diff options
6 files changed, 129 insertions, 1 deletions
@@ -1,3 +1,18 @@ +2013-10-24 Andrew Azores <[email protected]> + + Fix array index out of bounds due to malformed plugin message (PR539) + * plugin/icedteanp/IcedTeaPluginRequestProcessor.cc: (_getMember, + _getString) append "null" to result when call is unsuccessful + * tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.html: + new test to ensure failed calls to getMember and getString on JSObject do + not produce malformed results + * tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.js: + same + * tests/reproducers/simple/JSObjectWithoutToString/srcs/JSObjectWithoutToString.java: + same + * tests/reproducers/simple/JSObjectWithoutToString/testcases/JSObjectWithoutToStringTest.java: + same + 2013-10-23 Jiri Vanek <[email protected]> C-part of plugin is now also trying to follow XDG diff --git a/plugin/icedteanp/IcedTeaPluginRequestProcessor.cc b/plugin/icedteanp/IcedTeaPluginRequestProcessor.cc index 9d459b2..a9ad33d 100644 --- a/plugin/icedteanp/IcedTeaPluginRequestProcessor.cc +++ b/plugin/icedteanp/IcedTeaPluginRequestProcessor.cc @@ -810,7 +810,9 @@ _getMember(void* data) { createJavaObjectFromVariant(instance, *member_ptr, &member_ptr_str); ((AsyncCallThreadData*) data)->result.append(member_ptr_str); - + } else + { + ((AsyncCallThreadData*) data)->result.append("null"); } ((AsyncCallThreadData*) data)->result_ready = true; @@ -956,6 +958,9 @@ _getString(void* data) if (((AsyncCallThreadData*) data)->call_successful) { createJavaObjectFromVariant(instance, tostring_result, &(((AsyncCallThreadData*) data)->result)); + } else + { + ((AsyncCallThreadData*) data)->result.append("null"); } ((AsyncCallThreadData*) data)->result_ready = true; diff --git a/tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.html b/tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.html new file mode 100644 index 0000000..558d1b9 --- /dev/null +++ b/tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.html @@ -0,0 +1,25 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html lang="en-US"> + <head> + <title>JavaScript to Java LiveConnect - Function return values from applet</title> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> + + <script language="JavaScript" src="JSObjectWithoutToString.js"></script> + + </head> + <body> + + <h2> The JSObjectWithoutToString html page</h2> + + + <applet code="JSObjectWithoutToString" archive="JSObjectWithoutToString.jar" width="1000" height="100" id="jswithouttostring" MAYSCRIPT> + </applet> + + <div id="messageDiv"></div> + + <script laguage="javascript"> + doToStringTest(); + </script> + + </body> +</html> diff --git a/tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.js b/tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.js new file mode 100644 index 0000000..47d7d97 --- /dev/null +++ b/tests/reproducers/simple/JSObjectWithoutToString/resources/JSObjectWithoutToString.js @@ -0,0 +1,8 @@ +function doToStringTest(){ + var applet = document.getElementById('jswithouttostring'); + + var null_obj = Object.create(null); + + applet.callJSToString(null_obj); +} + diff --git a/tests/reproducers/simple/JSObjectWithoutToString/srcs/JSObjectWithoutToString.java b/tests/reproducers/simple/JSObjectWithoutToString/srcs/JSObjectWithoutToString.java new file mode 100644 index 0000000..fa1b06e --- /dev/null +++ b/tests/reproducers/simple/JSObjectWithoutToString/srcs/JSObjectWithoutToString.java @@ -0,0 +1,11 @@ +import java.applet.Applet; +import netscape.javascript.JSObject; + +public class JSObjectWithoutToString extends Applet { + + public void callJSToString(JSObject jso) { + System.out.println(jso.toString()); + System.out.println("*** APPLET FINISHED ***"); + } + +} diff --git a/tests/reproducers/simple/JSObjectWithoutToString/testcases/JSObjectWithoutToStringTest.java b/tests/reproducers/simple/JSObjectWithoutToString/testcases/JSObjectWithoutToStringTest.java new file mode 100644 index 0000000..95156c3 --- /dev/null +++ b/tests/reproducers/simple/JSObjectWithoutToString/testcases/JSObjectWithoutToStringTest.java @@ -0,0 +1,64 @@ +/* JSObjectWithoutToStringTest.java +Copyright (C) 2013 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + */ + +import net.sourceforge.jnlp.ProcessResult; +import net.sourceforge.jnlp.ServerAccess; +import net.sourceforge.jnlp.ServerAccess.AutoClose; +import net.sourceforge.jnlp.browsertesting.BrowserTest; +import net.sourceforge.jnlp.browsertesting.Browsers; +import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener; +import net.sourceforge.jnlp.annotations.KnownToFail; +import net.sourceforge.jnlp.annotations.NeedsDisplay; +import net.sourceforge.jnlp.annotations.TestInBrowsers; +import org.junit.Assert; + +import org.junit.Test; + +public class JSObjectWithoutToStringTest extends BrowserTest { + + private static final String appletCloseString = AutoOkClosingListener.MAGICAL_OK_CLOSING_STRING; + + @Test + @NeedsDisplay + @TestInBrowsers(testIn={Browsers.one}) + public void testJSObjectWithoutToString() throws Exception { + ProcessResult pr = server.executeBrowser("/JSObjectWithoutToString.html", AutoClose.CLOSE_ON_CORRECT_END); + Assert.assertFalse("IndexOutOfBounds exception should not have occurred", pr.stderr.contains("java.lang.ArrayIndexOutOfBoundsException")); + Assert.assertTrue("Applet should have completed normally", pr.stdout.contains(appletCloseString)); + } + +} |