Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-10 03:45:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bug 535073: prevent plugins from corrupting the stack by making word-size stores to pointers to NPBool (unsigned char). r=bsmedberg

Browse Source
This commit is contained in:
Chris Jones 2009-12-17 00:32:44 -06:00
parent 404076172d
commit 526c1eb4fb
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
dom/plugins/PluginInstanceChild.cpp
View File

@ -284,7 +284,11 @@ PluginInstanceChild::AnswerNPP_GetValue_NPPVpluginNeedsXEmbed(
#ifdef OS_LINUX
NPBool needsXEmbed;
// on x86/32-bit, flash stores to this using |movl 0x1,&needsXEmbed|.
// thus we can't NPBool for needsXEmbed, or the three bytes above
// it on the stack would get clobbered. so protect with unsigned
// long.
unsigned long needsXEmbed = 0;
*rv = mPluginIface->getvalue(GetNPP(), NPPVpluginNeedsXEmbed,
reinterpret_cast<void*>(&needsXEmbed));
*needs = needsXEmbed;