• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2004, 2006 Apple Computer, Inc.  All rights reserved.
3  * Copyright (C) 2007-2009 Google, Inc.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
15  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
17  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
18  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
19  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
20  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
21  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
22  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
24  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25  */
26 
27 #include "config.h"
28 
29 #include "bindings/v8/NPV8Object.h"
30 #include "bindings/v8/V8NPObject.h"
31 #include "bindings/v8/npruntime_impl.h"
32 #include "bindings/v8/npruntime_priv.h"
33 
34 #include "wtf/Assertions.h"
35 #include "wtf/HashMap.h"
36 #include "wtf/HashSet.h"
37 #include "wtf/HashTableDeletedValueType.h"
38 
39 #include <stdlib.h>
40 
41 using namespace WebCore;
42 
43 // FIXME: Consider removing locks if we're singlethreaded already.
44 // The static initializer here should work okay, but we want to avoid
45 // static initialization in general.
46 
47 namespace npruntime {
48 
49 // We use StringKey here as the key-type to avoid a string copy to
50 // construct the map key and for faster comparisons than strcmp.
51 class StringKey {
52 public:
StringKey(const char * str)53     explicit StringKey(const char* str) : m_string(str), m_length(strlen(str)) { }
StringKey()54     StringKey() : m_string(0), m_length(0) { }
StringKey(WTF::HashTableDeletedValueType)55     explicit StringKey(WTF::HashTableDeletedValueType) : m_string(hashTableDeletedValue()), m_length(0) { }
56 
operator =(const StringKey & other)57     StringKey& operator=(const StringKey& other)
58     {
59         this->m_string = other.m_string;
60         this->m_length = other.m_length;
61         return *this;
62     }
63 
isHashTableDeletedValue() const64     bool isHashTableDeletedValue() const
65     {
66         return m_string == hashTableDeletedValue();
67     }
68 
69     const char* m_string;
70     size_t m_length;
71 
72 private:
hashTableDeletedValue() const73     const char* hashTableDeletedValue() const
74     {
75         return reinterpret_cast<const char*>(-1);
76     }
77 };
78 
operator ==(const StringKey & x,const StringKey & y)79 inline bool operator==(const StringKey& x, const StringKey& y)
80 {
81     if (x.m_length != y.m_length)
82         return false;
83     if (x.m_string == y.m_string)
84         return true;
85 
86     ASSERT(!x.isHashTableDeletedValue() && !y.isHashTableDeletedValue());
87     return !memcmp(x.m_string, y.m_string, y.m_length);
88 }
89 
90 // Implement WTF::DefaultHash<StringKey>::Hash interface.
91 struct StringKeyHash {
hashnpruntime::StringKeyHash92     static unsigned hash(const StringKey& key)
93     {
94         // Compute string hash.
95         unsigned hash = 0;
96         size_t len = key.m_length;
97         const char* str = key.m_string;
98         for (size_t i = 0; i < len; i++) {
99             char c = str[i];
100             hash += c;
101             hash += (hash << 10);
102             hash ^= (hash >> 6);
103         }
104         hash += (hash << 3);
105         hash ^= (hash >> 11);
106         hash += (hash << 15);
107         if (hash == 0)
108             hash = 27;
109         return hash;
110     }
111 
equalnpruntime::StringKeyHash112     static bool equal(const StringKey& x, const StringKey& y)
113     {
114         return x == y;
115     }
116 
117     static const bool safeToCompareToEmptyOrDeleted = true;
118 };
119 
120 }  // namespace npruntime
121 
122 using npruntime::StringKey;
123 using npruntime::StringKeyHash;
124 
125 // Implement HashTraits<StringKey>
126 struct StringKeyHashTraits : WTF::GenericHashTraits<StringKey> {
constructDeletedValueStringKeyHashTraits127     static void constructDeletedValue(StringKey& slot)
128     {
129         new (&slot) StringKey(WTF::HashTableDeletedValue);
130     }
131 
isDeletedValueStringKeyHashTraits132     static bool isDeletedValue(const StringKey& value)
133     {
134         return value.isHashTableDeletedValue();
135     }
136 };
137 
138 typedef WTF::HashMap<StringKey, PrivateIdentifier*, StringKeyHash, StringKeyHashTraits> StringIdentifierMap;
139 
getStringIdentifierMap()140 static StringIdentifierMap* getStringIdentifierMap()
141 {
142     static StringIdentifierMap* stringIdentifierMap = 0;
143     if (!stringIdentifierMap)
144         stringIdentifierMap = new StringIdentifierMap();
145     return stringIdentifierMap;
146 }
147 
148 typedef WTF::HashMap<int, PrivateIdentifier*> IntIdentifierMap;
149 
getIntIdentifierMap()150 static IntIdentifierMap* getIntIdentifierMap()
151 {
152     static IntIdentifierMap* intIdentifierMap = 0;
153     if (!intIdentifierMap)
154         intIdentifierMap = new IntIdentifierMap();
155     return intIdentifierMap;
156 }
157 
158 extern "C" {
159 
_NPN_GetStringIdentifier(const NPUTF8 * name)160 NPIdentifier _NPN_GetStringIdentifier(const NPUTF8* name)
161 {
162     ASSERT(name);
163 
164     if (name) {
165 
166         StringKey key(name);
167         StringIdentifierMap* identMap = getStringIdentifierMap();
168         StringIdentifierMap::iterator iter = identMap->find(key);
169         if (iter != identMap->end())
170             return static_cast<NPIdentifier>(iter->value);
171 
172         size_t nameLen = key.m_length;
173 
174         // We never release identifiers, so this dictionary will grow.
