Liveconnect bug

Koos Vriezen koos.vriezen at xs4all.nl
Fri Aug 6 18:33:22 BST 2004


on Fri, Aug 06, 2004 at 12:19:22PM -0400, George Staikos wrote:
> On Friday 06 August 2004 11:00, Koos Vriezen wrote:
> > > > No, but you might add some debug at HTMLObjectBaseElementImpl::put and
> > > > HTMLObjectBaseElementImpl::setLiveConnect (html/html_objectimpl.cpp) to
> > > > see if the return value is set to the same liveconnect extension that
> > > > the plugin has.
> > >
> > >    No help so far.  Anyway this is a pretty major bug as far as KHTML is
> > > concerned.  We should entirely disable liveconnect for plugins (and
> > > therefore disable flash) if we can't fix this for 3.3.  The number of
> > > crashes I'm seeing on "everyday websites" is rather large, though in many
> > > cases it doesn't "crash" right away, but it does corrupt itself
> > > internally.
> >
> > I haven't seen any crashes lately with liveconnect and KJAS. Why do you
> > want to disable it. At least tell where the problem is or what clues you
> > have that point to liveconnect (valgrind/bug reports/backtraces/test
> > cases/). This liveconnect code in khtml hasn't changed much since 3.1 and
> > is unchanged compared to 3.2.3.
> >
> > The case you mentioned makes for me the nspluginviewer crash. It has the
> > bt as in bug 81401 (which is likely a dangling pointer in
> > NSPluginInstance::_streams)...hmm after updating, I don't get that one
> > anymore though.. But anyway, this cannot corrupt khtml.
> >
> > I took a quick look at the nsplugin code and noticed that there is no
> > protection against a script that destroys the calling plugin. I've
> > attached a patch for that. Also a static_cast -> dynamic_cast change.
> >
> > So please backup your claims.
> 
>    You could leave it in for KJAS - but for nspluginviewer we're better off 
> not supporting liveconnect at all if we support it incorrectly because the 
> plugins are very poorly written and crash on unexpected responses.  
> http://www.jibjab.com/ illustrates the problem.  Valgrind nspluginviewer if 
> you don't see crashes and you will see the invalid memory accesses.  The 
> problem is definitely that the liveconnect pointer is null for the third 
> flash, after it had detected that liveconnect is supported.  it may have to 
> do with rewriting the document dynamically...  I'm just not sure.  I can't 
> test that patch at least for another day or two because I don't have access 
> to an x86 Linux box at the moment and Macromedia still won't give us a PPC 
> flash plugin.

Ok, you're were talking only about the stand-alone nspluginviewer then.
BR81401 might indeed be a similar case. Have you thought about making
- QPtrList<NSPluginStreamBase> _streams;
+ QValueList<QGuardedPtr<NSPluginStreamBase> > _streams;
or did some debug on construction/destructing these NSPluginStreamBase
objects?
Which liveconnect pointer are you talking about (on what file:line is it
NULL)?

Koos




More information about the kfm-devel mailing list