Closed Bug 548434 Opened 10 years ago Closed 10 years ago

Plugin crash with nspluginwrapper [@ _ZN7mozilla7plugins5childL15_invalidaterectEP4_NPPP7_NPRect ]

Categories

(Core :: Plug-ins, defect)

x86
Linux
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla1.9.3a2

People

(Reporter: karlt, Assigned: karlt)

References

Details

Attachments

(1 file)

From viewing npw-wrapper.c in nspluginwrapper-1.2.2, g_NPP_Destroy sets
plugin->instance to NULL, but it looks like handle_NPN_InvalidateRect is
passing the NULL plugin->instance to mozilla_funcs.invalidaterect.

This would cause the crash at 0x4 accessing ndata in a NULL NPP.  It would be
a bug in the plugin but it wouldn't have caused a crash with IPP.
I don't know why, but _invalidaterect in nsNPAPIPlugin.cpp checks for NULL
NPPs (and also NPP::ndata).
http://hg.mozilla.org/mozilla-central/annotate/29f9e4224533/modules/plugin/base/src/nsNPAPIPlugin.cpp#l1319
Attached patch null checkSplinter Review
Attachment #428839 - Flags: review?(jones.chris.g)
Attachment #428839 - Flags: review?(jones.chris.g) → review+
http://hg.mozilla.org/mozilla-central/rev/2cc3e6d170eb
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.3a2
You need to log in before you can comment on or make changes to this bug.