nspluginwrapper crash in the "plugin_instance" function

Bug #344639 reported by Dima Ryazanov
2
Affects Status Importance Assigned to Milestone
nspluginwrapper (Ubuntu)
New
Undecided
Unassigned

Bug Description

nspluginwrapper can crash if the browser gives it a NULL plugin instance. In npw-wrapper.c, it calls "plugin_instance" lots of times and checks if the return value is NULL - which doesn't do any good, because plugin_instance itself dereferences its return value inside of "assert":

static inline PluginInstance *plugin_instance(NPP instance)
{
  PluginInstance *plugin = (PluginInstance *)instance->pdata;
  assert(plugin->instance == instance);
  return plugin;
}

Changing it to "assert(!plugin || plugin->instance == instance)" should fix it.

Also, asserts probably shouldn't be enabled in release mode...

affects: ubuntu → nspluginwrapper (Ubuntu)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.