[webkit-changes] [264701] trunk/Source/WebKit

Wed, 22 Jul 2020 09:30:00 -0700

Title: [264701] trunk/Source/WebKit
Revision
264701
Author
ddkil...@apple.com
Date
2020-07-22 09:28:17 -0700 (Wed, 22 Jul 2020)

Log Message

[IPC hardening] WebKit::ObjCObjectGraph::decode() and encode() should use enum ObjCType type
<https://webkit.org/b/214618>
<rdar://problem/65777899>

Reviewed by Youenn Fablet.

* Shared/mac/ObjCObjectGraph.h:
- Drive-by fix to use #pragma once.  This is included in some
  plain C++ source files.

* Shared/mac/ObjCObjectGraph.mm:
(WebKit::ObjCType):
- Move enum definition to the top of the file so that the
  EnumTraits<> can be defined after it, but before it's used.
(WTF::EnumTraits<WebKit::ObjCType>): Add.
- Define so that IPC::Decoder and IPC::Encoder can validate enum
  values.
(WebKit::ObjCObjectGraph::encode):
- Encode using WebKit::ObjCType value.
- Add ObjCType::Null label so that default: label can be
  removed.  Change break statements to early return statements.
- Move ASSERT_NOT_REACHED() to the end of the method.
(WebKit::ObjCObjectGraph::decode):
- Decode using WebKit::ObjCType value.
- Change break statements to early return statements.
- Remove default: label, and move `return false` to the end of
  the method.  Add ASSERT_NOT_REACHED().

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (264700 => 264701)


--- trunk/Source/WebKit/ChangeLog	2020-07-22 16:21:15 UTC (rev 264700)
+++ trunk/Source/WebKit/ChangeLog	2020-07-22 16:28:17 UTC (rev 264701)
@@ -1,3 +1,33 @@
+2020-07-22  David Kilzer  <ddkil...@apple.com>
+
+        [IPC hardening] WebKit::ObjCObjectGraph::decode() and encode() should use enum ObjCType type
+        <https://webkit.org/b/214618>
+        <rdar://problem/65777899>
+
+        Reviewed by Youenn Fablet.
+
+        * Shared/mac/ObjCObjectGraph.h:
+        - Drive-by fix to use #pragma once.  This is included in some
+          plain C++ source files.
+
+        * Shared/mac/ObjCObjectGraph.mm:
+        (WebKit::ObjCType):
+        - Move enum definition to the top of the file so that the
+          EnumTraits<> can be defined after it, but before it's used.
+        (WTF::EnumTraits<WebKit::ObjCType>): Add.
+        - Define so that IPC::Decoder and IPC::Encoder can validate enum
+          values.
+        (WebKit::ObjCObjectGraph::encode):
+        - Encode using WebKit::ObjCType value.
+        - Add ObjCType::Null label so that default: label can be
+          removed.  Change break statements to early return statements.
+        - Move ASSERT_NOT_REACHED() to the end of the method.
+        (WebKit::ObjCObjectGraph::decode):
+        - Decode using WebKit::ObjCType value.
+        - Change break statements to early return statements.
+        - Remove default: label, and move `return false` to the end of
+          the method.  Add ASSERT_NOT_REACHED().
+
 2020-07-22  Megan Gardner  <megan_gard...@apple.com>
 
         Tapped DataDetected links present sub-menus from the wrong location.

