedberg

This commit is contained in:
Chris Jones 2009-12-17 00:32:44 -06:00
Родитель c1d22b5166
Коммит 6e34a38bee
1 изменённых файлов: 5 добавлений и 1 удалений

Просмотреть файл

@ -284,7 +284,11 @@ PluginInstanceChild::AnswerNPP_GetValue_NPPVpluginNeedsXEmbed(
#ifdef OS_LINUX
NPBool needsXEmbed;
// on x86/32-bit, flash stores to this using |movl 0x1,&needsXEmbed|.
// thus we can't NPBool for needsXEmbed, or the three bytes above
// it on the stack would get clobbered. so protect with unsigned
// long.
unsigned long needsXEmbed = 0;
*rv = mPluginIface->getvalue(GetNPP(), NPPVpluginNeedsXEmbed,
reinterpret_cast<void*>(&needsXEmbed));
*needs = needsXEmbed;