Title: [230359] trunk/Source/WebKit
- Revision
- 230359
- Author
- [email protected]
- Date
- 2018-04-06 16:53:30 -0700 (Fri, 06 Apr 2018)
Log Message
Make all sync IPCs during ScriptDisallowedScope set DoNotProcessIncomingMessagesWhenWaitingForSyncReply
https://bugs.webkit.org/show_bug.cgi?id=182449
<rdar://problem/39222541>
Reviewed by Chris Dumez.
Release assert that a sync IPC inside ScriptDisallowedScope sets DoNotProcessIncomingMessagesWhenWaitingForSyncReply
to avoid executing arbitrary scripts as a result of processing incoming sync IPCs.
* Platform/IPC/Connection.h:
(IPC::Connection::sendSync): Added the release assertion.
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (230358 => 230359)
--- trunk/Source/WebKit/ChangeLog 2018-04-06 23:26:34 UTC (rev 230358)
+++ trunk/Source/WebKit/ChangeLog 2018-04-06 23:53:30 UTC (rev 230359)
@@ -1,3 +1,17 @@
+2018-04-05 Ryosuke Niwa <[email protected]>
+
+ Make all sync IPCs during ScriptDisallowedScope set DoNotProcessIncomingMessagesWhenWaitingForSyncReply
+ https://bugs.webkit.org/show_bug.cgi?id=182449
+ <rdar://problem/39222541>
+
+ Reviewed by Chris Dumez.
+
+ Release assert that a sync IPC inside ScriptDisallowedScope sets DoNotProcessIncomingMessagesWhenWaitingForSyncReply
+ to avoid executing arbitrary scripts as a result of processing incoming sync IPCs.
+
+ * Platform/IPC/Connection.h:
+ (IPC::Connection::sendSync): Added the release assertion.
+
2018-04-05 Youenn Fablet <[email protected]>
REGRESSION (r230223): LayoutTest http/tests/contentextensions/css-display-none-overflows-rule-data-1.html is crashing
Modified: trunk/Source/WebKit/Platform/IPC/Connection.h (230358 => 230359)
--- trunk/Source/WebKit/Platform/IPC/Connection.h 2018-04-06 23:26:34 UTC (rev 230358)
+++ trunk/Source/WebKit/Platform/IPC/Connection.h 2018-04-06 23:53:30 UTC (rev 230359)
@@ -32,6 +32,7 @@
#include "Encoder.h"
#include "HandleMessage.h"
#include "MessageReceiver.h"
+#include <WebCore/ScriptDisallowedScope.h>
#include <atomic>
#include <wtf/Condition.h>
#include <wtf/Deque.h>
@@ -387,6 +388,9 @@
{
COMPILE_ASSERT(T::isSync, SyncMessageExpected);
+ RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(sendSyncOptions.contains(SendSyncOption::DoNotProcessIncomingMessagesWhenWaitingForSyncReply)
+ || WebCore::ScriptDisallowedScope::isEventAllowedInMainThread());
+
uint64_t syncRequestID = 0;
std::unique_ptr<Encoder> encoder = createSyncMessageEncoder(T::receiverName(), T::name(), destinationID, syncRequestID);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
