Skip to site navigation (Press enter)

[webkit-changes] [253502] trunk/Source/WebKit

ddkilzer Fri, 13 Dec 2019 15:14:34 -0800

Title: [253502] trunk/Source/WebKit

Revision: 253502
Author: [email protected]
Date: 2019-12-13 15:13:25 -0800 (Fri, 13 Dec 2019)

Log Message

Add MESSAGE_CHECK() for selectedIndex in Messages::WebPageProxy::ShowPopupMenu
<https://webkit.org/b/205177>
<rdar://problem/57337872>


Reviewed by Chris Dumez.

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::showPopupMenu): Add MESSAGE_CHECK() to
validate the `selectedIndex` parameter, which must be -1 to
select no items, or a valid zero-based index into `items`.

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/UIProcess/WebPageProxy.cpp

Diff

Modified: trunk/Source/WebKit/ChangeLog (253501 => 253502)


--- trunk/Source/WebKit/ChangeLog	2019-12-13 22:38:25 UTC (rev 253501)
+++ trunk/Source/WebKit/ChangeLog	2019-12-13 23:13:25 UTC (rev 253502)
@@ -1,3 +1,16 @@
+2019-12-13  David Kilzer  <[email protected]>
+
+        Add MESSAGE_CHECK() for selectedIndex in Messages::WebPageProxy::ShowPopupMenu
+        <https://webkit.org/b/205177>
+        <rdar://problem/57337872>
+
+        Reviewed by Chris Dumez.
+
+        * UIProcess/WebPageProxy.cpp:
+        (WebKit::WebPageProxy::showPopupMenu): Add MESSAGE_CHECK() to
+        validate the `selectedIndex` parameter, which must be -1 to
+        select no items, or a valid zero-based index into `items`.
+
 2019-12-13  Alex Christensen  <[email protected]>
 
         Allow cross-origin requests to WKURLSchemeHandlers

Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.cpp (253501 => 253502)


--- trunk/Source/WebKit/UIProcess/WebPageProxy.cpp	2019-12-13 22:38:25 UTC (rev 253501)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.cpp	2019-12-13 23:13:25 UTC (rev 253502)
@@ -6180,6 +6180,8 @@
 
 void WebPageProxy::showPopupMenu(const IntRect& rect, uint64_t textDirection, const Vector<WebPopupItem>& items, int32_t selectedIndex, const PlatformPopupMenuData& data)
 {
+    MESSAGE_CHECK(m_process, selectedIndex == -1 || static_cast<uint32_t>(selectedIndex) < items.size());
+
     if (m_activePopupMenu) {
         m_activePopupMenu->hidePopupMenu();
         m_activePopupMenu->invalidate();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes