Title: [248663] trunk/Source/WebCore/PAL
Revision
248663
Author
you...@apple.com
Date
2019-08-14 02:27:00 -0700 (Wed, 14 Aug 2019)

Log Message

Fail decoding an invalid SessionID
https://bugs.webkit.org/show_bug.cgi?id=200663

Reviewed by Alex Christensen.

* pal/SessionID.h:
(PAL::SessionID::isValid const):
(PAL::SessionID::isValidSessionIDValue):
(PAL::SessionID::encode const):
Add a release assert to catch bad sessionID senders.
(PAL::SessionID::decode):
Fail decoding if session ID is not a valid value.

Modified Paths

Diff

Modified: trunk/Source/WebCore/PAL/ChangeLog (248662 => 248663)


--- trunk/Source/WebCore/PAL/ChangeLog	2019-08-14 06:06:52 UTC (rev 248662)
+++ trunk/Source/WebCore/PAL/ChangeLog	2019-08-14 09:27:00 UTC (rev 248663)
@@ -1,3 +1,18 @@
+2019-08-14  Youenn Fablet  <you...@apple.com>
+
+        Fail decoding an invalid SessionID
+        https://bugs.webkit.org/show_bug.cgi?id=200663
+
+        Reviewed by Alex Christensen.
+
+        * pal/SessionID.h:
+        (PAL::SessionID::isValid const):
+        (PAL::SessionID::isValidSessionIDValue):
+        (PAL::SessionID::encode const):
+        Add a release assert to catch bad sessionID senders.
+        (PAL::SessionID::decode):
+        Fail decoding if session ID is not a valid value.
+
 2019-08-09  Tim Horton  <timothy_hor...@apple.com>
 
         Tapping buttons in Data Detectors lookup previews doesn't work

Modified: trunk/Source/WebCore/PAL/pal/SessionID.h (248662 => 248663)


--- trunk/Source/WebCore/PAL/pal/SessionID.h	2019-08-14 06:06:52 UTC (rev 248662)
+++ trunk/Source/WebCore/PAL/pal/SessionID.h	2019-08-14 09:27:00 UTC (rev 248663)
@@ -50,7 +50,7 @@
     static SessionID defaultSessionID() { return SessionID(DefaultSessionID); }
     static SessionID legacyPrivateSessionID() { return SessionID(LegacyPrivateSessionID); }
 
-    bool isValid() const { return m_sessionID != HashTableEmptyValueID && m_sessionID != HashTableDeletedValueID; }
+    bool isValid() const { return isValidSessionIDValue(m_sessionID); }
     bool isEphemeral() const { return m_sessionID & EphemeralSessionMask && m_sessionID != HashTableDeletedValueID; }
 
     PAL_EXPORT static SessionID generateEphemeralSessionID();
@@ -74,6 +74,8 @@
     {
     }
 
+    static bool isValidSessionIDValue(uint64_t sessionID) { return sessionID != HashTableEmptyValueID && sessionID != HashTableDeletedValueID; }
+
     uint64_t m_sessionID;
 };
 
@@ -80,7 +82,8 @@
 template<class Encoder>
 void SessionID::encode(Encoder& encoder) const
 {
-    ASSERT(isValid());
+    // FIXME: Change to a regular ASSERT.
+    RELEASE_ASSERT(isValid());
     encoder << m_sessionID;
 }
 
@@ -92,7 +95,7 @@
     if (!decodedSessionID)
         return false;
 
-    sessionID = decodedSessionID.value();
+    sessionID = *decodedSessionID;
     return true;
 }
 
@@ -101,11 +104,9 @@
 {
     Optional<uint64_t> sessionID;
     decoder >> sessionID;
-    if (!sessionID)
+    if (!sessionID || !isValidSessionIDValue(*sessionID))
         return WTF::nullopt;
 
-    // FIXME: We should fail to decode an invalid sessionID.
-    ASSERT(SessionID { *sessionID }.isValid());
     return SessionID { *sessionID };
 }
 
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to