Title: [255954] trunk/Source/WebKit
- Revision
- 255954
- Author
- [email protected]
- Date
- 2020-02-06 08:00:40 -0800 (Thu, 06 Feb 2020)
Log Message
[IPC Hardening] Protect against bad identifier in WebPageProxy::DidInsertAttachmentWithIdentifier()
https://bugs.webkit.org/show_bug.cgi?id=207311
<rdar://problem/58632517>
Reviewed by Alex Christensen.
* UIProcess/WebPageProxy.cpp:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (255953 => 255954)
--- trunk/Source/WebKit/ChangeLog 2020-02-06 15:56:02 UTC (rev 255953)
+++ trunk/Source/WebKit/ChangeLog 2020-02-06 16:00:40 UTC (rev 255954)
@@ -1,3 +1,13 @@
+2020-02-06 Chris Dumez <[email protected]>
+
+ [IPC Hardening] Protect against bad identifier in WebPageProxy::DidInsertAttachmentWithIdentifier()
+ https://bugs.webkit.org/show_bug.cgi?id=207311
+ <rdar://problem/58632517>
+
+ Reviewed by Alex Christensen.
+
+ * UIProcess/WebPageProxy.cpp:
+
2020-02-06 youenn fablet <[email protected]>
[Cocoa] Use AVAssetWriterDelegate to implement MediaRecorder
Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.cpp (255953 => 255954)
--- trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2020-02-06 15:56:02 UTC (rev 255953)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2020-02-06 16:00:40 UTC (rev 255954)
@@ -9362,6 +9362,8 @@
void WebPageProxy::didInsertAttachmentWithIdentifier(const String& identifier, const String& source, bool hasEnclosingImage)
{
+ MESSAGE_CHECK(m_process, IdentifierToAttachmentMap::isValidKey(identifier));
+
auto attachment = ensureAttachment(identifier);
attachment->setHasEnclosingImage(hasEnclosingImage);
attachment->setInsertionState(API::Attachment::InsertionState::Inserted);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
