| Summary: | [IPC hardening] Return type of -[NSCoder validateClassSupportsSecureCoding:] is incorrect | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | David Kilzer (:ddkilzer) <ddkilzer> | ||||||
| Component: | WebKit2 | Assignee: | David Kilzer (:ddkilzer) <ddkilzer> | ||||||
| Status: | RESOLVED FIXED | ||||||||
| Severity: | Normal | CC: | bfulgham, darin, useafterfree, webkit-bug-importer | ||||||
| Priority: | P2 | Keywords: | InRadar | ||||||
| Version: | Other | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Attachments: |
|
||||||||
|
Description
David Kilzer (:ddkilzer)
2020-06-12 19:35:53 PDT
Created attachment 401820 [details]
Patch v1
Comment on attachment 401820 [details] Patch v1 View in context: https://bugs.webkit.org/attachment.cgi?id=401820&action=review > Source/WebKit/Shared/API/Cocoa/WKRemoteObjectCoder.mm:642 > + ASSERT_UNUSED(result, result); Wait, shouldn’t this be raising an exception instead of ignoring it, if the value returned is false? Comment on attachment 401820 [details] Patch v1 View in context: https://bugs.webkit.org/attachment.cgi?id=401820&action=review >> Source/WebKit/Shared/API/Cocoa/WKRemoteObjectCoder.mm:642 >> + ASSERT_UNUSED(result, result); > > Wait, shouldn’t this be raising an exception instead of ignoring it, if the value returned is false? The -validateClassSupportsSecureCoding: method currently throws an NSException before returning NO, but that behavior is configurable, so yes, WebKit should also throw just in case that gets turned off unexpectedly. Created attachment 401875 [details]
Patch v2
Committed r263016: <https://trac.webkit.org/changeset/263016> All reviewed patches have been landed. Closing bug and clearing flags on attachment 401875 [details]. |