diff options
| author | brettw@chromium.org <brettw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-18 19:41:30 +0000 |
|---|---|---|
| committer | brettw@chromium.org <brettw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-18 19:41:30 +0000 |
| commit | edb5b05700f53fb7b1827727777cc15b50370ccb (patch) | |
| tree | 4cc0fc0bf581503e6fd273a037a63353ca41bf9c /ppapi/proxy/ppp_class_proxy.cc | |
| parent | dc20acdfb4026b23709beec34a187dfde58af437 (diff) | |
| download | chromium_src-edb5b05700f53fb7b1827727777cc15b50370ccb.zip chromium_src-edb5b05700f53fb7b1827727777cc15b50370ccb.tar.gz chromium_src-edb5b05700f53fb7b1827727777cc15b50370ccb.tar.bz2 | |
Actually free plugin implement vars when running out of process when the
plugin holds a reference beyond the lifetime of the instance.
Review URL: https://chromiumcodereview.appspot.com/10542150
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@142787 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'ppapi/proxy/ppp_class_proxy.cc')
| -rw-r--r-- | ppapi/proxy/ppp_class_proxy.cc | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/ppapi/proxy/ppp_class_proxy.cc b/ppapi/proxy/ppp_class_proxy.cc index 0d3f86a..35f55d6 100644 --- a/ppapi/proxy/ppp_class_proxy.cc +++ b/ppapi/proxy/ppp_class_proxy.cc @@ -6,10 +6,12 @@ #include "ppapi/c/dev/ppb_var_deprecated.h" #include "ppapi/c/dev/ppp_class_deprecated.h" +#include "ppapi/c/pp_var.h" #include "ppapi/proxy/dispatcher.h" +#include "ppapi/proxy/plugin_globals.h" #include "ppapi/proxy/ppapi_messages.h" -#include "ppapi/shared_impl/proxy_lock.h" #include "ppapi/proxy/serialized_var.h" +#include "ppapi/shared_impl/proxy_lock.h" #include "ppapi/shared_impl/api_id.h" namespace ppapi { @@ -244,6 +246,8 @@ void PPP_Class_Proxy::OnMsgHasProperty(int64 ppp_class, int64 object, SerializedVarReceiveInput property, SerializedVarOutParam exception, bool* result) { + if (!ValidateUserData(ppp_class, object, &exception)) + return; *result = CallWhileUnlocked(ToPPPClass(ppp_class)->HasProperty, ToUserData(object), property.Get(dispatcher()), @@ -254,6 +258,8 @@ void PPP_Class_Proxy::OnMsgHasMethod(int64 ppp_class, int64 object, SerializedVarReceiveInput property, SerializedVarOutParam exception, bool* result) { + if (!ValidateUserData(ppp_class, object, &exception)) + return; *result = CallWhileUnlocked(ToPPPClass(ppp_class)->HasMethod, ToUserData(object), property.Get(dispatcher()), @@ -264,6 +270,8 @@ void PPP_Class_Proxy::OnMsgGetProperty(int64 ppp_class, int64 object, SerializedVarReceiveInput property, SerializedVarOutParam exception, SerializedVarReturnValue result) { + if (!ValidateUserData(ppp_class, object, &exception)) + return; result.Return(dispatcher(), CallWhileUnlocked( ToPPPClass(ppp_class)->GetProperty, ToUserData(object), property.Get(dispatcher()), @@ -274,6 +282,8 @@ void PPP_Class_Proxy::OnMsgEnumerateProperties( int64 ppp_class, int64 object, std::vector<SerializedVar>* props, SerializedVarOutParam exception) { + if (!ValidateUserData(ppp_class, object, &exception)) + return; NOTIMPLEMENTED(); // TODO(brettw) implement this. } @@ -282,6 +292,8 @@ void PPP_Class_Proxy::OnMsgSetProperty(int64 ppp_class, int64 object, SerializedVarReceiveInput property, SerializedVarReceiveInput value, SerializedVarOutParam exception) { + if (!ValidateUserData(ppp_class, object, &exception)) + return; CallWhileUnlocked(ToPPPClass(ppp_class)->SetProperty, ToUserData(object), property.Get(dispatcher()), value.Get(dispatcher()), exception.OutParam(dispatcher())); @@ -290,6 +302,8 @@ void PPP_Class_Proxy::OnMsgSetProperty(int64 ppp_class, int64 object, void PPP_Class_Proxy::OnMsgRemoveProperty(int64 ppp_class, int64 object, SerializedVarReceiveInput property, SerializedVarOutParam exception) { + if (!ValidateUserData(ppp_class, object, &exception)) + return; CallWhileUnlocked(ToPPPClass(ppp_class)->RemoveProperty, ToUserData(object), property.Get(dispatcher()), exception.OutParam(dispatcher())); @@ -301,6 +315,8 @@ void PPP_Class_Proxy::OnMsgCall( SerializedVarVectorReceiveInput arg_vector, SerializedVarOutParam exception, SerializedVarReturnValue result) { + if (!ValidateUserData(ppp_class, object, &exception)) + return; uint32_t arg_count = 0; PP_Var* args = arg_vector.Get(dispatcher(), &arg_count); result.Return(dispatcher(), CallWhileUnlocked(ToPPPClass(ppp_class)->Call, @@ -313,6 +329,8 @@ void PPP_Class_Proxy::OnMsgConstruct( SerializedVarVectorReceiveInput arg_vector, SerializedVarOutParam exception, SerializedVarReturnValue result) { + if (!ValidateUserData(ppp_class, object, &exception)) + return; uint32_t arg_count = 0; PP_Var* args = arg_vector.Get(dispatcher(), &arg_count); result.Return(dispatcher(), CallWhileUnlocked( @@ -321,8 +339,26 @@ void PPP_Class_Proxy::OnMsgConstruct( } void PPP_Class_Proxy::OnMsgDeallocate(int64 ppp_class, int64 object) { + if (!ValidateUserData(ppp_class, object, NULL)) + return; CallWhileUnlocked(ToPPPClass(ppp_class)->Deallocate, ToUserData(object)); } +bool PPP_Class_Proxy::ValidateUserData(int64 ppp_class, int64 class_data, + SerializedVarOutParam* exception) { + if (!PluginGlobals::Get()->plugin_var_tracker()->ValidatePluginObjectCall( + ToPPPClass(ppp_class), ToUserData(class_data))) { + // Set the exception. This is so the caller will know about the error and + // also that we won't assert that somebody forgot to call OutParam on the + // output parameter. Although this exception of "1" won't be very useful + // this shouldn't happen in normal usage, only when the renderer is being + // malicious. + if (exception) + *exception->OutParam(dispatcher()) = PP_MakeInt32(1); + return false; + } + return true; +} + } // namespace proxy } // namespace ppapi |