summaryrefslogtreecommitdiffstats
path: root/chrome/plugin/npobject_proxy.cc
Commit message (Collapse)AuthorAgeFilesLines
* Committing change by Thatcher Ulrich <tulrich@google.com> from ↵jam@chromium.org2010-01-221-2/+10
| | | | | | | | | | | | | | http://codereview.chromium.org/543097 Check NPClass::structVersion before accessing fields that don't exist in all versions: NPClass::constructor and NPClass::enumerate BUG=32387 TESTED=manual and in debugger Review URL: http://codereview.chromium.org/545176 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@36911 0039d316-1c4b-4281-b951-d872f2087c98
* The renderer and plugin processes can send over raw NPObjects valid in the ↵ananta@chromium.org2010-01-201-5/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | other side's address space. Basically the way this works is if an NPObject is marshaled over to the other side, an NPObjectStub is created in the caller address space and a NPObjectProxy is created on the other side. The NPObjectProxy is passed the raw NPObject pointer which is used as a cookie. If the original NPObject needs to be passed back we pass the underlying NPObject saved in the NPObjectProxy. The receiver does not validate whether this NPObject is valid before invoking on it. While this is mostly fine, in the case of a compromised renderer invalid addresses could be passed back to the plugin which would invoke on these addresses and crash. Fix is to never pass raw object pointers across and just pass the corresponding routing id of the NPObjectStub. The receiver validates this object by invoking a new method GetNPObjectListenerForRoute on the PluginChannelBase. This method returns the corresponding NPObject listener for the routing id. We then retrieve the underlying NPObject from the listener and use it. The map of NPObjectListeners which is maintained by PluginChannelBase has been changed to hold NPObjectBase pointers instead. NPObjectStub and NPObjectProxy implement the new NPObjectBase interface which provides methods to return the underlying NPObject and the IPC::Channel::Listener pointer. Fixes bug http://code.google.com/p/chromium/issues/detail?id=31880 I verified with the steps outlined in the bug that this fix does address the underlying crash. Bug=31880 Test=We need a framework to test PluginChannel and NPObjectProxy/Stub. Will add a test case for this once we have this in place. Review URL: http://codereview.chromium.org/548046 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@36618 0039d316-1c4b-4281-b951-d872f2087c98
* If an NP_* function is called on an out of process plugin, save enough info ↵japhet@chromium.org2009-11-181-15/+0
| | | | | | | | to send an NPN_SetException back to the correct renderer if necessary. BUG=26764 TEST=none Review URL: http://codereview.chromium.org/375005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@32419 0039d316-1c4b-4281-b951-d872f2087c98
* Upstreaming WebKit.gypyaar@chromium.org2009-11-121-1/+1
| | | | | | | | | | | | This mega patch contains a few simple but tightly dependent changes: 1. Deletion of webkit/api/WebKit.gyp. The file now lives in webkit.org. 2. Rename of webkit/webkit.gyp to webkit/webkit_glue.gyp. Having two webkit.gyp was a source of developer confusion. 3. Gyp dependencies are updated across chromium to point at the upstream WebKit.gyp and the renamed webkit_glue.gyp. 4. Some 200+ files include paths fixed to point to third_party/WebKit/WebKit/chromium instead of webkit/api. The later will be deleted in a subsequent patch. Review URL: http://codereview.chromium.org/387020 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@31749 0039d316-1c4b-4281-b951-d872f2087c98
* Invoke the right method (invokeDefault) if a plugin calls NPN_InvokeDefault ↵jam@chromium.org2009-10-151-1/+5
| | | | | | | | | on its own object. BUG=5110 Review URL: http://codereview.chromium.org/282010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@29200 0039d316-1c4b-4281-b951-d872f2087c98
* Get rid of the need for cross process events in order to get plugin ↵jam@chromium.org2009-09-291-30/+42
| | | | | | | | | | processes to run nested message loops when a dialog is shown. Instead use an async message that's broadcast from the renderer to all plugin processes that are connected to it, and which is dispatched on the plugin IO thread to set a process-local waitable event. This fixes showModalDialog on Linux/Mac. BUG=15891 TEST=covered by UI tests, undef's them for POSIX Review URL: http://codereview.chromium.org/242043 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@27456 0039d316-1c4b-4281-b951-d872f2087c98
* Continue eliminating direct NPN_ function calls that go from Chromium code ↵jorlow@chromium.org2009-07-301-1/+3
| | | | | | | | | | | to WebKit code. The long-term goal is to be able to link WebKit as a DLL. TEST=none BUG=none Review URL: http://codereview.chromium.org/160310 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@22031 0039d316-1c4b-4281-b951-d872f2087c98
* Fixes a crash in the plugin process caused by the XStandard plugin passing ↵ananta@chromium.org2009-07-171-0/+24
| | | | | | | | | | | | | | in a NULL NPObject to NPN_HasMethod. I checked out Firefox's implementation and they check for NULL NPObjects in all functions except NPN_Evaluate and NPN_SetException. Fix is to emulate Firefox behavior. Fixes http://code.google.com/p/chromium/issues/detail?id=16900 Bug=16900 Review URL: http://codereview.chromium.org/155628 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20940 0039d316-1c4b-4281-b951-d872f2087c98
* Add the page url to plugin crashes to aid debugging.jam@chromium.org2009-07-081-11/+25
| | | | | | Review URL: http://codereview.chromium.org/155238 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20191 0039d316-1c4b-4281-b951-d872f2087c98
* Revert change 20173 because it breaks the ui_tests, plugin_testsnsylvain@chromium.org2009-07-081-20/+11
| | | | | | | | and most likely some page cyclers. Review URL: http://codereview.chromium.org/155236 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20180 0039d316-1c4b-4281-b951-d872f2087c98
* Add the page url to plugin crashes to aid debugging.jam@chromium.org2009-07-081-11/+20
| | | | | | Review URL: http://codereview.chromium.org/149305 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20173 0039d316-1c4b-4281-b951-d872f2087c98
* Added support for constructor calls in the NPAPI.sgjesse@chromium.org2009-05-271-2/+47
| | | | | | | | | | | | | | | | | The LiveConnect test cases at http://java.sun.com/javase/6/webnotes/6u10/plugin2/liveconnect/LiveConnectTests/ now pass for Chromium. Parts of this change is rather mechanical, and leaves room for some refactoring afterwards. Merged the implementation of testConstruct and the "objectPointer" property from WebKit\WebKitTools\DumpRenderTree\TestNetscapePlugIn.subproj\TestObject.cpp to the Chromium TestObject.cpp for the layout test LayoutTests\plugins\netscape-construct.html pass. BUG=http://crbug.com/3285 BUG=http://crbug.com/10354 TEST=http://java.sun.com/javase/6/webnotes/6u10/plugin2/liveconnect/LiveConnectTests/ TEST=LayoutTests\plugins\netscape-construct.html Review URL: http://codereview.chromium.org/113823 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@16979 0039d316-1c4b-4281-b951-d872f2087c98
* linux (and some posix): multiprocess plugins compiling.evan@chromium.org2009-04-231-3/+2
| | | | | | | | | | | | | | | | | | | The goal of this change is to *not* make any behavioral change, but to instead just get all the plugin-related files linking on Linux with a bunch of NOTIMPLEMENTED()s in the appropriate places. It's enormous enough already without any refactorings or new features. Changes include: - Lots of gcc warning fixes. - Use portable replacements for Windows-specific functions (_strdup, etc.). - Use TransportDIB instead of just shared memory in the plugin messaging. Note that this is not fleshed out on Linux and on Windows it just hacks in the existing handles so there should be no functional change. - Fix --plugin-launcher to use cross-platform APIs. Review URL: http://codereview.chromium.org/79020 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@14338 0039d316-1c4b-4281-b951-d872f2087c98
* Port plugin messages.jam@chromium.org2009-04-011-2/+2
| | | | | | Review URL: http://codereview.chromium.org/49050 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@12928 0039d316-1c4b-4281-b951-d872f2087c98
* NO CODE CHANGE.maruel@google.com2009-03-101-3/+4
| | | | | | | Fix files with lines > 80 cols. Part 2. Review URL: http://codereview.chromium.org/40226 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@11326 0039d316-1c4b-4281-b951-d872f2087c98
* Fix plugin hang that Earth team found.jam@chromium.org2009-02-211-2/+5
| | | | | | | | | Normally an NPObjectProxy uses the modal dialog event to figure out when it needs to pump window messages in an invoke. However, an NPObjectProxy created by an NPObjectStub never got access to this event, which led to this hang. BUG=7793 Review URL: http://codereview.chromium.org/20515 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@10145 0039d316-1c4b-4281-b951-d872f2087c98
* WaitableEvent is the replacement for Windows events. Previously in the code, ↵agl@chromium.org2009-01-151-5/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | a HANDLE from CreateEvent was used for signaling, both within a process and across processes. WaitableEvent is the cross platform replacement for this. To convert: * HANDLE -> base::WaitableEvent* * ScopedHandle -> scoped_ptr<base::WaitableEvent> * CreateEvent -> new base::WaitableEvent * SetEvent -> base::WaitableEvent::Signal * ResetEvent -> base::WaitableEvent::Reset * ObjectWatcher -> base::WaitableEventWatcher * WaitForMultipleObjects -> static base::WaitableEvent::WaitMany ObjectWatcher remains for Windows specific code. WaitableEventWatcher has an identical interface save, * It uses WaitableEvents, not HANDLEs * It returns void from StartWatching and StopWatcher, rather than errors. System internal errors are fatal to the address space IMPORTANT: There are semantic differences between the different platforms. WaitableEvents on Windows are implemented on top of events. Windows events work across process and this is used mostly for modal dialog support. Windows events can be duplicated with DuplicateHandle. On other platforms, WaitableEvent works only within a single process. In the future we shall have to replace the current uses of cross-process events with IPCs. BEWARE: HANDLE, on Windows, is a void *. Since any pointer type coerces to void *, you can pass a WaitableEvent * where a HANDLE is expected without any build-time errors. Review URL: http://codereview.chromium.org/16554 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@8126 0039d316-1c4b-4281-b951-d872f2087c98
* Fixes NPAPITester ui tests. I was trying to diagnose failing ui testssky@google.com2008-12-231-3/+29
| | | | | | | | | | | | | | and with page heap enabled these tests consistenly crashed on me. I've no idea about this code, but this change fixed it. As far as I can tell in some cases Send deletes the NPObjectProxy, so that any code that attempts to access the proxy after the Send may crash. BUG=none TEST=none Review URL: http://codereview.chromium.org/16418 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@7452 0039d316-1c4b-4281-b951-d872f2087c98
* Attempt 2 at landing this patch. It broke the Mac/linux builds. Fix for now isananta@chromium.org2008-10-091-0/+10
| | | | | | | | | | | | | | | | | | | | | | to add the offending code in np_v8object.cpp in a ifdef OS_WIN This fixes http://code.google.com/p/chromium/issues/detail?id=2472, which is an issue with popups displayed by the flash plugin in response to a user click, getting blocked. The plugin invokes NPN_Evaluate to execute the javascript. It also invokes the NPN_PushPopupEnabledState/NPN_PopupEnabledState API's to set the popup enabled stack for the duration of the call. The fix is to add the plumbing in NPN_Evaluate to pass in a flag indicating whether popups are allowed for the duration of the call. Bug=2472 R=jam Review URL: http://codereview.chromium.org/6379 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@3119 0039d316-1c4b-4281-b951-d872f2087c98
* Revert r3074 due to Mac build bustagemark@chromium.org2008-10-091-10/+0
| | | | | | Review URL: http://codereview.chromium.org/6378 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@3088 0039d316-1c4b-4281-b951-d872f2087c98
* This fixes http://code.google.com/p/chromium/issues/detail?id=2472, whichananta@chromium.org2008-10-081-0/+10
| | | | | | | | | | | | | | | | | | is an issue with popups displayed by the flash plugin in response to a user click, getting blocked. The plugin invokes NPN_Evaluate to execute the javascript. It also invokes the NPN_PushPopupEnabledState/NPN_PopupEnabledState API's to set the popup enabled stack for the duration of the call. The fix is to add the plumbing in NPN_Evaluate to pass in a flag indicating whether popups are allowed for the duration of the call. Bug=2472 Review URL: http://codereview.chromium.org/6562 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@3074 0039d316-1c4b-4281-b951-d872f2087c98
* This fixes the following bugs:-iyengar@google.com2008-09-201-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1.http://code.google.com/p/chromium/issues/detail?id=292 This was a painting issue in the XStandard plugin. The bug occurs in a windowed instance of the plugin. We handle window repositions in the plugin process until the window becomes visible. We set the SWP_NOREDRAW flag in the SetWindowPos call. This turns off client/non-client paints. After the SetWindowPos call we invalidate the client area. The plugin only receives WM_PAINT as a result. The plugin relies on the WM_NCPAINT message being received as well. In any case the SWP_NOREDRAW flag does not buy us much as we invalidate immediately after. The fix is to take out this flag. 2.http://code.google.com/p/chromium/issues/detail?id=2556 The plugin invoked the NPN_GetValue function to retreive the window script object. This call fails in this case probably because the plugin instance in the renderer process is in the process of shutting down. We return a failure from the call. The plugin fails to check the return code and ends up invoking NPN_GetProperty on a NULL NPObject which causes a crash in chrome when we try to create a proxy for the same. The fix is to add NULL NPObject checks in the NPObjectProxy members and return early. Bug=292,2556 R=jam Review URL: http://codereview.chromium.org/3176 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@2429 0039d316-1c4b-4281-b951-d872f2087c98
* Use a more compact license header in source files.license.bot2008-08-241-28/+4
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@1287 0039d316-1c4b-4281-b951-d872f2087c98
* Improve NPRuntime marshalling by adding glue functions for serializing / ↵darin@google.com2008-08-061-1/+1
| | | | | | | | deserializing a NPIdentifier. Also kill some extraneous std::string copies in NPVariant_Param code. If you like I could eliminate NPIdentifier_Param in place of using NPIdentifier directly. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@442 0039d316-1c4b-4281-b951-d872f2087c98
* Add chrome to the repository.initial.commit2008-07-261-0/+374
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@15 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-02-01 06:53:27 +0000