Title: [259346] trunk/Source/WebKit
- Revision
- 259346
- Author
- wenson_hs...@apple.com
- Date
- 2020-04-01 09:01:36 -0700 (Wed, 01 Apr 2020)
Log Message
Make WebPasteboardProxy::didModifyContentsOfPasteboard robust when pasteboardName is null
https://bugs.webkit.org/show_bug.cgi?id=209848
<rdar://problem/61121810>
Reviewed by Megan Gardner and David Kilzer.
Add more IPC message checks in WebPasteboardProxy; see below for more detail.
* UIProcess/Cocoa/WebPasteboardProxyCocoa.mm:
Rename what is currently MESSAGE_CHECK to MESSAGE_CHECK_COMPLETION, and introduce two more message check macros:
MESSAGE_CHECK_WITH_RETURN_VALUE, which supports a return value, and MESSAGE_CHECK, which returns with no value.
(WebKit::WebPasteboardProxy::canAccessPasteboardData const):
Replace the early returns when pasteboardName is empty or when the web process for the given connection is null
with `MESSAGE_CHECK`s. When the web content process is well-behaved, these early returns should never be hit.
(WebKit::WebPasteboardProxy::didModifyContentsOfPasteboard):
Similarly, replace this early return with a message check, and additionally `MESSAGE_CHECK` when the pasteboard
name is empty. This addresses the main issue caught by this radar.
(WebKit::WebPasteboardProxy::setPasteboardBufferForType):
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (259345 => 259346)
--- trunk/Source/WebKit/ChangeLog 2020-04-01 15:31:36 UTC (rev 259345)
+++ trunk/Source/WebKit/ChangeLog 2020-04-01 16:01:36 UTC (rev 259346)
@@ -1,3 +1,30 @@
+2020-04-01 Wenson Hsieh <wenson_hs...@apple.com>
+
+ Make WebPasteboardProxy::didModifyContentsOfPasteboard robust when pasteboardName is null
+ https://bugs.webkit.org/show_bug.cgi?id=209848
+ <rdar://problem/61121810>
+
+ Reviewed by Megan Gardner and David Kilzer.
+
+ Add more IPC message checks in WebPasteboardProxy; see below for more detail.
+
+ * UIProcess/Cocoa/WebPasteboardProxyCocoa.mm:
+
+ Rename what is currently MESSAGE_CHECK to MESSAGE_CHECK_COMPLETION, and introduce two more message check macros:
+ MESSAGE_CHECK_WITH_RETURN_VALUE, which supports a return value, and MESSAGE_CHECK, which returns with no value.
+
+ (WebKit::WebPasteboardProxy::canAccessPasteboardData const):
+
+ Replace the early returns when pasteboardName is empty or when the web process for the given connection is null
+ with `MESSAGE_CHECK`s. When the web content process is well-behaved, these early returns should never be hit.
+
+ (WebKit::WebPasteboardProxy::didModifyContentsOfPasteboard):
+
+ Similarly, replace this early return with a message check, and additionally `MESSAGE_CHECK` when the pasteboard
+ name is empty. This addresses the main issue caught by this radar.
+
+ (WebKit::WebPasteboardProxy::setPasteboardBufferForType):
+
2020-04-01 Victor M. Jaquez <vjaq...@igalia.com>
Bump libwebrtc to M82
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebPasteboardProxyCocoa.mm (259345 => 259346)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebPasteboardProxyCocoa.mm 2020-04-01 15:31:36 UTC (rev 259345)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebPasteboardProxyCocoa.mm 2020-04-01 16:01:36 UTC (rev 259346)
@@ -38,7 +38,9 @@
#import <WebCore/SharedBuffer.h>
#import <wtf/URL.h>
-#define MESSAGE_CHECK(assertion, completion) MESSAGE_CHECK_COMPLETION_BASE(assertion, (&connection), completion)
+#define MESSAGE_CHECK(assertion) MESSAGE_CHECK_BASE(assertion, (&connection))
+#define MESSAGE_CHECK_WITH_RETURN_VALUE(assertion, returnValue) MESSAGE_CHECK_WITH_RETURN_VALUE_BASE(assertion, (&connection), returnValue)
+#define MESSAGE_CHECK_COMPLETION(assertion, completion) MESSAGE_CHECK_COMPLETION_BASE(assertion, (&connection), completion)
namespace WebKit {
using namespace WebCore;
@@ -73,14 +75,10 @@
bool WebPasteboardProxy::canAccessPasteboardData(IPC::Connection& connection, const String& pasteboardName) const
{
- if (pasteboardName.isEmpty()) {
- ASSERT_NOT_REACHED();
- return false;
- }
+ MESSAGE_CHECK_WITH_RETURN_VALUE(!pasteboardName.isEmpty(), false);
auto* process = webProcessProxyForConnection(connection);
- if (!process)
- return false;
+ MESSAGE_CHECK_WITH_RETURN_VALUE(process, false);
for (auto* page : process->pages()) {
auto& preferences = page->preferences();
@@ -106,9 +104,10 @@
void WebPasteboardProxy::didModifyContentsOfPasteboard(IPC::Connection& connection, const String& pasteboardName, int64_t previousChangeCount, int64_t newChangeCount)
{
+ MESSAGE_CHECK(!pasteboardName.isEmpty());
+
auto* process = webProcessProxyForConnection(connection);
- if (!process)
- return;
+ MESSAGE_CHECK(process);
auto changeCountAndProcesses = m_pasteboardNameToChangeCountAndProcessesMap.find(pasteboardName);
if (changeCountAndProcesses != m_pasteboardNameToChangeCountAndProcessesMap.end() && previousChangeCount == changeCountAndProcesses->value.first) {
@@ -300,7 +299,7 @@
}
// SharedMemory::Handle::size() is rounded up to the nearest page.
- MESSAGE_CHECK(size <= handle.size(), completionHandler(0));
+ MESSAGE_CHECK_COMPLETION(size <= handle.size(), completionHandler(0));
RefPtr<SharedMemory> sharedMemoryBuffer = SharedMemory::map(handle, SharedMemory::Protection::ReadOnly);
if (!sharedMemoryBuffer)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes