Title: [256118] releases/WebKitGTK/webkit-2.28/Source/WebKit
- Revision
- 256118
- Author
- [email protected]
- Date
- 2020-02-10 05:22:25 -0800 (Mon, 10 Feb 2020)
Log Message
Merge r255954 - [IPC Hardening] Protect against bad identifier in WebPageProxy::DidInsertAttachmentWithIdentifier()
https://bugs.webkit.org/show_bug.cgi?id=207311
<rdar://problem/58632517>
Reviewed by Alex Christensen.
* UIProcess/WebPageProxy.cpp:
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog (256117 => 256118)
--- releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog 2020-02-10 13:22:22 UTC (rev 256117)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog 2020-02-10 13:22:25 UTC (rev 256118)
@@ -1,3 +1,13 @@
+2020-02-06 Chris Dumez <[email protected]>
+
+ [IPC Hardening] Protect against bad identifier in WebPageProxy::DidInsertAttachmentWithIdentifier()
+ https://bugs.webkit.org/show_bug.cgi?id=207311
+ <rdar://problem/58632517>
+
+ Reviewed by Alex Christensen.
+
+ * UIProcess/WebPageProxy.cpp:
+
2020-02-06 youenn fablet <[email protected]>
ServiceWorkerProvider::registerServiceWorkerClients is no longer needed
Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/WebPageProxy.cpp (256117 => 256118)
--- releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/WebPageProxy.cpp 2020-02-10 13:22:22 UTC (rev 256117)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/WebPageProxy.cpp 2020-02-10 13:22:25 UTC (rev 256118)
@@ -9362,6 +9362,8 @@
void WebPageProxy::didInsertAttachmentWithIdentifier(const String& identifier, const String& source, bool hasEnclosingImage)
{
+ MESSAGE_CHECK(m_process, IdentifierToAttachmentMap::isValidKey(identifier));
+
auto attachment = ensureAttachment(identifier);
attachment->setHasEnclosingImage(hasEnclosingImage);
attachment->setInsertionState(API::Attachment::InsertionState::Inserted);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
