Bug 194186

Summary: LocalAuthenticator::getAssertion attempts to put an NSData into a string using %s
Product: WebKit Reporter: Darin Adler <darin>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: alex.gaynor, ap, jiewen_tan, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 181943    

Darin Adler
Reported 2019-02-01 20:00:20 PST
When converting code to remove uses of String::format, I noticed this misuse: m_connection->getUserConsent( String::format("Log into %s with %s.", requestData().requestOptions.rpId.utf8().data(), selectedCredentialAttributes[(id)kSecAttrApplicationTag]), (__bridge SecAccessControlRef)selectedCredentialAttributes[(id)kSecAttrAccessControl], WTFMove(callback)); selectedCredentialAttributes[(id)kSecAttrApplicationTag] returns an NSData *, which can't be usefully formatted with %s.
Attachments
Radar WebKit Bug Importer
Comment 1 2019-02-04 08:59:34 PST
Darin Adler
Comment 2 2019-02-25 09:44:08 PST
I fixed this in r242014 <https://trac.webkit.org/changeset/242014> but it’s untested.
Jiewen Tan
Comment 3 2019-02-25 12:22:24 PST
(In reply to Darin Adler from comment #2) > I fixed this in r242014 <https://trac.webkit.org/changeset/242014> but it’s > untested. Thanks, Darin. I will test it before closing the bug.
Jiewen Tan
Comment 4 2019-08-06 13:13:47 PDT
Note You need to log in before you can comment on or make changes to this bug.