nspluginwrapper crash in the "plugin_instance" function

Bug #344639 reported by Dima Ryazanov on 2009-03-18
2
Affects Status Importance Assigned to Milestone
nspluginwrapper (Ubuntu)
Undecided
Unassigned

Bug Description

nspluginwrapper can crash if the browser gives it a NULL plugin instance. In npw-wrapper.c, it calls "plugin_instance" lots of times and checks if the return value is NULL - which doesn't do any good, because plugin_instance itself dereferences its return value inside of "assert":

static inline PluginInstance *plugin_instance(NPP instance)
{
  PluginInstance *plugin = (PluginInstance *)instance->pdata;
  assert(plugin->instance == instance);
  return plugin;
}

Changing it to "assert(!plugin || plugin->instance == instance)" should fix it.

Also, asserts probably shouldn't be enabled in release mode...

affects: ubuntu → nspluginwrapper (Ubuntu)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers