Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 4d29332a09b0f3b17eff2d44f464dd8dff77cad0
https://github.com/WebKit/WebKit/commit/4d29332a09b0f3b17eff2d44f464dd8dff77cad0
Author: Alexey Shvayka <[email protected]>
Date: 2024-05-22 (Wed, 22 May 2024)
Changed paths:
M Source/JavaScriptCore/runtime/CustomGetterSetter.h
Log Message:
-----------
[JSC] Harden CustomGetterSetter by adding MethodTable overrides that always
crash
https://bugs.webkit.org/show_bug.cgi?id=268897
<rdar://122171568>
Reviewed by Mark Lam.
Just like GetterSetter, CustomGetterSetter is never purposely exposed to
userland code.
However, to make exploitation of accidentally exposed CustomGetterSetter
objects difficult, this
patch implements MethodTable overrides that abort the program when reached,
similar to GetterSetter.
* Source/JavaScriptCore/runtime/CustomGetterSetter.h:
(JSC::CustomGetterSetter::getOwnPropertySlot):
(JSC::CustomGetterSetter::put):
(JSC::CustomGetterSetter::putByIndex):
(JSC::CustomGetterSetter::setPrototype):
(JSC::CustomGetterSetter::defineOwnProperty):
(JSC::CustomGetterSetter::deleteProperty):
Originally-landed-as: 272448.523@safari-7618-branch (66d8614c41ca).
rdar://128498125
Canonical link: https://commits.webkit.org/279156@main
Commit: b287b6cc9662e88415c7958132ab001431b35f9f
https://github.com/WebKit/WebKit/commit/b287b6cc9662e88415c7958132ab001431b35f9f
Author: Erica Li <[email protected]>
Date: 2024-05-22 (Wed, 22 May 2024)
Changed paths:
A
LayoutTests/ipc/create-media-source-with-invalid-constraints-crash-expected.txt
A LayoutTests/ipc/create-media-source-with-invalid-constraints-crash.html
M Source/WebCore/platform/mediastream/MediaConstraints.cpp
M Source/WebCore/platform/mediastream/MediaConstraints.h
M Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp
Log Message:
-----------
WTFCrashWithSecurityImplication in
WebCore::RealtimeMediaSource::fitnessDistance
https://bugs.webkit.org/show_bug.cgi?id=268800
rdar://122105977
Reviewed by Youenn Fablet.
This is short-term suggested fix to add isValid check to
MediaTrackConstraintSetMap to ensure each incomming contraint from IPC call has
the right MediaConstraintType.
*
LayoutTests/ipc/create-media-source-with-invalid-constraints-crash-expected.txt:
Added.
* LayoutTests/ipc/create-media-source-with-invalid-constraints-crash.html:
Added.
* Source/WebCore/platform/mediastream/MediaConstraints.cpp:
(WebCore::MediaTrackConstraintSetMap::isValid const):
* Source/WebCore/platform/mediastream/MediaConstraints.h:
* Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp:
(WebKit::UserMediaCaptureManagerProxy::createMediaSourceForCaptureDeviceWithConstraints):
(WebKit::UserMediaCaptureManagerProxy::applyConstraints):
Originally-landed-as: 272448.542@safari-7618-branch (01389d47b6ec).
rdar://128498600
Canonical link: https://commits.webkit.org/279157@main
Compare: https://github.com/WebKit/WebKit/compare/223c3b4280f0...b287b6cc9662
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
