RESOLVED FIXED Bug 114450
Default Implementation of toString for NPObject shouldn't return NPClass & NPObject address as String 
https://bugs.webkit.org/show_bug.cgi?id=114450
Summary Default Implementation of toString for NPObject shouldn't return NPClass & NP...
Arunprasad Rajkumar
Reported 2013-04-11 09:37:51 PDT
JSValue CInstance::stringValue(ExecState* exec) const { JSValue value; if (toJSPrimitive(exec, "toString", value)) return value; // Fallback to default implementation. char buf[1024]; snprintf(buf, sizeof(buf), "NPObject %p, NPClass %p", _object, _object->_class); return jsString(exec, buf); } In the above toString() default implementation, it leaks address of NPObject & NPClass to JS, it should be something like below, JSValue CInstance::stringValue(ExecState* exec) const { JSValue value; if (toJSPrimitive(exec, "toString", value)) return value; // Fallback to default implementation. return jsString(exec, "NPObject"); }
Attachments
Patch (1.30 KB, patch)
2013-04-11 10:04 PDT, Arunprasad Rajkumar 		no flags
DetailsFormatted DiffDiff
Patch (1.27 KB, patch)
2013-04-11 12:02 PDT, Arunprasad Rajkumar 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Arunprasad Rajkumar
Comment 1 2013-04-11 10:04:42 PDT
Created attachment 197633 [details] Patch
WebKit Commit Bot
Comment 2 2013-04-11 11:17:48 PDT
The commit-queue encountered the following flaky tests while processing attachment 197633 [details]: svg/custom/empty-clip-path.svg bug 114453 (author: rwlbuis@gmail.com) The commit-queue is continuing to process your patch.
WebKit Commit Bot
Comment 3 2013-04-11 11:18:38 PDT
Comment on attachment 197633 [details] Patch Rejecting attachment 197633 [details] from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.appspot.com', '--bot-id=webkit-cq-02', 'land-attachment', '--force-clean', '--non-interactive', '--parent-command=commit-queue', 197633, '--port=mac']" exit_code: 2 cwd: /Volumes/Data/EWS/WebKit Last 500 characters of output: -> origin/master Partial-rebuilding .git/svn/refs/remotes/origin/master/.rev_map.268f45cc-cd09-0410-ab3c-d52691b4dbfc ... Currently at 148214 = 820de4ece1da437818b95493f95a9bd02d45ac22 r148215 = 2bf34076aea6c98a56cb3985fb0255efc93faac2 r148216 = 39af3eace1316d74ce17e04bdd5c449fcf51da8d Done rebuilding .git/svn/refs/remotes/origin/master/.rev_map.268f45cc-cd09-0410-ab3c-d52691b4dbfc First, rewinding head to replay your work on top of it... Fast-forwarded master to refs/remotes/origin/master. Full output: http://webkit-queues.appspot.com/results/19114
Arunprasad Rajkumar
Comment 4 2013-04-11 12:02:07 PDT
Created attachment 197650 [details] Patch
WebKit Commit Bot
Comment 5 2013-04-11 12:35:55 PDT
Comment on attachment 197650 [details] Patch Clearing flags on attachment: 197650 Committed r148224: <http://trac.webkit.org/changeset/148224>
WebKit Commit Bot
Comment 6 2013-04-11 12:35:56 PDT
All reviewed patches have been landed. Closing bug.
Darin Adler
Comment 7 2013-04-11 12:47:03 PDT
Comment on attachment 197650 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=197650&action=review > Source/WebCore/bridge/c/c_instance.cpp:285 > + return jsString(exec, "NPObject"); This should be calling jsNontrivialString rather than jsString.
Arunprasad Rajkumar
Comment 8 2013-04-11 22:18:57 PDT
(In reply to comment #7) > (From update of attachment 197650 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=197650&action=review > > > Source/WebCore/bridge/c/c_instance.cpp:285 > > + return jsString(exec, "NPObject"); > > This should be calling jsNontrivialString rather than jsString. jsNontrivialString(exec, String(ASCIILiteral("NPObject")) is ok?
Note You need to log in before you can comment on or make changes to this bug.