Initialize NPP structure's pdata pointer to NULL. Plugins can mistake an uninitialized non-NULL value for their own instance pointer and try to dereference it. b=555312 r=BenWa

dom/plugins/PluginInstanceChild.cpp

@@ -100,6 +100,7 @@ PluginInstanceChild::PluginInstanceChild(const NPPluginFuncs* aPluginIface,
 {
     memset(&mWindow, 0, sizeof(mWindow));
     mData.ndata = (void*) this;
+    mData.pdata = nsnull;
 #if defined(MOZ_X11) && defined(XP_UNIX) && !defined(XP_MACOSX)
     mWindow.ws_info = &mWsInfo;
     memset(&mWsInfo, 0, sizeof(mWsInfo));

modules/plugin/test/testplugin/nptest.cpp

@@ -581,6 +581,13 @@ NPError OSCALL NP_Shutdown()
 NPError
 NPP_New(NPMIMEType pluginType, NPP instance, uint16_t mode, int16_t argc, char* argn[], char* argv[], NPSavedData* saved)
 {
+  // Make sure our pdata field is NULL at this point. If it isn't, that
+  // probably means the browser gave us uninitialized memory.
+  if (instance->pdata) {
+    printf("NPP_New called with non-NULL NPP->pdata pointer!\n");
+    return NPERR_GENERIC_ERROR;
+  }
+
   // Make sure we can render this plugin
   NPBool browserSupportsWindowless = false;
   NPN_GetValue(instance, NPNVSupportsWindowless, &browserSupportsWindowless);