Make PPB_Var's VarFromUtf8() validate the input for UTF-8 correctness. Return Null if invalid.

BUG=53233
TEST=compiles

Review URL: http://codereview.chromium.org/3174033

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57604 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 11 insertions, 4 deletions

diff --git a/DEPS b/DEPS
index a646c8c..a519fef 100644
--- a/DEPS
+++ b/DEPS
@@ -163,7 +163,7 @@ deps = {
     Var("libvpx_revision"),
 
   "src/third_party/ppapi":
-    "http://ppapi.googlecode.com/svn/trunk@210",
+    "http://ppapi.googlecode.com/svn/trunk@212",
 
   "src/third_party/libjingle/source":
     "http://libjingle.googlecode.com/svn/branches/nextsnap@" +
diff --git a/webkit/glue/plugins/pepper_var.cc b/webkit/glue/plugins/pepper_var.cc
index 78e9479..e578523 100644
--- a/webkit/glue/plugins/pepper_var.cc
+++ b/webkit/glue/plugins/pepper_var.cc
@@ -503,11 +503,18 @@ void Release(PP_Var var) {
 }
 
 PP_Var VarFromUtf8(const char* data, uint32_t len) {
-  String* str = new String(data, len);
-  str->AddRef();  // This is for the caller, we return w/ a refcount of 1.
+  scoped_refptr<String> str = new String(data, len);
+
+  if (!str || !IsStringUTF8(str->value())) {
+    return PP_MakeNull();
+  }
+
   PP_Var ret;
   ret.type = PP_VARTYPE_STRING;
-  ret.value.as_id = reinterpret_cast<intptr_t>(str);
+
+  // The caller takes ownership now.
+  ret.value.as_id = reinterpret_cast<intptr_t>(str.release());
+
   return ret;
 }