[webkit-changes] [285118] trunk/Source/WebCore

[cdumez]

Title: [285118] trunk/Source/WebCore

Revision

285118

Author

cdu...@apple.com

Date

2021-11-01 12:21:11 -0700 (Mon, 01 Nov 2021)

Log Message

Crash under HIDDevice::HIDDevice()
https://bugs.webkit.org/show_bug.cgi?id=232567
<rdar://79414185>

Reviewed by Simon Fraser.

Make sure we null check values returned by IOHIDDeviceGetProperty() before calling
CFNumberGetValue() on them.

* platform/mac/HIDDevice.cpp:
(WebCore::getDevicePropertyAsInt):
(WebCore::HIDDevice::HIDDevice):

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/platform/mac/HIDDevice.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (285117 => 285118)

--- trunk/Source/WebCore/ChangeLog	2021-11-01 18:01:21 UTC (rev 285117)
+++ trunk/Source/WebCore/ChangeLog	2021-11-01 19:21:11 UTC (rev 285118)
@@ -1,5 +1,20 @@
 2021-11-01  Chris Dumez  <cdu...@apple.com>
 
+        Crash under HIDDevice::HIDDevice()
+        https://bugs.webkit.org/show_bug.cgi?id=232567
+        <rdar://79414185>
+
+        Reviewed by Simon Fraser.
+
+        Make sure we null check values returned by IOHIDDeviceGetProperty() before calling
+        CFNumberGetValue() on them.
+
+        * platform/mac/HIDDevice.cpp:
+        (WebCore::getDevicePropertyAsInt):
+        (WebCore::HIDDevice::HIDDevice):
+
+2021-11-01  Chris Dumez  <cdu...@apple.com>
+
         Align XSLTProcessor with Blink and get closer to Gecko in the process
         https://bugs.webkit.org/show_bug.cgi?id=232485
 

Modified: trunk/Source/WebCore/platform/mac/HIDDevice.cpp (285117 => 285118)

--- trunk/Source/WebCore/platform/mac/HIDDevice.cpp	2021-11-01 18:01:21 UTC (rev 285117)
+++ trunk/Source/WebCore/platform/mac/HIDDevice.cpp	2021-11-01 19:21:11 UTC (rev 285118)
@@ -39,16 +39,21 @@
 
 namespace WebCore {
 
+static int getDevicePropertyAsInt(IOHIDDeviceRef device, CFStringRef key)
+{
+    CFNumberRef cfPropertyValue = checked_cf_cast<CFNumberRef>(IOHIDDeviceGetProperty(device, key));
+    int propertyValue = -1;
+    if (cfPropertyValue)
+        CFNumberGetValue(cfPropertyValue, kCFNumberIntType, &propertyValue);
+    return propertyValue;
+}
+
 HIDDevice::HIDDevice(IOHIDDeviceRef device)
     : m_rawDevice(device)
 {
-    CFNumberRef cfVendorID = checked_cf_cast<CFNumberRef>(IOHIDDeviceGetProperty(device, CFSTR(kIOHIDVendorIDKey)));
-    CFNumberRef cfProductID = checked_cf_cast<CFNumberRef>(IOHIDDeviceGetProperty(device, CFSTR(kIOHIDProductIDKey)));
+    int vendorID = getDevicePropertyAsInt(device, CFSTR(kIOHIDVendorIDKey));
+    int productID = getDevicePropertyAsInt(device, CFSTR(kIOHIDProductIDKey));
 
-    int vendorID, productID;
-    CFNumberGetValue(cfVendorID, kCFNumberIntType, &vendorID);
-    CFNumberGetValue(cfProductID, kCFNumberIntType, &productID);
-
     if (vendorID < 0 || vendorID > std::numeric_limits<uint16_t>::max()) {
         LOG(HID, "Device attached with malformed vendor ID 0x%x. Resetting to 0.", vendorID);
         vendorID = 0;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes