[webkit-changes] [258744] trunk/Source/WebCore

Thu, 19 Mar 2020 16:49:15 -0700

Title: [258744] trunk/Source/WebCore
Revision
258744
Author
commit-qu...@webkit.org
Date
2020-03-19 16:48:18 -0700 (Thu, 19 Mar 2020)

Log Message

ScriptDisallowedScope should disable isEventAllowedInMainThread and isEventDispatchAllowedInSubtree asserts in WebKit1
https://bugs.webkit.org/show_bug.cgi?id=209165

Patch by Sunny He <sunny...@apple.com> on 2020-03-19
Reviewed by Ryosuke Niwa.

Under very intricate sequences of event dispatch in WebKit1, it is
possible for security asserts to be triggered even if there is no
underlying security issue soley due to the design patterns of
WebKit1.

No new tests since the conditions for reproduction are very delicate
and difficult to reliably capture in a test case.

* dom/ScriptDisallowedScope.h:
(WebCore::ScriptDisallowedScope::isEventAllowedInMainThread):
(WebCore::ScriptDisallowedScope::InMainThread::isEventDispatchAllowedInSubtree):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (258743 => 258744)


--- trunk/Source/WebCore/ChangeLog	2020-03-19 23:41:31 UTC (rev 258743)
+++ trunk/Source/WebCore/ChangeLog	2020-03-19 23:48:18 UTC (rev 258744)
@@ -1,3 +1,22 @@
+2020-03-19  Sunny He  <sunny...@apple.com>
+
+        ScriptDisallowedScope should disable isEventAllowedInMainThread and isEventDispatchAllowedInSubtree asserts in WebKit1
+        https://bugs.webkit.org/show_bug.cgi?id=209165
+
+        Reviewed by Ryosuke Niwa.
+
+        Under very intricate sequences of event dispatch in WebKit1, it is
+        possible for security asserts to be triggered even if there is no
+        underlying security issue soley due to the design patterns of
+        WebKit1.
+
+        No new tests since the conditions for reproduction are very delicate
+        and difficult to reliably capture in a test case.
+
+        * dom/ScriptDisallowedScope.h:
+        (WebCore::ScriptDisallowedScope::isEventAllowedInMainThread):
+        (WebCore::ScriptDisallowedScope::InMainThread::isEventDispatchAllowedInSubtree):
+
 2020-03-19  Tim Horton  <timothy_hor...@apple.com>
 
         Upstream the definition of HAVE_READ_ONLY_SYSTEM_VOLUME

Modified: trunk/Source/WebCore/dom/ScriptDisallowedScope.h (258743 => 258744)


--- trunk/Source/WebCore/dom/ScriptDisallowedScope.h	2020-03-19 23:41:31 UTC (rev 258743)
+++ trunk/Source/WebCore/dom/ScriptDisallowedScope.h	2020-03-19 23:48:18 UTC (rev 258744)
@@ -24,6 +24,7 @@
 #pragma once
 
 #include "ContainerNode.h"
+#include "RuntimeApplicationChecks.h"
 #include <wtf/MainThread.h>
 
 #if PLATFORM(IOS_FAMILY)
@@ -62,7 +63,7 @@
 
     static bool isEventAllowedInMainThread()
     {
-        return !isMainThread() || !s_count;
+        return !isInWebProcess() || !isMainThread() || !s_count;
     }
 
     class InMainThread {
@@ -85,7 +86,7 @@
         static bool isEventDispatchAllowedInSubtree(Node& node)
         {
 #if ASSERT_ENABLED || ENABLE(SECURITY_ASSERTIONS)
-            return isScriptAllowed() || EventAllowedScope::isAllowedNode(node);
+            return !isInWebProcess() || isScriptAllowed() || EventAllowedScope::isAllowedNode(node);
 #else
             UNUSED_PARAM(node);
             return true;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to