[webkit-changes] [258595] branches/safari-609-branch/Source/WebKit

[alancoon]

Title: [258595] branches/safari-609-branch/Source/WebKit

Revision

258595

Author

alanc...@apple.com

Date

2020-03-17 14:07:00 -0700 (Tue, 17 Mar 2020)

Log Message

Apply patch. rdar://problem/60436975

Modified Paths

• branches/safari-609-branch/Source/WebKit/ChangeLog
• branches/safari-609-branch/Source/WebKit/UIProcess/mac/WebPageProxyMac.mm

Diff

Modified: branches/safari-609-branch/Source/WebKit/ChangeLog (258594 => 258595)

--- branches/safari-609-branch/Source/WebKit/ChangeLog	2020-03-17 21:06:58 UTC (rev 258594)
+++ branches/safari-609-branch/Source/WebKit/ChangeLog	2020-03-17 21:07:00 UTC (rev 258595)
@@ -1,3 +1,25 @@
+2020-03-17  Alan Coon  <alanc...@apple.com>
+
+        Apply patch. rdar://problem/60436975
+
+    2020-03-17  David Kilzer  <ddkil...@apple.com>
+
+            Cherry-pick r254724. rdar://problem/60436975
+
+        2020-01-16  Chris Dumez  <cdu...@apple.com>
+
+            IPC hardening for WebPageProxy::SetPromisedDataForImage message
+            https://bugs.webkit.org/show_bug.cgi?id=206380
+            <rdar://problem/58625196>
+
+            Reviewed by Geoffrey Garen.
+
+            IPC hardening for WebPageProxy::SetPromisedDataForImage message. Make sure the shared memory handle sent over IPC is not null
+            and null check the SharedMemory object after calling SharedMemory::map().
+
+            * UIProcess/mac/WebPageProxyMac.mm:
+            (WebKit::WebPageProxy::setPromisedDataForImage):
+
 2020-03-17  Kocsen Chung  <kocsen_ch...@apple.com>
 
         Apply patch. rdar://problem/60396281

Modified: branches/safari-609-branch/Source/WebKit/UIProcess/mac/WebPageProxyMac.mm (258594 => 258595)

--- branches/safari-609-branch/Source/WebKit/UIProcess/mac/WebPageProxyMac.mm	2020-03-17 21:06:58 UTC (rev 258594)
+++ branches/safari-609-branch/Source/WebKit/UIProcess/mac/WebPageProxyMac.mm	2020-03-17 21:07:00 UTC (rev 258595)
@@ -314,7 +314,12 @@
 {
     MESSAGE_CHECK_URL(url);
     MESSAGE_CHECK_URL(visibleURL);
+    MESSAGE_CHECK(!imageHandle.isNull());
+
     RefPtr<SharedMemory> sharedMemoryImage = SharedMemory::map(imageHandle, SharedMemory::Protection::ReadOnly);
+    if (!sharedMemoryImage)
+        return;
+
     auto imageBuffer = SharedBuffer::create(static_cast<unsigned char*>(sharedMemoryImage->data()), imageSize);
     RefPtr<SharedBuffer> archiveBuffer;
     

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes