Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-02-18 23:15:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 532246 - Plugins should not be able to obtain an NPObject* belonging to a different NPP, because that instance may go away before this one and the NPObject* may be invalidated and destroyed. Double-wrap in these cases. r=josh sr=jst

Browse Source
This commit is contained in:
Benjamin Smedberg 2009-12-02 12:02:41 -05:00
parent d400edb00a
commit bae03e41a8
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
modules/plugin/base/src/nsJSNPRuntime.cpp
View File

@ -1072,7 +1072,8 @@ nsJSObjWrapper::GetNewOrUsed(NPP npp, JSContext *cx, JSObject *obj)
NPObject *npobj = (NPObject *)::JS_GetPrivate(cx, obj);
return _retainobject(npobj);
if (LookupNPP(npobj) == npp)
return _retainobject(npobj);
}
if (!sJSObjWrappers.ops) {
@ -2027,10 +2028,8 @@ static NPP
LookupNPP(NPObject *npobj)
{
if (npobj->_class == &nsJSObjWrapper::sJSObjWrapperNPClass) {
NS_ERROR("NPP requested for NPObject of class "
"nsJSObjWrapper::sJSObjWrapperNPClass!\n");
return nsnull;
nsJSObjWrapper* o = static_cast<nsJSObjWrapper*>(npobj);
return o->mNpp;
}
NPObjWrapperHashEntry *entry = static_cast<NPObjWrapperHashEntry *>