Modified: trunk/Source/WebKit/Shared/mac/ObjCObjectGraph.h (264700 => 264701)


--- trunk/Source/WebKit/Shared/mac/ObjCObjectGraph.h	2020-07-22 16:21:15 UTC (rev 264700)
+++ trunk/Source/WebKit/Shared/mac/ObjCObjectGraph.h	2020-07-22 16:28:17 UTC (rev 264701)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -23,8 +23,7 @@
  * THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef ObjCObjectGraph_h
-#define ObjCObjectGraph_h
+#pragma once
 
 #include "APIObject.h"
 #include <wtf/RetainPtr.h>
@@ -70,5 +69,3 @@
 };
 
 } // namespace WebKit
-
-#endif // ObjCObjectGraph_h

Modified: trunk/Source/WebKit/Shared/mac/ObjCObjectGraph.mm (264700 => 264701)


--- trunk/Source/WebKit/Shared/mac/ObjCObjectGraph.mm	2020-07-22 16:21:15 UTC (rev 264700)
+++ trunk/Source/WebKit/Shared/mac/ObjCObjectGraph.mm	2020-07-22 16:28:17 UTC (rev 264701)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -33,10 +33,48 @@
 #import "WKAPICast.h"
 #import "WKBrowsingContextHandleInternal.h"
 #import "WKTypeRefWrapper.h"
+#import <wtf/OptionSet.h>
 #import <wtf/Optional.h>
 
 namespace WebKit {
 
+enum class ObjCType : uint8_t {
+    Null,
+
+    NSArray,
+    NSData,
+    NSDate,
+    NSDictionary,
+    NSNumber,
+    NSString,
+
+    WKBrowsingContextHandle,
+    WKTypeRefWrapper,
+};
+
+} // namespace WebKit
+
+namespace WTF {
+
+template<> struct EnumTraits<WebKit::ObjCType> {
+    using values = EnumValues<
+        WebKit::ObjCType,
+        WebKit::ObjCType::Null,
+        WebKit::ObjCType::NSArray,
+        WebKit::ObjCType::NSData,
+        WebKit::ObjCType::NSDate,
+        WebKit::ObjCType::NSDictionary,
+        WebKit::ObjCType::NSNumber,
+        WebKit::ObjCType::NSString,
+        WebKit::ObjCType::WKBrowsingContextHandle,
+        WebKit::ObjCType::WKTypeRefWrapper
+    >;
+};
+
+} // namespace WTF
+
+namespace WebKit {
+
 static bool shouldTransformGraph(id object, const ObjCObjectGraph::Transformer& transformer)
 {
     if (NSArray *array = dynamic_objc_cast<NSArray>(object)) {
@@ -94,20 +132,6 @@
     return transformGraph(object, transformer);
 }
 
-enum class ObjCType {
-    Null,
-
-    NSArray,
-    NSData,
-    NSDate,
-    NSDictionary,
-    NSNumber,
-    NSString,
-
-    WKBrowsingContextHandle,
-    WKTypeRefWrapper,
-};
-
 static Optional<ObjCType> typeFromObject(id object)
 {
     ASSERT(object);
@@ -146,9 +170,12 @@
     if (!type)
         [NSException raise:NSInvalidArgumentException format:@"Can not encode objects of class type '%@'", static_cast<NSString *>(NSStringFromClass([object class]))];
 
-    encoder << static_cast<uint32_t>(type.value());
+    encoder << *type;
 
     switch (type.value()) {
+    case ObjCType::Null:
+        return;
+
     case ObjCType::NSArray: {
         NSArray *array = object;
 
@@ -155,16 +182,18 @@
         encoder << static_cast<uint64_t>(array.count);
         for (id element in array)
             encode(encoder, element);
-        break;
+        return;
     }
 
-    case ObjCType::NSData:
+    case ObjCType::NSData: {
         IPC::encode(encoder, static_cast<NSData *>(object));
-        break;
+        return;
+    }
 
-    case ObjCType::NSDate:
+    case ObjCType::NSDate: {
         IPC::encode(encoder, static_cast<NSDate *>(object));
-        break;
+        return;
+    }
 
     case ObjCType::NSDictionary: {
         NSDictionary *dictionary = object;
@@ -174,31 +203,34 @@
             encode(encoder, key);
             encode(encoder, object);
         }];
-        break;
+        return;
     }
 
