Bug 615881: Fix several bugs related to the handling of NPAPI's NPPluginFuncs structure. r=bsmedberg a=blocking2.0final+

2010-12-03 00:20:59 -05:00 · 2010-12-03 00:20:59 -05:00 · dbfab97237
--- a/dom/plugins/PluginModuleChild.cpp
+++ b/dom/plugins/PluginModuleChild.cpp
@ -205,6 +205,7 @@ PluginModuleChild::Init(const std::string& aPluginFilename,

    memset((void*) &mFunctions, 0, sizeof(mFunctions));
    mFunctions.size = sizeof(mFunctions);
+    mFunctions.version = (NP_VERSION_MAJOR << 8) | NP_VERSION_MINOR;

    // TODO: use PluginPRLibrary here

--- a/modules/plugin/base/src/nsNPAPIPlugin.cpp
+++ b/modules/plugin/base/src/nsNPAPIPlugin.cpp
@ -242,14 +242,13 @@ nsNPAPIPlugin::nsNPAPIPlugin()

  memset((void*)&mPluginFuncs, 0, sizeof(mPluginFuncs));
  mPluginFuncs.size = sizeof(mPluginFuncs);
+  mPluginFuncs.version = (NP_VERSION_MAJOR << 8) | NP_VERSION_MINOR;

  mLibrary = nsnull;
 }

 nsNPAPIPlugin::~nsNPAPIPlugin()
 {
-  // reset the callbacks list
-  memset((void*) &mPluginFuncs, 0, sizeof(mPluginFuncs));
  delete mLibrary;
  mLibrary = nsnull;
 }
--- a/modules/plugin/sdk/samples/basic/mac/BasicPlugin.c
+++ b/modules/plugin/sdk/samples/basic/mac/BasicPlugin.c
@ -42,8 +42,11 @@ NPError NP_Initialize(NPNetscapeFuncs* browserFuncs)
 // Symbol called by the browser to get the plugin's function list
 NPError NP_GetEntryPoints(NPPluginFuncs* pluginFuncs)
 {
-  pluginFuncs->version = 11;
-  pluginFuncs->size = sizeof(pluginFuncs);
+  // Check the size of the provided structure based on the offset of the
+  // last member we need.
+  if (pluginFuncs->size < (offsetof(NPPluginFuncs, setvalue) + sizeof(void*)))
+    return NPERR_INVALID_FUNCTABLE_ERROR;
+
  pluginFuncs->newp = NPP_New;
  pluginFuncs->destroy = NPP_Destroy;
  pluginFuncs->setwindow = NPP_SetWindow;
--- a/modules/plugin/sdk/samples/basic/unix/BasicPlugin.c
+++ b/modules/plugin/sdk/samples/basic/unix/BasicPlugin.c
@ -57,26 +57,6 @@ typedef struct InstanceData {
  NPWindow window;
 } InstanceData;

-static void
-fillPluginFunctionTable(NPPluginFuncs* pFuncs)
-{
-  pFuncs->version = 11;
-  pFuncs->size = sizeof(*pFuncs);
-  pFuncs->newp = NPP_New;
-  pFuncs->destroy = NPP_Destroy;
-  pFuncs->setwindow = NPP_SetWindow;
-  pFuncs->newstream = NPP_NewStream;
-  pFuncs->destroystream = NPP_DestroyStream;
-  pFuncs->asfile = NPP_StreamAsFile;
-  pFuncs->writeready = NPP_WriteReady;
-  pFuncs->write = NPP_Write;
-  pFuncs->print = NPP_Print;
-  pFuncs->event = NPP_HandleEvent;
-  pFuncs->urlnotify = NPP_URLNotify;
-  pFuncs->getvalue = NPP_GetValue;
-  pFuncs->setvalue = NPP_SetValue;
-}
-
 static void
 drawWindow(InstanceData* instanceData, GdkDrawable* gdkWindow)
 {
@ -126,7 +106,24 @@ NP_Initialize(NPNetscapeFuncs* bFuncs, NPPluginFuncs* pFuncs)
 {
  sBrowserFuncs = bFuncs;

-  fillPluginFunctionTable(pFuncs);
+  // Check the size of the provided structure based on the offset of the
+  // last member we need.
+  if (pFuncs->size < (offsetof(NPPluginFuncs, setvalue) + sizeof(void*)))
+    return NPERR_INVALID_FUNCTABLE_ERROR;
+
+  pFuncs->newp = NPP_New;
+  pFuncs->destroy = NPP_Destroy;
+  pFuncs->setwindow = NPP_SetWindow;
+  pFuncs->newstream = NPP_NewStream;
+  pFuncs->destroystream = NPP_DestroyStream;
+  pFuncs->asfile = NPP_StreamAsFile;
+  pFuncs->writeready = NPP_WriteReady;
+  pFuncs->write = NPP_Write;
+  pFuncs->print = NPP_Print;
+  pFuncs->event = NPP_HandleEvent;
+  pFuncs->urlnotify = NPP_URLNotify;
+  pFuncs->getvalue = NPP_GetValue;
+  pFuncs->setvalue = NPP_SetValue;

  return NPERR_NO_ERROR;
 }
--- a/modules/plugin/sdk/samples/npruntime/np_entry.cpp
+++ b/modules/plugin/sdk/samples/npruntime/np_entry.cpp
@ -55,10 +55,9 @@ NPError OSCALL NP_GetEntryPoints(NPPluginFuncs* pFuncs)
  if(pFuncs == NULL)
    return NPERR_INVALID_FUNCTABLE_ERROR;

-  if(pFuncs->size < sizeof(NPPluginFuncs))
+  if(pFuncs->size < (offsetof(NPPluginFuncs, setvalue) + sizeof(void*)))
    return NPERR_INVALID_FUNCTABLE_ERROR;

-  pFuncs->version       = (NP_VERSION_MAJOR << 8) | NP_VERSION_MINOR;
  pFuncs->newp          = NPP_New;
  pFuncs->destroy       = NPP_Destroy;
  pFuncs->setwindow     = NPP_SetWindow;
@ -72,7 +71,6 @@ NPError OSCALL NP_GetEntryPoints(NPPluginFuncs* pFuncs)
  pFuncs->urlnotify     = NPP_URLNotify;
  pFuncs->getvalue      = NPP_GetValue;
  pFuncs->setvalue      = NPP_SetValue;
-  pFuncs->javaClass     = NULL;

  return NPERR_NO_ERROR;
 }
--- a/modules/plugin/test/testplugin/nptest.cpp
+++ b/modules/plugin/test/testplugin/nptest.cpp
@ -569,10 +569,13 @@ NP_GetValue(void* future, NPPVariable aVariable, void* aValue) {
 }
 #endif

-static void fillPluginFunctionTable(NPPluginFuncs* pFuncs)
+static bool fillPluginFunctionTable(NPPluginFuncs* pFuncs)
 {
-  pFuncs->version = 11;
-  pFuncs->size = sizeof(*pFuncs);
+  // Check the size of the provided structure based on the offset of the
+  // last member we need.
+  if (pFuncs->size < (offsetof(NPPluginFuncs, setvalue) + sizeof(void*)))
+    return false;
+
  pFuncs->newp = NPP_New;
  pFuncs->destroy = NPP_Destroy;
  pFuncs->setwindow = NPP_SetWindow;
@ -586,6 +589,8 @@ static void fillPluginFunctionTable(NPPluginFuncs* pFuncs)
  pFuncs->urlnotify = testplugin_URLNotify;
  pFuncs->getvalue = NPP_GetValue;
  pFuncs->setvalue = NPP_SetValue;
+
+  return true;
 }

 #if defined(XP_MACOSX)
@ -620,7 +625,9 @@ NP_EXPORT(NPError) NP_Initialize(NPNetscapeFuncs* bFuncs, NPPluginFuncs* pFuncs)
  sNPClass.construct =      (NPConstructFunctionPtr)scriptableConstruct;

 #if defined(XP_UNIX) && !defined(XP_MACOSX)
-  fillPluginFunctionTable(pFuncs);
+  if (!fillPluginFunctionTable(pFuncs)) {
+    return NPERR_INVALID_FUNCTABLE_ERROR;
+  }
 #endif

  return NPERR_NO_ERROR;
@ -633,7 +640,10 @@ NPError OSCALL NP_GetEntryPoints(NPPluginFuncs* pFuncs)
 #endif
 #if defined(XP_MACOSX) || defined(XP_WIN) || defined(XP_OS2)
 {
-  fillPluginFunctionTable(pFuncs);
+  if (!fillPluginFunctionTable(pFuncs)) {
+    return NPERR_INVALID_FUNCTABLE_ERROR;
+  }
+
  return NPERR_NO_ERROR;
 }
 #endif