Bug 114450 - Default Implementation of toString for NPObject shouldn't return NPClass & NPObject address as String
Summary: Default Implementation of toString for NPObject shouldn't return NPClass & NP...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-04-11 09:37 PDT by Arunprasad Rajkumar
Modified: 2013-04-11 22:18 PDT (History)
3 users (show)

See Also:


Attachments
Patch (1.30 KB, patch)
2013-04-11 10:04 PDT, Arunprasad Rajkumar
no flags Details | Formatted Diff | Diff
Patch (1.27 KB, patch)
2013-04-11 12:02 PDT, Arunprasad Rajkumar
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Arunprasad Rajkumar 2013-04-11 09:37:51 PDT
JSValue CInstance::stringValue(ExecState* exec) const
{
    JSValue value;
    if (toJSPrimitive(exec, "toString", value))
        return value;

    // Fallback to default implementation.
    char buf[1024];
    snprintf(buf, sizeof(buf), "NPObject %p, NPClass %p", _object, _object->_class);
    return jsString(exec, buf);
}

In the above toString() default implementation, it leaks address of NPObject & NPClass to JS, it should be something like below,

JSValue CInstance::stringValue(ExecState* exec) const
{
    JSValue value;
    if (toJSPrimitive(exec, "toString", value))
        return value;

    // Fallback to default implementation.
    return jsString(exec, "NPObject");
}
Comment 1 Arunprasad Rajkumar 2013-04-11 10:04:42 PDT
Created attachment 197633 [details]
Patch
Comment 2 WebKit Commit Bot 2013-04-11 11:17:48 PDT
The commit-queue encountered the following flaky tests while processing attachment 197633 [details]:

svg/custom/empty-clip-path.svg bug 114453 (author: rwlbuis@gmail.com)
The commit-queue is continuing to process your patch.
Comment 3 WebKit Commit Bot 2013-04-11 11:18:38 PDT
Comment on attachment 197633 [details]
Patch

Rejecting attachment 197633 [details] from commit-queue.

Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.appspot.com', '--bot-id=webkit-cq-02', 'land-attachment', '--force-clean', '--non-interactive', '--parent-command=commit-queue', 197633, '--port=mac']" exit_code: 2 cwd: /Volumes/Data/EWS/WebKit

Last 500 characters of output:
    -> origin/master
Partial-rebuilding .git/svn/refs/remotes/origin/master/.rev_map.268f45cc-cd09-0410-ab3c-d52691b4dbfc ...
Currently at 148214 = 820de4ece1da437818b95493f95a9bd02d45ac22
r148215 = 2bf34076aea6c98a56cb3985fb0255efc93faac2
r148216 = 39af3eace1316d74ce17e04bdd5c449fcf51da8d
Done rebuilding .git/svn/refs/remotes/origin/master/.rev_map.268f45cc-cd09-0410-ab3c-d52691b4dbfc
First, rewinding head to replay your work on top of it...
Fast-forwarded master to refs/remotes/origin/master.

Full output: http://webkit-queues.appspot.com/results/19114
Comment 4 Arunprasad Rajkumar 2013-04-11 12:02:07 PDT
Created attachment 197650 [details]
Patch
Comment 5 WebKit Commit Bot 2013-04-11 12:35:55 PDT
Comment on attachment 197650 [details]
Patch

Clearing flags on attachment: 197650

Committed r148224: <http://trac.webkit.org/changeset/148224>
Comment 6 WebKit Commit Bot 2013-04-11 12:35:56 PDT
All reviewed patches have been landed.  Closing bug.
Comment 7 Darin Adler 2013-04-11 12:47:03 PDT
Comment on attachment 197650 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=197650&action=review

> Source/WebCore/bridge/c/c_instance.cpp:285
> +    return jsString(exec, "NPObject");

This should be calling jsNontrivialString rather than jsString.
Comment 8 Arunprasad Rajkumar 2013-04-11 22:18:57 PDT
(In reply to comment #7)
> (From update of attachment 197650 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=197650&action=review
> 
> > Source/WebCore/bridge/c/c_instance.cpp:285
> > +    return jsString(exec, "NPObject");
> 
> This should be calling jsNontrivialString rather than jsString.

jsNontrivialString(exec, String(ASCIILiteral("NPObject")) is ok?