Title: [218791] trunk/Source/WebKit2
- Revision
- 218791
- Author
- [email protected]
- Date
- 2017-06-24 17:07:17 -0700 (Sat, 24 Jun 2017)
Log Message
[WK2] Make sure encodeClientTypesAndData() / decodeClientTypesAndData() match exactly
https://bugs.webkit.org/show_bug.cgi?id=173813
Reviewed by Ryosuke Niwa.
Make sure encodeClientTypesAndData() / decodeClientTypesAndData() match exactly. The previous
IPC encoder code would assume types and data vector have the same length. It would first encode
the length of data using |data.size()| but then would encode types.size() values from the
data vector. While there are debug assertions to ensure both vectors have the same size, this
seems unnecessarily fragile in release builds. If both vectors happen to have different sizes,
this will lead to weird IPC bugs.
* Shared/WebCoreArgumentCoders.cpp:
(IPC::encodeClientTypesAndData):
(IPC::decodeClientTypesAndData):
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (218790 => 218791)
--- trunk/Source/WebKit2/ChangeLog 2017-06-24 22:29:22 UTC (rev 218790)
+++ trunk/Source/WebKit2/ChangeLog 2017-06-25 00:07:17 UTC (rev 218791)
@@ -1,3 +1,21 @@
+2017-06-24 Chris Dumez <[email protected]>
+
+ [WK2] Make sure encodeClientTypesAndData() / decodeClientTypesAndData() match exactly
+ https://bugs.webkit.org/show_bug.cgi?id=173813
+
+ Reviewed by Ryosuke Niwa.
+
+ Make sure encodeClientTypesAndData() / decodeClientTypesAndData() match exactly. The previous
+ IPC encoder code would assume types and data vector have the same length. It would first encode
+ the length of data using |data.size()| but then would encode types.size() values from the
+ data vector. While there are debug assertions to ensure both vectors have the same size, this
+ seems unnecessarily fragile in release builds. If both vectors happen to have different sizes,
+ this will lead to weird IPC bugs.
+
+ * Shared/WebCoreArgumentCoders.cpp:
+ (IPC::encodeClientTypesAndData):
+ (IPC::decodeClientTypesAndData):
+
2017-06-24 Michael Catanzaro <[email protected]>
[GTK] Introspection: webkit_web_view_new_with_related_view needs to be marked as a constructor
Modified: trunk/Source/WebKit2/Shared/WebCoreArgumentCoders.cpp (218790 => 218791)
--- trunk/Source/WebKit2/Shared/WebCoreArgumentCoders.cpp 2017-06-24 22:29:22 UTC (rev 218790)
+++ trunk/Source/WebKit2/Shared/WebCoreArgumentCoders.cpp 2017-06-25 00:07:17 UTC (rev 218791)
@@ -1430,8 +1430,8 @@
ASSERT(types.size() == data.size());
encoder << types;
encoder << static_cast<uint64_t>(data.size());
- for (size_t i = 0, size = types.size(); i < size; ++i)
- encodeSharedBuffer(encoder, data[i].get());
+ for (auto& buffer : data)
+ encodeSharedBuffer(encoder, buffer.get());
}
static bool decodeClientTypesAndData(Decoder& decoder, Vector<String>& types, Vector<RefPtr<SharedBuffer>>& data)
@@ -1439,15 +1439,15 @@
if (!decoder.decode(types))
return false;
- uint64_t clientDataSize;
- if (!decoder.decode(clientDataSize))
+ uint64_t dataSize;
+ if (!decoder.decode(dataSize))
return false;
- if (clientDataSize)
- data.resize(clientDataSize);
+ ASSERT(dataSize == types.size());
- for (size_t i = 0; i < clientDataSize; i++)
- decodeSharedBuffer(decoder, data[i]);
+ data.resize(dataSize);
+ for (auto& buffer : data)
+ decodeSharedBuffer(decoder, buffer);
return true;
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
