From 74f15fb2d6c0e6de7b15631aada9997d000bd8ac Mon Sep 17 00:00:00 2001
From: David Parks <daparks@mozilla.com>
Date: Fri, 6 Dec 2019 12:28:18 +0100
Subject: Properly detect failure in receiving plugin NPObjects.

Properly handles NPError reporting and makes sure that, in the case of
failure, it does not return junk for the NPObject.
---
 dom/plugins/ipc/PluginInstanceChild.cpp | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'dom/plugins')

diff --git a/dom/plugins/ipc/PluginInstanceChild.cpp b/dom/plugins/ipc/PluginInstanceChild.cpp
index af9db9103..3f2cdbc13 100644
--- a/dom/plugins/ipc/PluginInstanceChild.cpp
+++ b/dom/plugins/ipc/PluginInstanceChild.cpp
@@ -310,9 +310,10 @@ PluginInstanceChild::InternalGetNPObjectForValue(NPNVariable aValue,
     switch (aValue) {
         case NPNVWindowNPObject:
             if (!(actor = mCachedWindowActor)) {
+                result = NPERR_GENERIC_ERROR;
                 PPluginScriptableObjectChild* actorProtocol;
-                CallNPN_GetValue_NPNVWindowNPObject(&actorProtocol, &result);
-                if (result == NPERR_NO_ERROR) {
+                if (CallNPN_GetValue_NPNVWindowNPObject(&actorProtocol, &result) &&
+                    result == NPERR_NO_ERROR) {
                     actor = mCachedWindowActor =
                         static_cast<PluginScriptableObjectChild*>(actorProtocol);
                     NS_ASSERTION(actor, "Null actor!");
@@ -324,10 +325,10 @@ PluginInstanceChild::InternalGetNPObjectForValue(NPNVariable aValue,
 
         case NPNVPluginElementNPObject:
             if (!(actor = mCachedElementActor)) {
+                result = NPERR_GENERIC_ERROR;
                 PPluginScriptableObjectChild* actorProtocol;
-                CallNPN_GetValue_NPNVPluginElementNPObject(&actorProtocol,
-                                                           &result);
-                if (result == NPERR_NO_ERROR) {
+                if (CallNPN_GetValue_NPNVPluginElementNPObject(&actorProtocol, &result) &&
+                    result == NPERR_NO_ERROR) {
                     actor = mCachedElementActor =
                         static_cast<PluginScriptableObjectChild*>(actorProtocol);
                     NS_ASSERTION(actor, "Null actor!");
@@ -338,6 +339,7 @@ PluginInstanceChild::InternalGetNPObjectForValue(NPNVariable aValue,
             break;
 
         default:
+            result = NPERR_GENERIC_ERROR;
             NS_NOTREACHED("Don't know what to do with this value type!");
     }
 
@@ -434,6 +436,7 @@ PluginInstanceChild::NPN_GetValue(NPNVariable aVar,
     case NPNVWindowNPObject: // Intentional fall-through
     case NPNVPluginElementNPObject: {
         NPObject* object;
+        *((NPObject**)aValue) = nullptr;
         NPError result = InternalGetNPObjectForValue(aVar, &object);
         if (result == NPERR_NO_ERROR) {
             *((NPObject**)aValue) = object;
-- 
cgit v1.2.3