Bug 31561

Summary:

[Chromium] Support null NPObject* parameter in _NPN_SetException

Product:

WebKit

Reporter:

Nate Chapin <japhet>

Component:

WebCore Misc.

Assignee:

Nate Chapin <japhet>

Status:

RESOLVED FIXED

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
patch	fishd: review+

Description Nate Chapin 2009-11-16 12:12:49 PST

Currently, if a plugin calls NPN_SetException and passes us a null NPObject*, we would crash.

Additionally, if an NPN_SetException is coming from an out of process plugin, it is very likely that the NPObject* is pointing to an object living in the plugin's memory space in the plugin process, rather than in the renderer process where the exception is actually being thrown.  This will allow Chromium to just pass in a null NPObject* rather than trying to ferry an object that wouldn't be used anyway between processses.

Comment 1 Nate Chapin 2009-11-16 12:15:32 PST

Created attachment 43318 [details]
patch

Comment 2 Darin Fisher (:fishd, Google) 2009-11-16 14:07:18 PST

Comment on attachment 43318 [details]
patch

> Index: WebCore/ChangeLog
...
> +        Handle the case of a null NPObject* in NPN_SetException in
> +        the V8 bindings.

I had to read the bug summary to understand this patch.  It would be
good to put more of the justification for this change here in the
ChangeLog.

Otherwise, R=me

Comment 3 Nate Chapin 2009-11-16 14:41:32 PST

(In reply to comment #2)
> (From update of attachment 43318 [details])
> > Index: WebCore/ChangeLog
> ...
> > +        Handle the case of a null NPObject* in NPN_SetException in
> > +        the V8 bindings.
> 
> I had to read the bug summary to understand this patch.  It would be
> good to put more of the justification for this change here in the
> ChangeLog.
> 
> Otherwise, R=me

Done and committed: http://trac.webkit.org/changeset/51054