Branch: refs/heads/webkitglib/2.50
Home: https://github.com/WebKit/WebKit
Commit: 36778b4265d7c63090dc8c5049394e06a14a4d02
https://github.com/WebKit/WebKit/commit/36778b4265d7c63090dc8c5049394e06a14a4d02
Author: Said Abou-Hallawa <s...@apple.com>
Date: 2025-08-28 (Thu, 28 Aug 2025)
Changed paths:
M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
Log Message:
-----------
Cherry-pick 298452@main (125caaa3e7aa).
https://bugs.webkit.org/show_bug.cgi?id=292809
Validate ShareableBitmapConfiguration fields when sending it over IPC
https://bugs.webkit.org/show_bug.cgi?id=292809
rdar://150772440
Reviewed by Anne van Kesteren.
bytesPerPixel, bytesPerRow and bitmapInfo of ShareableBitmapConfiguration
have
to be checked and validated. Otherwise a buffer overflow can happen when
reading
the pixels of the image.
1. bytesPerPixel should be between 1 and 8 inclusive.
2. bytesPerRow depends on the width of the image and bytesPerPixel.
3. bitmapInfo is unsigned but there should not be any bit set outside the
CGBitmapInfo masks.
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
Originally-landed-as: 289651.506@safari-7621-branch (52c2c7d983e0).
rdar://157793423
Canonical link: https://commits.webkit.org/298452@main
Canonical link: https://commits.webkit.org/298234.73@webkitglib/2.50
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
