Title: [287632] branches/safari-612-branch/Source/WebKit
- Revision
- 287632
- Author
- repst...@apple.com
- Date
- 2022-01-05 10:21:20 -0800 (Wed, 05 Jan 2022)
Log Message
Cherry-pick r287313. rdar://problem/87124922
IPC streams should not accept 0-length stream buffers
https://bugs.webkit.org/show_bug.cgi?id=234552
<rdar://79725420>
Patch by Kimmo Kinnunen <kkinnu...@apple.com> on 2021-12-21
Reviewed by Antti Koivisto.
Make decoding 0-length stream buffers fail. These buffers are not useful.
No new tests, tests need additional implementation, will be added
in subsequent commits.
* Platform/IPC/StreamConnectionBuffer.cpp:
(IPC::StreamConnectionBuffer::StreamConnectionBuffer):
(IPC::StreamConnectionBuffer::decode):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@287313 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-612-branch/Source/WebKit/ChangeLog (287631 => 287632)
--- branches/safari-612-branch/Source/WebKit/ChangeLog 2022-01-05 18:21:18 UTC (rev 287631)
+++ branches/safari-612-branch/Source/WebKit/ChangeLog 2022-01-05 18:21:20 UTC (rev 287632)
@@ -1,5 +1,44 @@
2022-01-05 Russell Epstein <repst...@apple.com>
+ Cherry-pick r287313. rdar://problem/87124922
+
+ IPC streams should not accept 0-length stream buffers
+ https://bugs.webkit.org/show_bug.cgi?id=234552
+ <rdar://79725420>
+
+ Patch by Kimmo Kinnunen <kkinnu...@apple.com> on 2021-12-21
+ Reviewed by Antti Koivisto.
+
+ Make decoding 0-length stream buffers fail. These buffers are not useful.
+
+ No new tests, tests need additional implementation, will be added
+ in subsequent commits.
+
+ * Platform/IPC/StreamConnectionBuffer.cpp:
+ (IPC::StreamConnectionBuffer::StreamConnectionBuffer):
+ (IPC::StreamConnectionBuffer::decode):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@287313 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-12-21 Kimmo Kinnunen <kkinnu...@apple.com>
+
+ IPC streams should not accept 0-length stream buffers
+ https://bugs.webkit.org/show_bug.cgi?id=234552
+ <rdar://79725420>
+
+ Reviewed by Antti Koivisto.
+
+ Make decoding 0-length stream buffers fail. These buffers are not useful.
+
+ No new tests, tests need additional implementation, will be added
+ in subsequent commits.
+
+ * Platform/IPC/StreamConnectionBuffer.cpp:
+ (IPC::StreamConnectionBuffer::StreamConnectionBuffer):
+ (IPC::StreamConnectionBuffer::decode):
+
+2022-01-05 Russell Epstein <repst...@apple.com>
+
Cherry-pick r287039. rdar://problem/85015428
Move FTP disabling from NetworkLoad::start to NetworkDataTask::NetworkDataTask
Modified: branches/safari-612-branch/Source/WebKit/Platform/IPC/StreamConnectionBuffer.cpp (287631 => 287632)
--- branches/safari-612-branch/Source/WebKit/Platform/IPC/StreamConnectionBuffer.cpp 2022-01-05 18:21:18 UTC (rev 287631)
+++ branches/safari-612-branch/Source/WebKit/Platform/IPC/StreamConnectionBuffer.cpp 2022-01-05 18:21:20 UTC (rev 287632)
@@ -42,6 +42,7 @@
: m_dataSize(memorySize - headerSize())
, m_sharedMemory(createMemory(memorySize))
{
+ ASSERT(m_dataSize > 0);
ASSERT(m_dataSize <= maximumSize());
}
@@ -50,6 +51,7 @@
, m_sharedMemory(WTFMove(memory))
, m_clientWaitSemaphore(WTFMove(clientWaitSemaphore))
{
+ ASSERT(m_dataSize > 0);
ASSERT(m_dataSize <= maximumSize());
}
@@ -88,7 +90,7 @@
if (!semaphore)
return std::nullopt;
size_t dataSize = static_cast<size_t>(ipcHandle->dataSize);
- if (dataSize < headerSize())
+ if (dataSize <= headerSize())
return std::nullopt;
if (dataSize > headerSize() + maximumSize())
return std::nullopt;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes