Summary: | API test WKAttachmentTests.CopyAndPasteBetweenWebViews fails on macOS 10.13 | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Wenson Hsieh <wenson_hsieh> | ||||||||||||||
Component: | HTML Editing | Assignee: | Wenson Hsieh <wenson_hsieh> | ||||||||||||||
Status: | RESOLVED FIXED | ||||||||||||||||
Severity: | Normal | CC: | bdakin, bfulgham, commit-queue, dino, ews-watchlist, mitz, ryanhaddad, thorton, tsavell, webkit-bug-importer, wenson_hsieh | ||||||||||||||
Priority: | P2 | Keywords: | InRadar | ||||||||||||||
Version: | WebKit Nightly Build | ||||||||||||||||
Hardware: | Unspecified | ||||||||||||||||
OS: | Unspecified | ||||||||||||||||
Attachments: |
|
Description
Wenson Hsieh
2018-10-31 08:18:35 PDT
I think we can address this by only requiring secure archival on macOS 10.14+ and iOS 12+ Created attachment 353495 [details]
Speculative fix
Comment on attachment 353495 [details] Speculative fix View in context: https://bugs.webkit.org/attachment.cgi?id=353495&action=review > Source/WebKit/ChangeLog:13 > + To fix this, we only use the secure archiver on ⥠macOS 10.14 and ⥠iOS 12. (Bugzilla garbled ≥ into â¥) Created attachment 353498 [details]
Speculative fix
Created attachment 353499 [details]
Patch
Comment on attachment 353499 [details] Patch Clearing flags on attachment: 353499 Committed r237648: <https://trac.webkit.org/changeset/237648> All reviewed patches have been landed. Closing bug. Unfortunately, it appears that this did not work: <https://build.webkit.org/builders/Apple%20High%20Sierra%20Release%20WK2%20(Tests)/builds/7545/steps/run-api-tests/logs/stdio>. Continuing to investigate... Created attachment 353563 [details]
Patch
Comment on attachment 353563 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=353563&action=review > Source/WebKit/ChangeLog:9 > + Followup to r237648: also make sure that we unsecurely unarchive NSFileWrapper on platforms that don't support typo: unsecurely > Source/WebKit/UIProcess/API/Cocoa/APIAttachmentCocoa.mm:161 > + NSFileWrapper *fileWrapper = insecurelyUnarchiveObjectFromData(serializedData.get()); Isn't this insecure? :) Comment on attachment 353563 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=353563&action=review >> Source/WebKit/ChangeLog:9 >> + Followup to r237648: also make sure that we unsecurely unarchive NSFileWrapper on platforms that don't support > > typo: unsecurely Oops! Fixed. Comment on attachment 353563 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=353563&action=review >> Source/WebKit/UIProcess/API/Cocoa/APIAttachmentCocoa.mm:161 >> + NSFileWrapper *fileWrapper = insecurelyUnarchiveObjectFromData(serializedData.get()); > > Isn't this insecure? :) ...that's a good point, I think this additionally warrants a check that [fileWrapper isKindOfClass:NSFileWrapper.class] Created attachment 353568 [details]
Patch for landing
Comment on attachment 353568 [details] Patch for landing Clearing flags on attachment: 353568 Committed r237667: <https://trac.webkit.org/changeset/237667> Comment on attachment 353563 [details] Patch Attachment 353563 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/9805037 New failing tests: http/wpt/mediarecorder/MediaRecorder-mock-dataavailable.html Created attachment 353573 [details]
Archive of layout-test-results from ews121 for ios-simulator-wk2
The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews121 Port: ios-simulator-wk2 Platform: Mac OS X 10.13.6
|