Title: [259498] branches/safari-609.2.1.2-branch/Source/WebKit
Revision
259498
Author
[email protected]
Date
2020-04-03 12:58:09 -0700 (Fri, 03 Apr 2020)

Log Message

Cherry-pick r258902. rdar://problem/61231866

    IPC::Decoder::decodeFixedLengthData() should be marked WARN_UNUSED_RETURN
    <https://webkit.org/b/209448>
    <rdar://problem/60797998>

    Reviewed by Chris Dumez.

    * Platform/IPC/ArgumentCoders.h:
    (struct VectorArgumentCoder::decode):
    - Check the return value of Decoder::decodeFixedLengthData().
    * Platform/IPC/Decoder.h:
    (IPC::Decoder::decodeFixedLengthData): Add WARN_UNUSED_RETURN.

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258902 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

Diff

Modified: branches/safari-609.2.1.2-branch/Source/WebKit/ChangeLog (259497 => 259498)


--- branches/safari-609.2.1.2-branch/Source/WebKit/ChangeLog	2020-04-03 19:58:06 UTC (rev 259497)
+++ branches/safari-609.2.1.2-branch/Source/WebKit/ChangeLog	2020-04-03 19:58:09 UTC (rev 259498)
@@ -1,5 +1,38 @@
 2020-04-03  Alan Coon  <[email protected]>
 
+        Cherry-pick r258902. rdar://problem/61231866
+
+    IPC::Decoder::decodeFixedLengthData() should be marked WARN_UNUSED_RETURN
+    <https://webkit.org/b/209448>
+    <rdar://problem/60797998>
+    
+    Reviewed by Chris Dumez.
+    
+    * Platform/IPC/ArgumentCoders.h:
+    (struct VectorArgumentCoder::decode):
+    - Check the return value of Decoder::decodeFixedLengthData().
+    * Platform/IPC/Decoder.h:
+    (IPC::Decoder::decodeFixedLengthData): Add WARN_UNUSED_RETURN.
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258902 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2020-03-23  David Kilzer  <[email protected]>
+
+            IPC::Decoder::decodeFixedLengthData() should be marked WARN_UNUSED_RETURN
+            <https://webkit.org/b/209448>
+            <rdar://problem/60797998>
+
+            Reviewed by Chris Dumez.
+
+            * Platform/IPC/ArgumentCoders.h:
+            (struct VectorArgumentCoder::decode):
+            - Check the return value of Decoder::decodeFixedLengthData().
+            * Platform/IPC/Decoder.h:
+            (IPC::Decoder::decodeFixedLengthData): Add WARN_UNUSED_RETURN.
+
+2020-04-03  Alan Coon  <[email protected]>
+
         Cherry-pick r258814. rdar://problem/61231972
 
     decodeSharedBuffer() in WebCoreArgumentCoders.cpp should validate `bufferSize`

Modified: branches/safari-609.2.1.2-branch/Source/WebKit/Platform/IPC/ArgumentCoders.h (259497 => 259498)


--- branches/safari-609.2.1.2-branch/Source/WebKit/Platform/IPC/ArgumentCoders.h	2020-04-03 19:58:06 UTC (rev 259497)
+++ branches/safari-609.2.1.2-branch/Source/WebKit/Platform/IPC/ArgumentCoders.h	2020-04-03 19:58:09 UTC (rev 259498)
@@ -330,7 +330,10 @@
         Vector<T, inlineCapacity, OverflowHandler, minCapacity> temp;
         temp.grow(size);
 
-        decoder.decodeFixedLengthData(reinterpret_cast<uint8_t*>(temp.data()), size * sizeof(T), alignof(T));
+        if (!decoder.decodeFixedLengthData(reinterpret_cast<uint8_t*>(temp.data()), size * sizeof(T), alignof(T))) {
+            decoder.markInvalid();
+            return false;
+        }
 
         vector.swap(temp);
         return true;
@@ -352,9 +355,12 @@
         
         Vector<T, inlineCapacity, OverflowHandler, minCapacity> vector;
         vector.grow(size);
-        
-        decoder.decodeFixedLengthData(reinterpret_cast<uint8_t*>(vector.data()), size * sizeof(T), alignof(T));
-        
+
+        if (!decoder.decodeFixedLengthData(reinterpret_cast<uint8_t*>(vector.data()), size * sizeof(T), alignof(T))) {
+            decoder.markInvalid();
+            return WTF::nullopt;
+        }
+
         return vector;
     }
 };

Modified: branches/safari-609.2.1.2-branch/Source/WebKit/Platform/IPC/Decoder.h (259497 => 259498)


--- branches/safari-609.2.1.2-branch/Source/WebKit/Platform/IPC/Decoder.h	2020-04-03 19:58:06 UTC (rev 259497)
+++ branches/safari-609.2.1.2-branch/Source/WebKit/Platform/IPC/Decoder.h	2020-04-03 19:58:09 UTC (rev 259498)
@@ -78,7 +78,7 @@
     }
     void markInvalid() { m_bufferPos = nullptr; }
 
-    bool decodeFixedLengthData(uint8_t*, size_t, unsigned alignment);
+    bool decodeFixedLengthData(uint8_t*, size_t, unsigned alignment) WARN_UNUSED_RETURN;
 
     // The data in the data reference here will only be valid for the lifetime of the ArgumentDecoder object.
     bool decodeVariableLengthByteArray(DataReference&);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to