Title: [264771] trunk/Source/WebKit
- Revision
- 264771
- Author
- ddkil...@apple.com
- Date
- 2020-07-23 10:11:05 -0700 (Thu, 23 Jul 2020)
Log Message
[IPC hardening] FilterOperation decode/encode should use early returns
<https://webkit.org/b/214667>
<rdar://problem/65946400>
Reviewed by Darin Adler.
* Shared/WebCoreArgumentCoders.cpp:
(IPC::ArgumentCoder<FilterOperation>::encode):
- Change break statements to early return statements.
- Add ASSERT_NOT_REACHED() to catch bugs.
(IPC::decodeFilterOperation):
- Change break statements to early return statements.
- Remove call to `decoder.markInvalid()` since it is redundant.
- Return `false` from FilterOperation::APPLE_INVERT_LIGHTNESS
label to match FilterOperation::NONE and
FilterOperation::REFERENCE.
- Add ASSERT_NOT_REACHED() to catch bugs.
- Change final return statement from `true` to `false` since
valid decoding returns `true` earlier.
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (264770 => 264771)
--- trunk/Source/WebKit/ChangeLog 2020-07-23 17:09:16 UTC (rev 264770)
+++ trunk/Source/WebKit/ChangeLog 2020-07-23 17:11:05 UTC (rev 264771)
@@ -1,3 +1,25 @@
+2020-07-23 David Kilzer <ddkil...@apple.com>
+
+ [IPC hardening] FilterOperation decode/encode should use early returns
+ <https://webkit.org/b/214667>
+ <rdar://problem/65946400>
+
+ Reviewed by Darin Adler.
+
+ * Shared/WebCoreArgumentCoders.cpp:
+ (IPC::ArgumentCoder<FilterOperation>::encode):
+ - Change break statements to early return statements.
+ - Add ASSERT_NOT_REACHED() to catch bugs.
+ (IPC::decodeFilterOperation):
+ - Change break statements to early return statements.
+ - Remove call to `decoder.markInvalid()` since it is redundant.
+ - Return `false` from FilterOperation::APPLE_INVERT_LIGHTNESS
+ label to match FilterOperation::NONE and
+ FilterOperation::REFERENCE.
+ - Add ASSERT_NOT_REACHED() to catch bugs.
+ - Change final return statement from `true` to `false` since
+ valid decoding returns `true` earlier.
+
2020-07-23 Brady Eidson <beid...@apple.com>
Add Gamepad tests that exercise the native frameworks
Modified: trunk/Source/WebKit/Shared/WebCoreArgumentCoders.cpp (264770 => 264771)
--- trunk/Source/WebKit/Shared/WebCoreArgumentCoders.cpp 2020-07-23 17:09:16 UTC (rev 264770)
+++ trunk/Source/WebKit/Shared/WebCoreArgumentCoders.cpp 2020-07-23 17:11:05 UTC (rev 264771)
@@ -2344,38 +2344,40 @@
case FilterOperation::NONE:
case FilterOperation::REFERENCE:
ASSERT_NOT_REACHED();
- break;
+ return;
case FilterOperation::GRAYSCALE:
case FilterOperation::SEPIA:
case FilterOperation::SATURATE:
case FilterOperation::HUE_ROTATE:
encoder << downcast<BasicColorMatrixFilterOperation>(filter).amount();
- break;
+ return;
case FilterOperation::INVERT:
case FilterOperation::OPACITY:
case FilterOperation::BRIGHTNESS:
case FilterOperation::CONTRAST:
encoder << downcast<BasicComponentTransferFilterOperation>(filter).amount();
- break;
+ return;
case FilterOperation::APPLE_INVERT_LIGHTNESS:
ASSERT_NOT_REACHED(); // APPLE_INVERT_LIGHTNESS is only used in -apple-color-filter.
- break;
+ return;
case FilterOperation::BLUR:
encoder << downcast<BlurFilterOperation>(filter).stdDeviation();
- break;
+ return;
case FilterOperation::DROP_SHADOW: {
const auto& dropShadowFilter = downcast<DropShadowFilterOperation>(filter);
encoder << dropShadowFilter.location();
encoder << dropShadowFilter.stdDeviation();
encoder << dropShadowFilter.color();
- break;
+ return;
}
case FilterOperation::DEFAULT:
encoder << downcast<DefaultFilterOperation>(filter).representedType();
- break;
+ return;
case FilterOperation::PASSTHROUGH:
- break;
+ return;
}
+
+ ASSERT_NOT_REACHED();
}
bool decodeFilterOperation(Decoder& decoder, RefPtr<FilterOperation>& filter)
@@ -2388,7 +2390,6 @@
case FilterOperation::NONE:
case FilterOperation::REFERENCE:
ASSERT_NOT_REACHED();
- decoder.markInvalid();
return false;
case FilterOperation::GRAYSCALE:
case FilterOperation::SEPIA:
@@ -2398,7 +2399,7 @@
if (!decoder.decode(amount))
return false;
filter = BasicColorMatrixFilterOperation::create(amount, type);
- break;
+ return true;
}
case FilterOperation::INVERT:
case FilterOperation::OPACITY:
@@ -2408,17 +2409,17 @@
if (!decoder.decode(amount))
return false;
filter = BasicComponentTransferFilterOperation::create(amount, type);
- break;
+ return true;
}
case FilterOperation::APPLE_INVERT_LIGHTNESS:
ASSERT_NOT_REACHED(); // APPLE_INVERT_LIGHTNESS is only used in -apple-color-filter.
- break;
+ return false;
case FilterOperation::BLUR: {
Length stdDeviation;
if (!decoder.decode(stdDeviation))
return false;
filter = BlurFilterOperation::create(stdDeviation);
- break;
+ return true;
}
case FilterOperation::DROP_SHADOW: {
IntPoint location;
@@ -2431,7 +2432,7 @@
if (!decoder.decode(color))
return false;
filter = DropShadowFilterOperation::create(location, stdDeviation, color);
- break;
+ return true;
}
case FilterOperation::DEFAULT: {
FilterOperation::OperationType representedType;
@@ -2438,14 +2439,15 @@
if (!decoder.decode(representedType))
return false;
filter = DefaultFilterOperation::create(representedType);
- break;
+ return true;
}
case FilterOperation::PASSTHROUGH:
filter = PassthroughFilterOperation::create();
- break;
+ return true;
}
- return true;
+ ASSERT_NOT_REACHED();
+ return false;
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes