Skip to site navigation (Press enter)

[webkit-changes] [259774] trunk/Source/WebKit

ddkilzer Wed, 08 Apr 2020 18:11:26 -0700

Title: [259774] trunk/Source/WebKit

Revision: 259774
Author: [email protected]
Date: 2020-04-08 18:10:13 -0700 (Wed, 08 Apr 2020)

Log Message

WebKit::ShareableBitmap::Handle::decode() should validate m_size instance variables
<https://webkit.org/b/210211>
<rdar://problem/60543986>


Reviewed by Alex Christensen.

* Shared/ShareableBitmap.cpp:
(WebKit::ShareableBitmap::Handle::decode): Return early if
either m_size instance variable is less than zero.

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/Shared/ShareableBitmap.cpp

Diff

Modified: trunk/Source/WebKit/ChangeLog (259773 => 259774)


--- trunk/Source/WebKit/ChangeLog	2020-04-09 00:43:49 UTC (rev 259773)
+++ trunk/Source/WebKit/ChangeLog	2020-04-09 01:10:13 UTC (rev 259774)
@@ -1,3 +1,15 @@
+2020-04-08  David Kilzer  <[email protected]>
+
+        WebKit::ShareableBitmap::Handle::decode() should validate m_size instance variables
+        <https://webkit.org/b/210211>
+        <rdar://problem/60543986>
+
+        Reviewed by Alex Christensen.
+
+        * Shared/ShareableBitmap.cpp:
+        (WebKit::ShareableBitmap::Handle::decode): Return early if
+        either m_size instance variable is less than zero.
+
 2020-04-08  Alex Christensen  <[email protected]>
 
         _corsDisablingPatterns should allow security policy access to those patterns

Modified: trunk/Source/WebKit/Shared/ShareableBitmap.cpp (259773 => 259774)


--- trunk/Source/WebKit/Shared/ShareableBitmap.cpp	2020-04-09 00:43:49 UTC (rev 259773)
+++ trunk/Source/WebKit/Shared/ShareableBitmap.cpp	2020-04-09 01:10:13 UTC (rev 259774)
@@ -54,6 +54,8 @@
         return false;
     if (!decoder.decode(handle.m_size))
         return false;
+    if (handle.m_size.width() < 0 || handle.m_size.height() < 0)
+        return false;
     if (!decoder.decode(handle.m_configuration))
         return false;
     return true;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes