Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 125caaa3e7aa07089c1627bd7a79c4ce6ef2800c
https://github.com/WebKit/WebKit/commit/125caaa3e7aa07089c1627bd7a79c4ce6ef2800c
Author: Said Abou-Hallawa <s...@apple.com>
Date: 2025-08-08 (Fri, 08 Aug 2025)
Changed paths:
M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
Log Message:
-----------
Validate ShareableBitmapConfiguration fields when sending it over IPC
https://bugs.webkit.org/show_bug.cgi?id=292809
rdar://150772440
Reviewed by Anne van Kesteren.
bytesPerPixel, bytesPerRow and bitmapInfo of ShareableBitmapConfiguration have
to be checked and validated. Otherwise a buffer overflow can happen when reading
the pixels of the image.
1. bytesPerPixel should be between 1 and 8 inclusive.
2. bytesPerRow depends on the width of the image and bytesPerPixel.
3. bitmapInfo is unsigned but there should not be any bit set outside the
CGBitmapInfo masks.
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
Originally-landed-as: 289651.506@safari-7621-branch (52c2c7d983e0).
rdar://157793423
Canonical link: https://commits.webkit.org/298452@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