-    case ObjCType::NSNumber:
+    case ObjCType::NSNumber: {
         IPC::encode(encoder, static_cast<NSNumber *>(object));
-        break;
+        return;
+    }
 
-    case ObjCType::NSString:
+    case ObjCType::NSString: {
         IPC::encode(encoder, static_cast<NSString *>(object));
-        break;
+        return;
+    }
 
-    case ObjCType::WKBrowsingContextHandle:
+    case ObjCType::WKBrowsingContextHandle: {
         encoder << static_cast<WKBrowsingContextHandle *>(object).pageProxyID;
         encoder << static_cast<WKBrowsingContextHandle *>(object).webPageID;
-        break;
+        return;
+    }
 
-    case ObjCType::WKTypeRefWrapper:
+    case ObjCType::WKTypeRefWrapper: {
         ALLOW_DEPRECATED_DECLARATIONS_BEGIN
         UserData::encode(encoder, toImpl(static_cast<WKTypeRefWrapper *>(object).object));
         ALLOW_DEPRECATED_DECLARATIONS_END
-        break;
+        return;
+    }
+    }
 
-    default:
-        ASSERT_NOT_REACHED();
-    }
+    ASSERT_NOT_REACHED();
 }
 
 void ObjCObjectGraph::encode(IPC::Encoder& encoder) const
@@ -208,16 +240,15 @@
 
 bool ObjCObjectGraph::decode(IPC::Decoder& decoder, RetainPtr<id>& result)
 {
-    uint32_t typeAsUInt32;
-    if (!decoder.decode(typeAsUInt32))
+    ObjCType type;
+    if (!decoder.decode(type))
         return false;
 
-    auto type = static_cast<ObjCType>(typeAsUInt32);
-
     switch (type) {
-    case ObjCType::Null:
-        result = nullptr;
-        break;
+    case ObjCType::Null: {
+        result = nil;
+        return true;
+    }
 
     case ObjCType::NSArray: {
         uint64_t size;
@@ -233,7 +264,7 @@
         }
 
         result = WTFMove(array);
-        break;
+        return true;
     }
 
     case ObjCType::NSData: {
@@ -242,7 +273,7 @@
             return false;
 
         result = WTFMove(data);
-        break;
+        return true;
     }
 
     case ObjCType::NSDate: {
@@ -251,7 +282,7 @@
             return false;
 
         result = WTFMove(date);
-        break;
+        return true;
     }
 
     case ObjCType::NSDictionary: {
@@ -277,7 +308,7 @@
         }
 
         result = WTFMove(dictionary);
-        break;
+        return true;
     }
 
     case ObjCType::NSNumber: {
@@ -286,7 +317,7 @@
             return false;
 
         result = WTFMove(number);
-        break;
+        return true;
     }
 
     case ObjCType::NSString: {
@@ -295,7 +326,7 @@
             return false;
 
         result = WTFMove(string);
-        break;
+        return true;
     }
 
     case ObjCType::WKBrowsingContextHandle: {
@@ -309,7 +340,7 @@
             return false;
 
         result = adoptNS([[WKBrowsingContextHandle alloc] _initWithPageProxyID:*pageProxyID andWebPageID:*webPageID]);
-        break;
+        return true;
     }
 
     case ObjCType::WKTypeRefWrapper: {
@@ -320,14 +351,12 @@
         ALLOW_DEPRECATED_DECLARATIONS_BEGIN
         result = adoptNS([[WKTypeRefWrapper alloc] initWithObject:toAPI(object.get())]);
         ALLOW_DEPRECATED_DECLARATIONS_END
-        break;
+        return true;
     }
-
-    default:
-        return false;
     }
 
-    return true;
+    ASSERT_NOT_REACHED();
+    return false;
 }
 
 bool ObjCObjectGraph::decode(IPC::Decoder& decoder, RefPtr<API::Object>& result)
@@ -340,4 +369,4 @@
     return true;
 }
 
-}
+} // namespace WebKit

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to