175         PrivateIdentifier* identifier = static_cast<PrivateIdentifier*>(malloc(sizeof(PrivateIdentifier) + nameLen + 1));
176         char* nameStorage = reinterpret_cast<char*>(identifier + 1);
177         memcpy(nameStorage, name, nameLen + 1);
178         identifier->isString = true;
179         identifier->value.string = reinterpret_cast<NPUTF8*>(nameStorage);
180         key.m_string = nameStorage;
181         identMap->set(key, identifier);
182         return (NPIdentifier)identifier;
183     }
184 
185     return 0;
186 }
187 
_NPN_GetStringIdentifiers(const NPUTF8 ** names,int32_t nameCount,NPIdentifier * identifiers)188 void _NPN_GetStringIdentifiers(const NPUTF8** names, int32_t nameCount, NPIdentifier* identifiers)
189 {
190     ASSERT(names);
191     ASSERT(identifiers);
192 
193     if (names && identifiers) {
194         for (int i = 0; i < nameCount; i++)
195             identifiers[i] = _NPN_GetStringIdentifier(names[i]);
196     }
197 }
198 
_NPN_GetIntIdentifier(int32_t intId)199 NPIdentifier _NPN_GetIntIdentifier(int32_t intId)
200 {
201     // Special case for -1 and 0, both cannot be used as key in HashMap.
202     if (!intId || intId == -1) {
203         static PrivateIdentifier* minusOneOrZeroIds[2];
204         PrivateIdentifier* id = minusOneOrZeroIds[intId + 1];
205         if (!id) {
206             id = reinterpret_cast<PrivateIdentifier*>(malloc(sizeof(PrivateIdentifier)));
207             id->isString = false;
208             id->value.number = intId;
209             minusOneOrZeroIds[intId + 1] = id;
210         }
211         return (NPIdentifier) id;
212     }
213 
214     IntIdentifierMap* identMap = getIntIdentifierMap();
215     IntIdentifierMap::iterator iter = identMap->find(intId);
216     if (iter != identMap->end())
217         return static_cast<NPIdentifier>(iter->value);
218 
219     // We never release identifiers, so this dictionary will grow.
