[Skim-app-commit] SF.net SVN: skim-app:[15800] trunk

Thu, 13 Nov 2025 06:58:02 -0800 

Revision: 15800
          http://sourceforge.net/p/skim-app/code/15800
Author:   hofman
Date:     2025-11-13 14:57:50 +0000 (Thu, 13 Nov 2025)
Log Message:
-----------
us secure encoding for keyed unarchivers

Modified Paths:
--------------
    trunk/NSUserDefaults_SKExtensions.m
    trunk/NSValueTransformer_SKExtensions.m
    trunk/PDFAnnotation_SKExtensions.m
    trunk/SKFontWell.m

Modified: trunk/NSUserDefaults_SKExtensions.m
===================================================================
--- trunk/NSUserDefaults_SKExtensions.m 2025-11-13 10:20:34 UTC (rev 15799)
+++ trunk/NSUserDefaults_SKExtensions.m 2025-11-13 14:57:50 UTC (rev 15800)
@@ -45,17 +45,19 @@
     NSColor *color = nil;
     NSData *data = [self dataForKey:key];
     if (data) {
-        @try { color = [NSKeyedUnarchiver unarchiveObjectWithData:data]; }
+        @try { color = [NSKeyedUnarchiver unarchivedObjectOfClass:[NSColor 
class] fromData:data error:NULL]; }
         @catch (id e) {}
         if (color == nil) {
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
-            @try { color = [NSUnarchiver unarchiveObjectWithData:data]; }
+            @try {
+                color = [NSUnarchiver unarchiveObjectWithData:data];
+                if ([color isKindOfClass:[NSColor class]] == NO)
+                    color = nil;
+            }
 #pragma clang diagnostic pop
             @catch (id e) {}
         }
-        if ([color isKindOfClass:[NSColor class]] == NO)
-            color = nil;
     } else {
         NSArray *array = [self arrayForKey:key];
         if ([array count]) {

Modified: trunk/NSValueTransformer_SKExtensions.m
===================================================================
--- trunk/NSValueTransformer_SKExtensions.m     2025-11-13 10:20:34 UTC (rev 
15799)
+++ trunk/NSValueTransformer_SKExtensions.m     2025-11-13 14:57:50 UTC (rev 
15800)
@@ -121,17 +121,19 @@
     if ([value isKindOfClass:[NSData class]] == NO)
         return nil;
     NSColor *color = nil;
-    @try { color = [NSKeyedUnarchiver unarchiveObjectWithData:value]; }
+    @try { color = [NSKeyedUnarchiver unarchivedObjectOfClass:[NSColor class] 
fromData:value error:NULL]; }
     @catch (id e) {}
     if (color == nil) {
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
-        @try { color = [NSUnarchiver unarchiveObjectWithData:value]; }
+        @try {
+            color = [NSUnarchiver unarchiveObjectWithData:value];
+            if ([color isKindOfClass:[NSColor class]] == NO)
+                return nil;
+        }
 #pragma clang diagnostic pop
         @catch (id e) {}
     }
-    if ([color isKindOfClass:[NSColor class]] == NO)
-        return nil;
     return color;
 }
 

Modified: trunk/PDFAnnotation_SKExtensions.m
===================================================================
--- trunk/PDFAnnotation_SKExtensions.m  2025-11-13 10:20:34 UTC (rev 15799)
+++ trunk/PDFAnnotation_SKExtensions.m  2025-11-13 14:57:50 UTC (rev 15800)
@@ -92,7 +92,7 @@
 - (instancetype)initWithPasteboardPropertyList:(id)propertyList 
ofType:(NSString *)type {
     if ([type isEqualToString:SKPasteboardTypeSkimNote] &&
         [propertyList isKindOfClass:[NSData class]]) {
-        self = [self initSkimNoteWithProperties:[NSKeyedUnarchiver 
unarchiveObjectWithData:propertyList]];
+        self = [self initSkimNoteWithProperties:[NSKeyedUnarchiver 
unarchivedObjectOfClass:[NSDictionary class] fromData:propertyList error:NULL]];
     } else {
         self = [self init];
         self = nil;

Modified: trunk/SKFontWell.m
===================================================================
--- trunk/SKFontWell.m  2025-11-13 10:20:34 UTC (rev 15799)
+++ trunk/SKFontWell.m  2025-11-13 14:57:50 UTC (rev 15800)
@@ -335,8 +335,8 @@
     @try {
         if ([type isEqualToString:SKNSFontPanelDescriptorsPboardType]) {
             NSData *data = [pboard dataForType:type];
-            NSDictionary *dict = [data isKindOfClass:[NSData class]] ? 
[NSKeyedUnarchiver unarchiveObjectWithData:data] : nil;
-            if ([dict isKindOfClass:[NSDictionary class]]) {
+            NSDictionary *dict = [data isKindOfClass:[NSData class]] ? 
[NSKeyedUnarchiver unarchivedObjectOfClass:[NSDictionary class] fromData:data 
error:NULL] : nil;
+            if (dict) {
                 NSArray *fontDescriptors = [dict 
objectForKey:SKNSFontCollectionFontDescriptors];
                 NSFontDescriptor *fontDescriptor = ([fontDescriptors 
isKindOfClass:[NSArray class]] && [fontDescriptors count]) ? [fontDescriptors 
objectAtIndex:0] : nil;
                 if ([fontDescriptor isKindOfClass:[NSFontDescriptor class]]) {

This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.



_______________________________________________
Skim-app-commit mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/skim-app-commit

Reply via email to