diff options
| author | ajwong@chromium.org <ajwong@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-26 23:29:30 +0000 |
|---|---|---|
| committer | ajwong@chromium.org <ajwong@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-26 23:29:30 +0000 |
| commit | e95c0454d924e6e59b06255421ba50d97ac6eb80 (patch) | |
| tree | b9d05ee02800cec4c561743b5605ae1f05c70f10 /webkit/glue | |
| parent | 3956cf7c87681860d93d828846abe612f80b2263 (diff) | |
| download | chromium_src-e95c0454d924e6e59b06255421ba50d97ac6eb80.zip chromium_src-e95c0454d924e6e59b06255421ba50d97ac6eb80.tar.gz chromium_src-e95c0454d924e6e59b06255421ba50d97ac6eb80.tar.bz2 | |
Make PPB_Var's VarFromUtf8() validate the input for UTF-8 correctness. Return Null if invalid.
BUG=53233
TEST=compiles
Review URL: http://codereview.chromium.org/3174033
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57604 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit/glue')
| -rw-r--r-- | webkit/glue/plugins/pepper_var.cc | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/webkit/glue/plugins/pepper_var.cc b/webkit/glue/plugins/pepper_var.cc index 78e9479..e578523 100644 --- a/webkit/glue/plugins/pepper_var.cc +++ b/webkit/glue/plugins/pepper_var.cc @@ -503,11 +503,18 @@ void Release(PP_Var var) { } PP_Var VarFromUtf8(const char* data, uint32_t len) { - String* str = new String(data, len); - str->AddRef(); // This is for the caller, we return w/ a refcount of 1. + scoped_refptr<String> str = new String(data, len); + + if (!str || !IsStringUTF8(str->value())) { + return PP_MakeNull(); + } + PP_Var ret; ret.type = PP_VARTYPE_STRING; - ret.value.as_id = reinterpret_cast<intptr_t>(str); + + // The caller takes ownership now. + ret.value.as_id = reinterpret_cast<intptr_t>(str.release()); + return ret; } |