220     PrivateIdentifier* identifier = reinterpret_cast<PrivateIdentifier*>(malloc(sizeof(PrivateIdentifier)));
221     identifier->isString = false;
222     identifier->value.number = intId;
223     identMap->set(intId, identifier);
224     return (NPIdentifier)identifier;
225 }
226 
_NPN_IdentifierIsString(NPIdentifier identifier)227 bool _NPN_IdentifierIsString(NPIdentifier identifier)
228 {
229     PrivateIdentifier* privateIdentifier = reinterpret_cast<PrivateIdentifier*>(identifier);
230     return privateIdentifier->isString;
231 }
232 
_NPN_UTF8FromIdentifier(NPIdentifier identifier)233 NPUTF8 *_NPN_UTF8FromIdentifier(NPIdentifier identifier)
234 {
235     PrivateIdentifier* privateIdentifier = reinterpret_cast<PrivateIdentifier*>(identifier);
236     if (!privateIdentifier->isString || !privateIdentifier->value.string)
237         return 0;
238 
239     return (NPUTF8*) strdup(privateIdentifier->value.string);
240 }
241 
_NPN_IntFromIdentifier(NPIdentifier identifier)242 int32_t _NPN_IntFromIdentifier(NPIdentifier identifier)
243 {
244     PrivateIdentifier* privateIdentifier = reinterpret_cast<PrivateIdentifier*>(identifier);
245     if (privateIdentifier->isString)
246         return 0;
247     return privateIdentifier->value.number;
248 }
249 
_NPN_ReleaseVariantValue(NPVariant * variant)250 void _NPN_ReleaseVariantValue(NPVariant* variant)
251 {
252     ASSERT(variant);
253 
254     if (variant->type == NPVariantType_Object) {
255         _NPN_ReleaseObject(variant->value.objectValue);
256         variant->value.objectValue = 0;
257     } else if (variant->type == NPVariantType_String) {
258         free((void*)variant->value.stringValue.UTF8Characters);
259         variant->value.stringValue.UTF8Characters = 0;
260         variant->value.stringValue.UTF8Length = 0;
261     }
262 
263     variant->type = NPVariantType_Void;
264 }
265 
_NPN_CreateObject(NPP npp,NPClass * npClass)266 NPObject *_NPN_CreateObject(NPP npp, NPClass* npClass)
267 {
268     ASSERT(npClass);
269 
270     if (npClass) {
271         NPObject* npObject;
272         if (npClass->allocate != 0)
273             npObject = npClass->allocate(npp, npClass);
274         else
275             npObject = reinterpret_cast<NPObject*>(malloc(sizeof(NPObject)));
276 
277         npObject->_class = npClass;
278         npObject->referenceCount = 1;
279         return npObject;
280     }
281 
282     return 0;
283 }
284 
_NPN_RetainObject(NPObject * npObject)285 NPObject* _NPN_RetainObject(NPObject* npObject)
286 {
287     ASSERT(npObject);
288     ASSERT(npObject->referenceCount > 0);
289 
290     if (npObject)
291         npObject->referenceCount++;
292 
293     return npObject;
294 }
295 
296 // _NPN_DeallocateObject actually deletes the object.  Technically,
297 // callers should use _NPN_ReleaseObject.  Webkit exposes this function
298 // to kill objects which plugins may not have properly released.
_NPN_DeallocateObject(NPObject * npObject)299 void _NPN_DeallocateObject(NPObject* npObject)
300 {
301     ASSERT(npObject);
302 
303     if (npObject) {
304         // NPObjects that remain in pure C++ may never have wrappers.
305         // Hence, if it's not already alive, don't unregister it.
306         // If it is alive, unregister it as the *last* thing we do
307         // so that it can do as much cleanup as possible on its own.
308         if (_NPN_IsAlive(npObject))
309             _NPN_UnregisterObject(npObject);
310 
311         npObject->referenceCount = -1;
312         if (npObject->_class->deallocate)
313             npObject->_class->deallocate(npObject);
314         else
315             free(npObject);
316     }
317 }
318 
_NPN_ReleaseObject(NPObject * npObject)319 void _NPN_ReleaseObject(NPObject* npObject)
320 {
321     ASSERT(npObject);
322     ASSERT(npObject->referenceCount >= 1);
323 
324     if (npObject && npObject->referenceCount >= 1) {
325         if (!--npObject->referenceCount)
326             _NPN_DeallocateObject(npObject);
327     }
328 }
329 
_NPN_InitializeVariantWithStringCopy(NPVariant * variant,const NPString * value)330 void _NPN_InitializeVariantWithStringCopy(NPVariant* variant, const NPString* value)
331 {
332     variant->type = NPVariantType_String;
333     variant->value.stringValue.UTF8Length = value->UTF8Length;
334     variant->value.stringValue.UTF8Characters = reinterpret_cast<NPUTF8*>(malloc(sizeof(NPUTF8) * value->UTF8Length));
335     memcpy((void*)variant->value.stringValue.UTF8Characters, value->UTF8Characters, sizeof(NPUTF8) * value->UTF8Length);
336 }
337 
338 } // extern "C"
339 
340 // NPN_Registry
341 //
342 // The registry is designed for quick lookup of NPObjects.
343 // JS needs to be able to quickly lookup a given NPObject to determine
344 // if it is alive or not.
345 // The browser needs to be able to quickly lookup all NPObjects which are
346 // "owned" by an object.
347 //
348 // The liveObjectMap is a hash table of all live objects to their owner
349 // objects.  Presence in this table is used primarily to determine if
350 // objects are live or not.
351 //
352 // The rootObjectMap is a hash table of root objects to a set of
353 // objects that should be deactivated in sync with the root.  A
354 // root is defined as a top-level owner object.  This is used on
355 // Frame teardown to deactivate all objects associated
356 // with a particular plugin.
357 
358 typedef WTF::HashSet<NPObject*> NPObjectSet;
359 typedef WTF::HashMap<NPObject*, NPObject*> NPObjectMap;
360 typedef WTF::HashMap<NPObject*, NPObjectSet*> NPRootObjectMap;
361 
362 // A map of live NPObjects with pointers to their Roots.
liveObjectMap()363 static NPObjectMap& liveObjectMap()
364 {
365     DEFINE_STATIC_LOCAL(NPObjectMap, objectMap, ());
366     return objectMap;
367 }
368 
369 // A map of the root objects and the list of NPObjects
370 // associated with that object.
rootObjectMap()371 static NPRootObjectMap& rootObjectMap()
372 {
373     DEFINE_STATIC_LOCAL(NPRootObjectMap, objectMap, ());
374     return objectMap;
375 }
376 
377 extern "C" {
378 
_NPN_RegisterObject(NPObject * npObject,NPObject * owner)379 void _NPN_RegisterObject(NPObject* npObject, NPObject* owner)
380 {
381     ASSERT(npObject);
382 
383     // Check if already registered.
384     if (liveObjectMap().find(npObject) != liveObjectMap().end())
385         return;
386 
387     if (!owner) {
388         // Registering a new owner object.
389         ASSERT(rootObjectMap().find(npObject) == rootObjectMap().end());
390         rootObjectMap().set(npObject, new NPObjectSet());
391     } else {
392         // Always associate this object with it's top-most parent.
393         // Since we always flatten, we only have to look up one level.
394         NPObjectMap::iterator ownerEntry = liveObjectMap().find(owner);
395         NPObject* parent = 0;
396         if (liveObjectMap().end() != ownerEntry)
397             parent = ownerEntry->value;
398 
399         if (parent)
400             owner = parent;
401         ASSERT(rootObjectMap().find(npObject) == rootObjectMap().end());
402         if (rootObjectMap().find(owner) != rootObjectMap().end())
403             rootObjectMap().get(owner)->add(npObject);
404     }
405 
406     ASSERT(liveObjectMap().find(npObject) == liveObjectMap().end());
407     liveObjectMap().set(npObject, owner);
408 }
409 
_NPN_UnregisterObject(NPObject * npObject)410 void _NPN_UnregisterObject(NPObject* npObject)
411 {
412     ASSERT(npObject);
413     ASSERT_WITH_SECURITY_IMPLICATION(liveObjectMap().find(npObject) != liveObjectMap().end());
414 
415     NPObject* owner = 0;
416     if (liveObjectMap().find(npObject) != liveObjectMap().end())
417         owner = liveObjectMap().find(npObject)->value;
418 
419     if (!owner) {
420         // Unregistering a owner object; also unregister it's descendants.
421         ASSERT_WITH_SECURITY_IMPLICATION(rootObjectMap().find(npObject) != rootObjectMap().end());
422         NPObjectSet* set = rootObjectMap().get(npObject);
423         while (set->size() > 0) {
424 #ifndef NDEBUG
425             unsigned size = set->size();
426 #endif
427             NPObject* sub_object = *(set->begin());
428             // The sub-object should not be a owner!
429             ASSERT(rootObjectMap().find(sub_object) == rootObjectMap().end());
430 
431             // First, unregister the object.
432             set->remove(sub_object);
433             liveObjectMap().remove(sub_object);
434 
435             // Script objects hold a refernce to their DOMWindow*, which is going away if
436             // we're unregistering the associated owner NPObject. Clear it out.
437             if (V8NPObject* v8npObject = npObjectToV8NPObject(sub_object))
438                 v8npObject->rootObject = 0;
439 
440             // Remove the JS references to the object.
441             forgetV8ObjectForNPObject(sub_object);
442 
443             ASSERT(set->size() < size);
444         }
445         delete set;
446         rootObjectMap().remove(npObject);
447     } else {
448         NPRootObjectMap::iterator ownerEntry = rootObjectMap().find(owner);
449         if (ownerEntry != rootObjectMap().end()) {
450             NPObjectSet* list = ownerEntry->value;
451             ASSERT(list->find(npObject) != list->end());
452             list->remove(npObject);
453         }
454     }
455 
456     liveObjectMap().remove(npObject);
457     forgetV8ObjectForNPObject(npObject);
458 }
459 
_NPN_IsAlive(NPObject * npObject)460 bool _NPN_IsAlive(NPObject* npObject)
461 {
462     return liveObjectMap().find(npObject) != liveObjectMap().end();
463 }
464 
465 } // extern "C"
466