Bug 95394

Summary:

JSNPObject doesn't always protect its data when calling into plugin code

Product:

WebKit

Reporter:

Mark Hahnenberg <mhahnenberg>

Component:

JavaScriptCore

Assignee:

Mark Hahnenberg <mhahnenberg>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ap, beidson, ggaren

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	beidson: review+

Mark Hahnenberg

Reported 2012-08-29 15:53:21 PDT

We need to use NPRuntimeObjectMap::PluginProtector when calling into plugin code since there's no telling what the plugin will do, including destroying itself.

Attachments
Patch (2.58 KB, patch) 2012-08-29 18:08 PDT, Mark Hahnenberg	beidson: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Mark Hahnenberg

Comment 1 2012-08-29 18:08:19 PDT

Created attachment 161376 [details] Patch

Mark Hahnenberg

Comment 2 2012-08-30 10:40:45 PDT

Committed r127158: <http://trac.webkit.org/changeset/127158>

Note You need to log in before you can comment on or make changes to this bug.