Bug 210621

Summary: -[WebPreferences initWithCoder:] should use -[NSCoder decodeValueOfObjCType:at:size:]
Product: Security Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: SecurityAssignee: David Kilzer (:ddkilzer) <ddkilzer>
Severity: Normal CC: andersca, bfulgham, darin, ews-feeder, product-security, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=229121
Description Flags
Patch v1
Patch v1
Patch v1 third time none

Description David Kilzer (:ddkilzer) 2020-04-16 15:14:33 PDT
-[WebPreferences initWithCoder:] should use -[NSCoder decodeValueOfObjCType:at:size:].

Found by clang static analyzer:

Deprecated method '-decodeValueOfObjCType:at:' is insecure as it can lead to potential buffer overflows. Use the safer '-decodeValueOfObjCType:at:size:' method
Comment 1 Radar WebKit Bug Importer 2020-04-16 15:14:45 PDT
Comment 2 David Kilzer (:ddkilzer) 2020-04-16 15:19:46 PDT
Created attachment 396705 [details]
Patch v1
Comment 3 David Kilzer (:ddkilzer) 2020-04-16 15:20:18 PDT
Created attachment 396706 [details]
Patch v1
Comment 4 David Kilzer (:ddkilzer) 2020-04-16 15:21:37 PDT
(In reply to David Kilzer (:ddkilzer) from comment #3)
> Created attachment 396706 [details]
> Patch v1

Tired.  Uploaded the same patch twice.
Comment 5 David Kilzer (:ddkilzer) 2020-04-16 16:45:56 PDT
Created attachment 396722 [details]
Patch v1 third time

Sigh.  EWS bots won't let me rebuild an obsoleted patch, even if I un-obsolete it.
Comment 6 David Kilzer (:ddkilzer) 2020-04-17 16:55:27 PDT
Patch is ready for review.
Comment 7 EWS 2020-04-18 09:33:08 PDT
Committed r260315: <https://trac.webkit.org/changeset/260315>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 396722 [details].