[Bug 487141] [NEW] [Patch included] NPN_GetStringIdentifiers implementation is broken

[Tristan Schmelcher]

Public bug reported:

Binary package hint: nspluginwrapper

There is a bug in the NPN_GetStringIdentifiers implementation in
nspluginwrapper that makes it completely broken, 100% of the time. The
bug exists in versions 1.2.0 and later. The issue is that NPIdentifiers
are passed to the do_send_NPIdentifier function by _value_, not by
pointer, which is how other parameters are passed to their marshallers.
This is fine when calling rpc_method_send_reply (as in the singular
version, NPN_GetStringIdentifier), but it results in a bug when
marshalling arrays of NPIdentifiers, because the array marshalling code
in rpc_message_send_args passes the individual elements by passing a
pointer to their position in the array. This resulted in
do_send_NPIdentifier interpreting the address of the NPIdentifier as the
NPIdentifier itself. As a result, nspluginwrapper's implementation of
NPN_GetStringIdentifiers was broken, because the NPIdentifier values
that it returned to the plugin were mapped to garbage addresses in the
browser.

My fix is to change NPIdentifiers to be passed by pointer. I sent the
patch to upstream a while ago, but the author hasn't responded and there
hasn't been any activity on the upstream nspluginwrapper source control
system in a while. But I figure you'd probably like to incorporate it
into Ubuntu.

Note that the patch has already been incorporated into Fedora. You can
get more info about it here:
https://bugzilla.redhat.com/show_bug.cgi?id=511897.

** Affects: nspluginwrapper (Ubuntu)
     Importance: Undecided
         Status: New

-- 
[Patch included] NPN_GetStringIdentifiers implementation is broken
https://bugs.launchpad.net/bugs/487141
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to nspluginwrapper in ubuntu.