[webkit-changes] [262529] trunk/Source/WebCore

Wed, 03 Jun 2020 19:26:26 -0700

Title: [262529] trunk/Source/WebCore
Revision
262529
Author
cdu...@apple.com
Date
2020-06-03 19:25:30 -0700 (Wed, 03 Jun 2020)

Log Message

[iOS] Validate index parameter in PlatformPasteboard
https://bugs.webkit.org/show_bug.cgi?id=212713
<rdar://problem/60068765>

Reviewed by Wenson Hsieh.

Validate index parameter in PlatformPasteboard, before calling [NSIndexSet indexSetWithIndex:].
Per documentation, index needs to be in the range [0 .. NSNotFound-1].

* platform/ios/PlatformPasteboardIOS.mm:
(WebCore::PlatformPasteboard::readBuffer const):
(WebCore::PlatformPasteboard::readString const):
(WebCore::PlatformPasteboard::readURL const):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (262528 => 262529)


--- trunk/Source/WebCore/ChangeLog	2020-06-04 01:57:38 UTC (rev 262528)
+++ trunk/Source/WebCore/ChangeLog	2020-06-04 02:25:30 UTC (rev 262529)
@@ -1,3 +1,19 @@
+2020-06-03  Chris Dumez  <cdu...@apple.com>
+
+        [iOS] Validate index parameter in PlatformPasteboard
+        https://bugs.webkit.org/show_bug.cgi?id=212713
+        <rdar://problem/60068765>
+
+        Reviewed by Wenson Hsieh.
+
+        Validate index parameter in PlatformPasteboard, before calling [NSIndexSet indexSetWithIndex:].
+        Per documentation, index needs to be in the range [0 .. NSNotFound-1].
+
+        * platform/ios/PlatformPasteboardIOS.mm:
+        (WebCore::PlatformPasteboard::readBuffer const):
+        (WebCore::PlatformPasteboard::readString const):
+        (WebCore::PlatformPasteboard::readURL const):
+
 2020-06-03  Andy Estes  <aes...@apple.com>
 
         [Apple Pay] Add new values for -apple-pay-button-type

Modified: trunk/Source/WebCore/platform/ios/PlatformPasteboardIOS.mm (262528 => 262529)


--- trunk/Source/WebCore/platform/ios/PlatformPasteboardIOS.mm	2020-06-04 01:57:38 UTC (rev 262528)
+++ trunk/Source/WebCore/platform/ios/PlatformPasteboardIOS.mm	2020-06-04 02:25:30 UTC (rev 262529)
@@ -695,6 +695,9 @@
 
 RefPtr<SharedBuffer> PlatformPasteboard::readBuffer(size_t index, const String& type) const
 {
+    if ((NSInteger)index >= [m_pasteboard numberOfItems])
+        return nullptr;
+
     NSIndexSet *indexSet = [NSIndexSet indexSetWithIndex:index];
 
     RetainPtr<NSArray> pasteboardItem = [m_pasteboard dataForPasteboardType:type inItemSet:indexSet];
@@ -711,6 +714,9 @@
         return [(NSURL *)readURL(index, title) absoluteString];
     }
 
+    if ((NSInteger)index >= [m_pasteboard numberOfItems])
+        return { };
+
     NSIndexSet *indexSet = [NSIndexSet indexSetWithIndex:index];
     auto value = retainPtr([m_pasteboard valuesForPasteboardType:type inItemSet:indexSet].firstObject ?: [m_pasteboard dataForPasteboardType:type inItemSet:indexSet].firstObject);
     if (!value)
@@ -736,6 +742,9 @@
 
 URL PlatformPasteboard::readURL(size_t index, String& title) const
 {
+    if ((NSInteger)index >= [m_pasteboard numberOfItems])
+        return { };
+
     id value = [m_pasteboard valuesForPasteboardType:(__bridge NSString *)kUTTypeURL inItemSet:[NSIndexSet indexSetWithIndex:index]].firstObject;
     if (!value)
         return { };

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to