Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: b17879dcdd0ef0481319a90dac73d50fceb48f28
https://github.com/WebKit/WebKit/commit/b17879dcdd0ef0481319a90dac73d50fceb48f28
Author: Alex Christensen <[email protected]>
Date: 2023-05-15 (Mon, 15 May 2023)
Changed paths:
M Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm
Log Message:
-----------
Fix a few more secure decoding issues
https://bugs.webkit.org/show_bug.cgi?id=256790
rdar://109286881
Reviewed by Wenson Hsieh.
Reports indicate DDScannerResult can contain NSMutableStrings, which fail to
decode
in strict mode when expecting an NSString. Fix this by doing the same
transformation
from mutable to not mutable on the encoding side that we do elsewhere.
Reports also indicate that NSURLRequest can contain mutable plist types like
NSMutableURLRequest can. To be conservative, add the same allowed mutable
plist types
when decoding the two classes.
The soft linking code for PAL::isDataDetectorsCoreFrameworkAvailable already
effectively
caches the result of dlsym, so making our own cache is redundant. Same with
the other
similar caches.
Also, as a slight perf optimization, check the bools like rewriteMutableString
first
before calling dynamic_objc_cast since the former is often false, the latter is
more
expensive, and both need to be true to enter the condition.
* Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm:
(-[WKSecureCodingArchivingDelegate archiver:willEncodeObject:]):
(-[WKSecureCodingArchivingDelegate init]):
(IPC::encodeSecureCodingInternal):
(IPC::shouldEnableStrictMode):
(IPC::decodeSecureCodingInternal):
Canonical link: https://commits.webkit.org/264079@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
