From e95c0454d924e6e59b06255421ba50d97ac6eb80 Mon Sep 17 00:00:00 2001 From: "ajwong@chromium.org" Date: Thu, 26 Aug 2010 23:29:30 +0000 Subject: Make PPB_Var's VarFromUtf8() validate the input for UTF-8 correctness. Return Null if invalid. BUG=53233 TEST=compiles Review URL: http://codereview.chromium.org/3174033 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57604 0039d316-1c4b-4281-b951-d872f2087c98 --- DEPS | 2 +- webkit/glue/plugins/pepper_var.cc | 13 ++++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/DEPS b/DEPS index a646c8c..a519fef 100644 --- a/DEPS +++ b/DEPS @@ -163,7 +163,7 @@ deps = { Var("libvpx_revision"), "src/third_party/ppapi": - "http://ppapi.googlecode.com/svn/trunk@210", + "http://ppapi.googlecode.com/svn/trunk@212", "src/third_party/libjingle/source": "http://libjingle.googlecode.com/svn/branches/nextsnap@" + diff --git a/webkit/glue/plugins/pepper_var.cc b/webkit/glue/plugins/pepper_var.cc index 78e9479..e578523 100644 --- a/webkit/glue/plugins/pepper_var.cc +++ b/webkit/glue/plugins/pepper_var.cc @@ -503,11 +503,18 @@ void Release(PP_Var var) { } PP_Var VarFromUtf8(const char* data, uint32_t len) { - String* str = new String(data, len); - str->AddRef(); // This is for the caller, we return w/ a refcount of 1. + scoped_refptr str = new String(data, len); + + if (!str || !IsStringUTF8(str->value())) { + return PP_MakeNull(); + } + PP_Var ret; ret.type = PP_VARTYPE_STRING; - ret.value.as_id = reinterpret_cast(str); + + // The caller takes ownership now. + ret.value.as_id = reinterpret_cast(str.release()); + return ret; } -- cgit v1.1