diff options
| author | iyengar@google.com <iyengar@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-09-03 21:27:37 +0000 |
|---|---|---|
| committer | iyengar@google.com <iyengar@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-09-03 21:27:37 +0000 |
| commit | 612fd9a65fbd52ed6846103a5abc754304ab84a1 (patch) | |
| tree | 904dc03399a4aabd639a4a0c9a4410898ea95844 /webkit/glue | |
| parent | b86b35d3e188fa547f3b73de3c593a43e96895f7 (diff) | |
| download | chromium_src-612fd9a65fbd52ed6846103a5abc754304ab84a1.zip chromium_src-612fd9a65fbd52ed6846103a5abc754304ab84a1.tar.gz chromium_src-612fd9a65fbd52ed6846103a5abc754304ab84a1.tar.bz2 | |
This fixes http://code.google.com/p/chromium/issues/detail?id=493, which
was a crash in the 3dvia plugin. A script on the page tries to interact
with the plugin by obtain its npobject. The plugin's does not implement the
corresponding NPP_GetValue function correctly and returns NPERR_NO_ERROR
without filling in the NPObject pointer passed in.
The fix is to initialize the NPObject pointer on the stack to NULL and check
for this along with the error check.
Review URL: http://codereview.chromium.org/212
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@1692 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit/glue')
| -rw-r--r-- | webkit/glue/plugins/plugin_instance.cc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/webkit/glue/plugins/plugin_instance.cc b/webkit/glue/plugins/plugin_instance.cc index c64ff1f..46b28a9 100644 --- a/webkit/glue/plugins/plugin_instance.cc +++ b/webkit/glue/plugins/plugin_instance.cc @@ -149,9 +149,9 @@ bool PluginInstance::Start(const GURL& url, } NPObject *PluginInstance::GetPluginScriptableObject() { - NPObject *value; + NPObject *value = NULL; NPError error = NPP_GetValue(NPPVpluginScriptableNPObject, &value); - if (error != NPERR_NO_ERROR) + if (error != NPERR_NO_ERROR || value == NULL) return NULL; return value; } |