Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 1bfda19669abc863671034e16c5808ae0bacf848 https://github.com/WebKit/WebKit/commit/1bfda19669abc863671034e16c5808ae0bacf848 Author: Wenson Hsieh <wenson_hs...@apple.com> Date: 2023-12-14 (Thu, 14 Dec 2023)
Changed paths: M Source/WebCore/page/Quirks.cpp Log Message: ----------- Mitigate crashes under Quirks::advancedPrivacyProtectionSubstituteDataURLForScriptWithFeatures() https://bugs.webkit.org/show_bug.cgi?id=266380 rdar://118479646 Reviewed by Yusuke Suzuki. Even after the mitigations in 269984@main, we're still sometimes crashing when attempting to determine whether or not we should apply hard-coded canvas fingerprinting mitigations when advanced privacy protections are enabled. From discussing with JSC folks, this seems to be due to the way in which we're currently trying to walk the stack by traversing `callerFrame()`s: ``` while (!codeBlock) { callFrame = callFrame->callerFrame(); if (!callFrame) break; codeBlock = callFrame->codeBlock(); } ``` Instead of implementing it this way, the JSC team recommended using `StackVisitor::visit` instead to walk the stack, which is the de-facto mechanism used to perform similar stack traversals elsewhere in the codebase. In addition, I'm also rearranging this check, so that we only ever attempt this relatively more expensive stack walk in the case where the `lastDrawnText`, `canvasWidth` and `canvasHeight` all match their expected values for the quirk. * Source/WebCore/page/Quirks.cpp: (WebCore::Quirks::advancedPrivacyProtectionSubstituteDataURLForScriptWithFeatures const): In my manual testing, I found that the source code length on some of the affected sites has been changed slightly; adjust this quirk to match. Canonical link: https://commits.webkit.org/272093@main _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes