From 4d8cfe5bdb364fe3f4fca59c263dc1cdbd87e7e5 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Thu, 24 Oct 2013 10:11:37 -0400 Subject: Fix array index out of bounds due to malformed plugin message (PR539) Failed calls to getString and getMember on JSObjects should not produce malformed result strings. "null" is appended to result rather than empty string. * plugin/icedteanp/IcedTeaPluginRequestProcessor.cc: (_getMember, _getString) append "null" to result when call is unsuccessful * tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.html: new test to ensure failed calls to getMember and getString on JSObject do not produce malformed results * tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.js: same * tests/reproducers/simple/JSObjectWithoutToString/srcs/JSObjectWithoutToString.java: same * tests/reproducers/simple/JSObjectWithoutToString/testcases/JSObjectWithoutToStringTest.java: same --- plugin/icedteanp/IcedTeaPluginRequestProcessor.cc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'plugin') diff --git a/plugin/icedteanp/IcedTeaPluginRequestProcessor.cc b/plugin/icedteanp/IcedTeaPluginRequestProcessor.cc index 9d459b2..a9ad33d 100644 --- a/plugin/icedteanp/IcedTeaPluginRequestProcessor.cc +++ b/plugin/icedteanp/IcedTeaPluginRequestProcessor.cc @@ -810,7 +810,9 @@ _getMember(void* data) { createJavaObjectFromVariant(instance, *member_ptr, &member_ptr_str); ((AsyncCallThreadData*) data)->result.append(member_ptr_str); - + } else + { + ((AsyncCallThreadData*) data)->result.append("null"); } ((AsyncCallThreadData*) data)->result_ready = true; @@ -956,6 +958,9 @@ _getString(void* data) if (((AsyncCallThreadData*) data)->call_successful) { createJavaObjectFromVariant(instance, tostring_result, &(((AsyncCallThreadData*) data)->result)); + } else + { + ((AsyncCallThreadData*) data)->result.append("null"); } ((AsyncCallThreadData*) data)->result_ready = true; -- cgit v1.2.3