Bug 186211

Summary:

Make sure that the fencePort received over IPC has the expected disposition (SEND)

Product:

WebKit

Reporter:

Brent Fulgham <bfulgham>

Component:

WebKit2

Assignee:

Brent Fulgham <bfulgham>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, andersca, bfulgham, commit-queue, ews-watchlist, ggaren

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Archive of layout-test-results from ews206 for win-future	none
Patch for landing	none

Brent Fulgham

Reported 2018-06-01 16:12:43 PDT

We shouldn't blindly assume that the Mach Send Right we receive from the UIProcess in WebPage::setTopContentInsetFenced (and VideoFullscreenManager::setVideoLayerFrameFenced) will have the expected MACH_MSG_TYPE_MOVE_SEND disposition. Instead, we should check that it meets expectations. If we discover a discrepancy, we should discard the message without touching the mach port contents.

Attachments
Patch (3.88 KB, patch) 2018-06-01 16:16 PDT, Brent Fulgham	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews206 for win-future (12.75 MB, application/zip) 2018-06-02 01:42 PDT, EWS Watchlist	no flags	Details
Patch for landing (3.56 KB, patch) 2018-06-03 10:49 PDT, Brent Fulgham	no flags	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2018-06-01 16:12:57 PDT

<rdar://problem/37814171>

Brent Fulgham

Comment 2 2018-06-01 16:16:00 PDT

Created attachment 341800 [details] Patch

Geoffrey Garen

Comment 3 2018-06-01 16:36:30 PDT

Comment on attachment 341800 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=341800&action=review r=me > Source/WebKit/WebProcess/WebPage/WebPage.cpp:2664 > + // Check for invalid message receipt. If this is not a send right, something has > + // gone wrong and we should discard this message. I don't think this comment adds anything. It just kind of restates the code below. > Source/WebKit/WebProcess/cocoa/VideoFullscreenManager.mm:568 > + // Check for invalid message receipt. If this is not a send right, something has > + // gone wrong and we should discard this message. Ditto.

EWS Watchlist

Comment 4 2018-06-02 01:41:57 PDT

Comment on attachment 341800 [details] Patch Attachment 341800 [details] did not pass win-ews (win): Output: http://webkit-queues.webkit.org/results/7941653 New failing tests: http/tests/security/canvas-remote-read-remote-video-localhost.html

EWS Watchlist

Comment 5 2018-06-02 01:42:08 PDT

Created attachment 341837 [details] Archive of layout-test-results from ews206 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews206 Port: win-future Platform: CYGWIN_NT-6.1-2.9.0-0.318-5-3-x86_64-64bit

Brent Fulgham

Comment 6 2018-06-03 10:49:56 PDT

Created attachment 341867 [details] Patch for landing

WebKit Commit Bot

Comment 7 2018-06-03 11:28:13 PDT

Comment on attachment 341867 [details] Patch for landing Clearing flags on attachment: 341867 Committed r232451: <https://trac.webkit.org/changeset/232451>

WebKit Commit Bot

Comment 8 2018-06-03 11:28:14 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.