Title: [261040] trunk/Source/WebKit
- Revision
- 261040
- Author
- ddkil...@apple.com
- Date
- 2020-05-01 16:44:47 -0700 (Fri, 01 May 2020)
Log Message
[IPC hardening] Refactor createMessageDecoder() for clarity
<https://webkit.org/b/211322>
Reviewed by Darin Adler.
* Platform/IPC/cocoa/ConnectionCocoa.mm:
(IPC::createMessageDecoder):
- Rename `numDescriptors` to `numberOfPortDescriptors` to match
variable name in sendOutgoingMessage().
- Add new `numberOfAttachments` variable to make it clear that
one port descriptor is left for an out-of-line message body.
- Add FIXME about another issue.
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (261039 => 261040)
--- trunk/Source/WebKit/ChangeLog 2020-05-01 23:41:16 UTC (rev 261039)
+++ trunk/Source/WebKit/ChangeLog 2020-05-01 23:44:47 UTC (rev 261040)
@@ -1,3 +1,18 @@
+2020-05-01 David Kilzer <ddkil...@apple.com>
+
+ [IPC hardening] Refactor createMessageDecoder() for clarity
+ <https://webkit.org/b/211322>
+
+ Reviewed by Darin Adler.
+
+ * Platform/IPC/cocoa/ConnectionCocoa.mm:
+ (IPC::createMessageDecoder):
+ - Rename `numDescriptors` to `numberOfPortDescriptors` to match
+ variable name in sendOutgoingMessage().
+ - Add new `numberOfAttachments` variable to make it clear that
+ one port descriptor is left for an out-of-line message body.
+ - Add FIXME about another issue.
+
2020-05-01 Alex Christensen <achristen...@webkit.org>
Add SPI to move localStorage to a different domain
Modified: trunk/Source/WebKit/Platform/IPC/cocoa/ConnectionCocoa.mm (261039 => 261040)
--- trunk/Source/WebKit/Platform/IPC/cocoa/ConnectionCocoa.mm 2020-05-01 23:41:16 UTC (rev 261039)
+++ trunk/Source/WebKit/Platform/IPC/cocoa/ConnectionCocoa.mm 2020-05-01 23:44:47 UTC (rev 261040)
@@ -418,12 +418,10 @@
return Decoder::create(body, bodySize, nullptr, Vector<Attachment> { });
}
- bool messageBodyIsOOL = header->msgh_id == outOfLineBodyMessageID;
-
mach_msg_body_t* body = reinterpret_cast<mach_msg_body_t*>(header + 1);
- mach_msg_size_t numDescriptors = body->msgh_descriptor_count;
- ASSERT(numDescriptors);
- if (!numDescriptors)
+ mach_msg_size_t numberOfPortDescriptors = body->msgh_descriptor_count;
+ ASSERT(numberOfPortDescriptors);
+ if (!numberOfPortDescriptors)
return nullptr;
uint8_t* descriptorData = reinterpret_cast<uint8_t*>(body + 1);
@@ -430,19 +428,19 @@
// If the message body was sent out-of-line, don't treat the last descriptor
// as an attachment, since it is really the message body.
- if (messageBodyIsOOL)
- --numDescriptors;
+ bool messageBodyIsOOL = header->msgh_id == outOfLineBodyMessageID;
+ mach_msg_size_t numberOfAttachments = messageBodyIsOOL ? numberOfPortDescriptors - 1 : numberOfPortDescriptors;
// Build attachment list
- Vector<Attachment> attachments(numDescriptors);
+ Vector<Attachment> attachments(numberOfAttachments);
- for (mach_msg_size_t i = 0; i < numDescriptors; ++i) {
+ for (mach_msg_size_t i = 0; i < numberOfAttachments; ++i) {
mach_msg_descriptor_t* descriptor = reinterpret_cast<mach_msg_descriptor_t*>(descriptorData);
ASSERT(descriptor->type.type == MACH_MSG_PORT_DESCRIPTOR);
if (descriptor->type.type != MACH_MSG_PORT_DESCRIPTOR)
return nullptr;
- attachments[numDescriptors - i - 1] = Attachment(descriptor->port.name, descriptor->port.disposition);
+ attachments[numberOfAttachments - i - 1] = Attachment(descriptor->port.name, descriptor->port.disposition);
descriptorData += sizeof(mach_msg_port_descriptor_t);
}
@@ -456,6 +454,7 @@
size_t messageBodySize = descriptor->out_of_line.size;
return Decoder::create(messageBody, messageBodySize, [](const uint8_t* buffer, size_t length) {
+ // FIXME: <rdar://problem/62086358> bufferDeallocator block ignores mach_msg_ool_descriptor_t->deallocate
vm_deallocate(mach_task_self(), reinterpret_cast<vm_address_t>(buffer), length);
}, WTFMove(attachments));
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
