Title: [272262] branches/safari-611-branch/Source/WebKit
- Revision
- 272262
- Author
- [email protected]
- Date
- 2021-02-02 17:40:13 -0800 (Tue, 02 Feb 2021)
Log Message
Cherry-pick r271890. rdar://problem/73890942
[CoreIPC] Add size check in decodeSharedBuffer to allow it to be validated against the SharedMemory received
https://bugs.webkit.org/show_bug.cgi?id=220962
<rdar://problem/68204552>
Reviewed by Darin Adler.
Add a new check during decoding so that we fail if the expected buffer size is larger than the block of
shared memory supplied in the IPC call.
* Shared/WebCoreArgumentCoders.cpp:
(IPC::decodeSharedBuffer):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@271890 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-611-branch/Source/WebKit/ChangeLog (272261 => 272262)
--- branches/safari-611-branch/Source/WebKit/ChangeLog 2021-02-03 01:40:10 UTC (rev 272261)
+++ branches/safari-611-branch/Source/WebKit/ChangeLog 2021-02-03 01:40:13 UTC (rev 272262)
@@ -1,5 +1,37 @@
2021-02-02 Alan Coon <[email protected]>
+ Cherry-pick r271890. rdar://problem/73890942
+
+ [CoreIPC] Add size check in decodeSharedBuffer to allow it to be validated against the SharedMemory received
+ https://bugs.webkit.org/show_bug.cgi?id=220962
+ <rdar://problem/68204552>
+
+ Reviewed by Darin Adler.
+
+ Add a new check during decoding so that we fail if the expected buffer size is larger than the block of
+ shared memory supplied in the IPC call.
+
+ * Shared/WebCoreArgumentCoders.cpp:
+ (IPC::decodeSharedBuffer):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@271890 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-01-26 Brent Fulgham <[email protected]>
+
+ [CoreIPC] Add size check in decodeSharedBuffer to allow it to be validated against the SharedMemory received
+ https://bugs.webkit.org/show_bug.cgi?id=220962
+ <rdar://problem/68204552>
+
+ Reviewed by Darin Adler.
+
+ Add a new check during decoding so that we fail if the expected buffer size is larger than the block of
+ shared memory supplied in the IPC call.
+
+ * Shared/WebCoreArgumentCoders.cpp:
+ (IPC::decodeSharedBuffer):
+
+2021-02-02 Alan Coon <[email protected]>
+
Cherry-pick r271861. rdar://problem/73890854
[iOS] Obscured elements should not be focusable using the accessory bar
Modified: branches/safari-611-branch/Source/WebKit/Shared/WebCoreArgumentCoders.cpp (272261 => 272262)
--- branches/safari-611-branch/Source/WebKit/Shared/WebCoreArgumentCoders.cpp 2021-02-03 01:40:10 UTC (rev 272261)
+++ branches/safari-611-branch/Source/WebKit/Shared/WebCoreArgumentCoders.cpp 2021-02-03 01:40:13 UTC (rev 272262)
@@ -169,6 +169,9 @@
if (!sharedMemoryBuffer)
return false;
+ if (sharedMemoryBuffer->size() < bufferSize)
+ return false;
+
buffer = SharedBuffer::create(static_cast<unsigned char*>(sharedMemoryBuffer->data()), bufferSize);
#endif
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
