[webkit-changes] [264089] releases/WebKitGTK/webkit-2.28/Source/WebKit

Wed, 08 Jul 2020 03:08:54 -0700

Title: [264089] releases/WebKitGTK/webkit-2.28/Source/WebKit
Revision
264089
Author
[email protected]
Date
2020-07-08 03:07:50 -0700 (Wed, 08 Jul 2020)

Log Message

Merge r262242 - [WPE][GTK] GVariant decoding must copy the serialized data
https://bugs.webkit.org/show_bug.cgi?id=212441

Patch by Michael Catanzaro <[email protected]> on 2020-05-28
Reviewed by Carlos Garcia Campos.

I tracked this down to ArgumentCodersGLib.cpp. The problem is that we construct a GVariant
using g_variant_new_from_data(), which does not copy or take ownership of the data, so here
we accidentally create the GVariant using data we don't own. (Here, the data is owned by the
Decoder itself in its internal m_buffer.) Anyway, this is fixable by manually copying and
freeing it with the GDestroyNotify parameter, but it's easier to switch to
g_variant_new_from_bytes() because GBytes takes ownership when constructed.

* Shared/glib/ArgumentCodersGLib.cpp:
(IPC::decode):

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog (264088 => 264089)


--- releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog	2020-07-08 10:07:46 UTC (rev 264088)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog	2020-07-08 10:07:50 UTC (rev 264089)
@@ -1,3 +1,20 @@
+2020-05-28  Michael Catanzaro  <[email protected]>
+
+        [WPE][GTK] GVariant decoding must copy the serialized data
+        https://bugs.webkit.org/show_bug.cgi?id=212441
+
+        Reviewed by Carlos Garcia Campos.
+
+        I tracked this down to ArgumentCodersGLib.cpp. The problem is that we construct a GVariant
+        using g_variant_new_from_data(), which does not copy or take ownership of the data, so here
+        we accidentally create the GVariant using data we don't own. (Here, the data is owned by the
+        Decoder itself in its internal m_buffer.) Anyway, this is fixable by manually copying and
+        freeing it with the GDestroyNotify parameter, but it's easier to switch to
+        g_variant_new_from_bytes() because GBytes takes ownership when constructed.
+
+        * Shared/glib/ArgumentCodersGLib.cpp:
+        (IPC::decode):
+
 2020-04-16  Carlos Alberto Lopez Perez  <[email protected]>
 
         [GTK] MiniBrowser opens new windows too small causing failures on some WPT tests

Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/Shared/glib/ArgumentCodersGLib.cpp (264088 => 264089)


--- releases/WebKitGTK/webkit-2.28/Source/WebKit/Shared/glib/ArgumentCodersGLib.cpp	2020-07-08 10:07:46 UTC (rev 264088)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/Shared/glib/ArgumentCodersGLib.cpp	2020-07-08 10:07:50 UTC (rev 264089)
@@ -28,6 +28,7 @@
 
 #include "DataReference.h"
 #include <glib.h>
+#include <wtf/glib/GUniquePtr.h>
 #include <wtf/text/CString.h>
 
 namespace IPC {
@@ -59,10 +60,9 @@
     if (!decoder.decode(data))
         return WTF::nullopt;
 
-    auto* variantType = g_variant_type_new(variantTypeString.data());
-    GRefPtr<GVariant> variant = g_variant_new_from_data(variantType, data.data(), data.size(), FALSE, nullptr, nullptr);
-    g_variant_type_free(variantType);
-    return variant;
+    GUniquePtr<GVariantType> variantType(g_variant_type_new(variantTypeString.data()));
+    GRefPtr<GBytes> bytes = adoptGRef(g_bytes_new(data.data(), data.size()));
+    return g_variant_new_from_bytes(variantType.get(), bytes.get(), FALSE);
 }
 
 } // namespace IPC

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to