Bug 800838 - Guard against invalid NPP when unscheduling plugin timers on Android r=blassey

2024-10-12 04:45:45 +00:00 · 2013-01-23 09:16:26 -05:00 · 2013-01-23 09:16:26 -05:00 · 3989b37208
commit 3989b37208
parent 61f0d489c8
3 changed files with 29 additions and 0 deletions
--- a/dom/plugins/base/nsNPAPIPlugin.cpp
+++ b/dom/plugins/base/nsNPAPIPlugin.cpp
@ -2813,7 +2813,13 @@ _scheduletimer(NPP instance, uint32_t interval, NPBool repeat, PluginTimerFunc t
 void NP_CALLBACK
 _unscheduletimer(NPP instance, uint32_t timerID)
 {
+#ifdef MOZ_WIDGET_ANDROID
+  // Sometimes Flash calls this with a dead NPP instance. Ensure the one we have
+  // here is valid and maps to a nsNPAPIPluginInstance.
+  nsNPAPIPluginInstance *inst = nsNPAPIPluginInstance::GetFromNPP(instance);
+#else
  nsNPAPIPluginInstance *inst = (nsNPAPIPluginInstance *)instance->ndata;
+#endif
  if (!inst)
    return;

--- a/dom/plugins/base/nsNPAPIPluginInstance.cpp
+++ b/dom/plugins/base/nsNPAPIPluginInstance.cpp
@ -151,6 +151,8 @@ private:
  Mutex mLock;
 };

+static std::map<NPP, nsNPAPIPluginInstance*> sPluginNPPMap;
+
 #endif

 using namespace mozilla;
@ -190,12 +192,20 @@ nsNPAPIPluginInstance::nsNPAPIPluginInstance()
  mNPP.ndata = this;

  PLUGIN_LOG(PLUGIN_LOG_BASIC, ("nsNPAPIPluginInstance ctor: this=%p\n",this));
+
+#ifdef MOZ_WIDGET_ANDROID
+  sPluginNPPMap[&mNPP] = this;
+#endif
 }

 nsNPAPIPluginInstance::~nsNPAPIPluginInstance()
 {
  PLUGIN_LOG(PLUGIN_LOG_BASIC, ("nsNPAPIPluginInstance dtor: this=%p\n",this));

+#ifdef MOZ_WIDGET_ANDROID
+  sPluginNPPMap.erase(&mNPP);
+#endif
+
  if (mMIMEType) {
    PR_Free((void *)mMIMEType);
    mMIMEType = nullptr;
@ -1052,6 +1062,17 @@ void nsNPAPIPluginInstance::SetInverted(bool aInverted)
  mInverted = aInverted;
 }

+nsNPAPIPluginInstance* nsNPAPIPluginInstance::GetFromNPP(NPP npp)
+{
+  std::map<NPP, nsNPAPIPluginInstance*>::iterator it;
+
+  it = sPluginNPPMap.find(npp);
+  if (it == sPluginNPPMap.end())
+    return nullptr;
+
+  return it->second;
+}
+
 #endif

 nsresult nsNPAPIPluginInstance::GetDrawingModel(int32_t* aModel)
--- a/dom/plugins/base/nsNPAPIPluginInstance.h
+++ b/dom/plugins/base/nsNPAPIPluginInstance.h
@ -207,6 +207,8 @@ public:

  void SetInverted(bool aInverted);
  bool Inverted() { return mInverted; }
+
+  static nsNPAPIPluginInstance* GetFromNPP(NPP npp);
 #endif

  nsresult NewStreamListener(const char* aURL, void* notifyData,