wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 532246 - Plugins should not be able to obtain an NPObject* belonging to a different NPP, because that instance may go away before this one and the NPObject* may be invalidated and destroyed. Double-wrap in these cases. r=josh sr=jst

Browse Source
This commit is contained in:
Benjamin Smedberg 2009-12-02 12:02:41 -05:00
parent 0910c44a52
commit 86980c504e
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
modules/plugin/base/src/nsJSNPRuntime.cpp
View File

@ -1072,7 +1072,8 @@ nsJSObjWrapper::GetNewOrUsed(NPP npp, JSContext *cx, JSObject *obj)
NPObject *npobj = (NPObject *)::JS_GetPrivate(cx, obj); NPObject *npobj = (NPObject *)::JS_GetPrivate(cx, obj);
return _retainobject(npobj); if (LookupNPP(npobj) == npp)
return _retainobject(npobj);
} }
if (!sJSObjWrappers.ops) { if (!sJSObjWrappers.ops) {
@ -2027,10 +2028,8 @@ static NPP
LookupNPP(NPObject *npobj) LookupNPP(NPObject *npobj)
{ {
if (npobj->_class == &nsJSObjWrapper::sJSObjWrapperNPClass) { if (npobj->_class == &nsJSObjWrapper::sJSObjWrapperNPClass) {
NS_ERROR("NPP requested for NPObject of class " nsJSObjWrapper* o = static_cast<nsJSObjWrapper*>(npobj);
"nsJSObjWrapper::sJSObjWrapperNPClass!\n"); return o->mNpp;
return nsnull;
} }
NPObjWrapperHashEntry *entry = static_cast<NPObjWrapperHashEntry *> NPObjWrapperHashEntry *entry = static_cast<NPObjWrapperHashEntry *>