Fix array index out of bounds due to malformed plugin message (PR539)

Failed calls to getString and getMember on JSObjects should not produce malformed
result strings. "null" is appended to result rather than empty string.

* plugin/icedteanp/IcedTeaPluginRequestProcessor.cc: (_getMember,
_getString) append "null" to result when call is unsuccessful
* tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.html:
new test to ensure failed calls to getMember and getString on JSObject do
not produce malformed results
* tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.js:
same
* tests/reproducers/simple/JSObjectWithoutToString/srcs/JSObjectWithoutToString.java:
same
* tests/reproducers/simple/JSObjectWithoutToString/testcases/JSObjectWithoutToStringTest.java:
same

1 files changed, 6 insertions, 1 deletions

diff --git a/plugin/icedteanp/IcedTeaPluginRequestProcessor.cc b/plugin/icedteanp/IcedTeaPluginRequestProcessor.cc
index 9d459b2..a9ad33d 100644
--- a/plugin/icedteanp/IcedTeaPluginRequestProcessor.cc
+++ b/plugin/icedteanp/IcedTeaPluginRequestProcessor.cc
@@ -810,7 +810,9 @@ _getMember(void* data)
     {
         createJavaObjectFromVariant(instance, *member_ptr, &member_ptr_str);
         ((AsyncCallThreadData*) data)->result.append(member_ptr_str);
-
+    } else
+    {
+        ((AsyncCallThreadData*) data)->result.append("null");
     }
     ((AsyncCallThreadData*) data)->result_ready = true;
 
@@ -956,6 +958,9 @@ _getString(void* data)
     if (((AsyncCallThreadData*) data)->call_successful)
     {
         createJavaObjectFromVariant(instance, tostring_result, &(((AsyncCallThreadData*) data)->result));
+    } else
+    {
+        ((AsyncCallThreadData*) data)->result.append("null");
     }
     ((AsyncCallThreadData*) data)->result_ready = true;