[webkit-changes] [230729] trunk/Source/WebKit

Tue, 17 Apr 2018 14:55:22 -0700

Title: [230729] trunk/Source/WebKit
Revision
230729
Author
rn...@webkit.org
Date
2018-04-17 14:54:43 -0700 (Tue, 17 Apr 2018)

Log Message

Release assert in InjectedBundle::postSynchronousMessage
https://bugs.webkit.org/show_bug.cgi?id=184683

Reviewed by Wenson Hsieh.

Some injected bundles sends sync message when it's not safe to execute scripts.

Use DoNotProcessIncomingMessagesWhenWaitingForSyncReply option in InjectedBundle::postSynchronousMessage
to avoid processing incoming sync IPC messages so that we don't execute arbitrary scripts in those cases.

* WebProcess/InjectedBundle/InjectedBundle.cpp:
(WebKit::InjectedBundle::postSynchronousMessage):

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (230728 => 230729)


--- trunk/Source/WebKit/ChangeLog	2018-04-17 21:42:32 UTC (rev 230728)
+++ trunk/Source/WebKit/ChangeLog	2018-04-17 21:54:43 UTC (rev 230729)
@@ -1,3 +1,18 @@
+2018-04-17  Ryosuke Niwa  <rn...@webkit.org>
+
+        Release assert in InjectedBundle::postSynchronousMessage
+        https://bugs.webkit.org/show_bug.cgi?id=184683
+
+        Reviewed by Wenson Hsieh.
+
+        Some injected bundles sends sync message when it's not safe to execute scripts.
+
+        Use DoNotProcessIncomingMessagesWhenWaitingForSyncReply option in InjectedBundle::postSynchronousMessage
+        to avoid processing incoming sync IPC messages so that we don't execute arbitrary scripts in those cases.
+
+        * WebProcess/InjectedBundle/InjectedBundle.cpp:
+        (WebKit::InjectedBundle::postSynchronousMessage):
+
 2018-04-17  Chris Dumez  <cdu...@apple.com>
 
         REGRESSION (r229831): CMD-clicking an iCloud web app link unexpectedly opens that link in a new tab and the current tab

Modified: trunk/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp (230728 => 230729)


--- trunk/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp	2018-04-17 21:42:32 UTC (rev 230728)
+++ trunk/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp	2018-04-17 21:54:43 UTC (rev 230729)
@@ -138,7 +138,8 @@
     UserData returnUserData;
 
     auto& webProcess = WebProcess::singleton();
-    if (!webProcess.parentProcessConnection()->sendSync(Messages::WebProcessPool::HandleSynchronousMessage(messageName, UserData(webProcess.transformObjectsToHandles(messageBody))), Messages::WebProcessPool::HandleSynchronousMessage::Reply(returnUserData), 0))
+    if (!webProcess.parentProcessConnection()->sendSync(Messages::WebProcessPool::HandleSynchronousMessage(messageName, UserData(webProcess.transformObjectsToHandles(messageBody))),
+        Messages::WebProcessPool::HandleSynchronousMessage::Reply(returnUserData), 0, Seconds::infinity(), IPC::SendSyncOption::DoNotProcessIncomingMessagesWhenWaitingForSyncReply))
         returnData = nullptr;
     else
         returnData = webProcess.transformHandlesToObjects(returnUserData.object());

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to