Bug 119231 - Null deref under PluginView::handlesPageScaleFactor()
Summary: Null deref under PluginView::handlesPageScaleFactor()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Plug-ins (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Tim Horton
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2013-07-29 17:04 PDT by Tim Horton
Modified: 2013-07-30 12:37 PDT (History)
1 user (show)

See Also:

Attachments
patch (1.83 KB, patch)
2013-07-29 17:07 PDT, Tim Horton 		simon.fraser: review+
Details | Formatted Diff | Diff
another potential null (1.50 KB, patch)
2013-07-29 22:11 PDT, Tim Horton 		no flags Details | Formatted Diff | Diff
try to make ews go (1.50 KB, patch)
2013-07-29 22:36 PDT, Tim Horton 		darin: review+
Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Horton 2013-07-29 17:04:35 PDT 
PluginView::handlesPageScaleFactor() doesn't null-check m_plugin, but it should. It should check isInitialized as well!

<rdar://problem/14440207>
Comment 1 Tim Horton 2013-07-29 17:07:21 PDT 
Created attachment 207681 [details]
patch
Comment 2 Simon Fraser (smfr) 2013-07-29 17:15:30 PDT 
Comment on attachment 207681 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=207681&action=review

> Source/WebKit2/WebProcess/Plugins/PluginView.h:90
> +    bool handlesPageScaleFactor();

Can this be const?
Comment 3 Tim Horton 2013-07-29 17:19:05 PDT 
(In reply to comment #2)
> (From update of attachment 207681 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=207681&action=review
> 
> > Source/WebKit2/WebProcess/Plugins/PluginView.h:90
> > +    bool handlesPageScaleFactor();
> 
> Can this be const?

Yep. pageScaleFactor() too!

Thanks!

http://trac.webkit.org/changeset/153449
Comment 4 Tim Horton 2013-07-29 22:11:46 PDT 
Created attachment 207686 [details]
another potential null
Comment 5 Tim Horton 2013-07-29 22:35:50 PDT 
Reopened for one more patch (so many things can be null).
Comment 6 Tim Horton 2013-07-29 22:36:19 PDT 
Created attachment 207689 [details]
try to make ews go
Comment 7 Darin Adler 2013-07-30 12:26:41 PDT 
Comment on attachment 207689 [details]
try to make ews go

View in context: https://bugs.webkit.org/attachment.cgi?id=207689&action=review

> Source/WebKit2/WebProcess/WebPage/WebFrame.cpp:490
>      PluginDocument* pluginDocument = static_cast<PluginDocument*>(m_coreFrame->document());
> -    PluginView* pluginView = static_cast<PluginView*>(pluginDocument->pluginWidget());
> +    if (PluginView* pluginView = static_cast<PluginView*>(pluginDocument->pluginWidget()))
> +        return pluginView->handlesPageScaleFactor();
>  
> -    return pluginView->handlesPageScaleFactor();
> +    return 0;

I prefer early return to nesting the main line code in the if. Or using &&.

    return pluginView && pluginView->handlesPageScaleFactor();
Comment 8 Tim Horton 2013-07-30 12:37:57 PDT 
Thanks, Darin. I went with &&.

http://trac.webkit.org/changeset/153486