[webkit-changes] [290935] branches/safari-613-branch/Source/WebKit

[repstein]

Title: [290935] branches/safari-613-branch/Source/WebKit

Revision

290935

Author

repst...@apple.com

Date

2022-03-07 14:10:12 -0800 (Mon, 07 Mar 2022)

Log Message

Cherry-pick r290343. rdar://problem/85811396

    Further restrict received IPC boolean values to 0 or 1
    https://bugs.webkit.org/show_bug.cgi?id=236801
    rdar://85811396

    Patch by Simon Lewis <simon.le...@apple.com> on 2022-02-22
    Reviewed by Chris Dumez.

    Return std::nullopt if a value larger than 1 is received.

    * Platform/IPC/ArgumentCoder.h:
    (IPC::ArgumentCoder<bool>::decode):

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@290343 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

• branches/safari-613-branch/Source/WebKit/ChangeLog
• branches/safari-613-branch/Source/WebKit/Platform/IPC/ArgumentCoder.h

Diff

Modified: branches/safari-613-branch/Source/WebKit/ChangeLog (290934 => 290935)

--- branches/safari-613-branch/Source/WebKit/ChangeLog	2022-03-07 22:10:09 UTC (rev 290934)
+++ branches/safari-613-branch/Source/WebKit/ChangeLog	2022-03-07 22:10:12 UTC (rev 290935)
@@ -1,5 +1,36 @@
 2022-03-07  Russell Epstein  <repst...@apple.com>
 
+        Cherry-pick r290343. rdar://problem/85811396
+
+    Further restrict received IPC boolean values to 0 or 1
+    https://bugs.webkit.org/show_bug.cgi?id=236801
+    rdar://85811396
+    
+    Patch by Simon Lewis <simon.le...@apple.com> on 2022-02-22
+    Reviewed by Chris Dumez.
+    
+    Return std::nullopt if a value larger than 1 is received.
+    
+    * Platform/IPC/ArgumentCoder.h:
+    (IPC::ArgumentCoder<bool>::decode):
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@290343 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2022-02-22  Simon Lewis  <simon.le...@apple.com>
+
+            Further restrict received IPC boolean values to 0 or 1
+            https://bugs.webkit.org/show_bug.cgi?id=236801
+            rdar://85811396
+
+            Reviewed by Chris Dumez.
+
+            Return std::nullopt if a value larger than 1 is received.
+
+            * Platform/IPC/ArgumentCoder.h:
+            (IPC::ArgumentCoder<bool>::decode):
+
+2022-03-07  Russell Epstein  <repst...@apple.com>
+
         Cherry-pick r290305. rdar://problem/89287719
 
     Rename RenderStyle::userSelectIncludingInert to RenderStyle::effectiveUserSelect

Modified: branches/safari-613-branch/Source/WebKit/Platform/IPC/ArgumentCoder.h (290934 => 290935)

--- branches/safari-613-branch/Source/WebKit/Platform/IPC/ArgumentCoder.h	2022-03-07 22:10:09 UTC (rev 290934)
+++ branches/safari-613-branch/Source/WebKit/Platform/IPC/ArgumentCoder.h	2022-03-07 22:10:12 UTC (rev 290935)
@@ -88,7 +88,7 @@
     static std::optional<bool> decode(Decoder& decoder)
     {
         uint8_t data;
-        if (decoder.decodeFixedLengthData(&data, sizeof(uint8_t), alignof(uint8_t)))
+        if (decoder.decodeFixedLengthData(&data, sizeof(uint8_t), alignof(uint8_t)) && data <= 1)
             return !!data; // This ensures that only the lower bit is set in a boolean for IPC messages
         return std::nullopt;
     }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes