Bug 213161

Summary: [IPC hardening] Return type of -[NSCoder validateClassSupportsSecureCoding:] is incorrect
Product: WebKit Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: WebKit2Assignee: David Kilzer (:ddkilzer) <ddkilzer>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, darin, useafterfree, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch v1
none
Patch v2 none

David Kilzer (:ddkilzer)
Reported 2020-06-12 19:35:53 PDT
Return type of -[NSCoder validateClassSupportsSecureCoding:] is incorrect. It's currently defined as void, but should be BOOL.
Attachments
Patch v1 (2.02 KB, patch)
2020-06-12 19:40 PDT, David Kilzer (:ddkilzer) 		no flags
DetailsFormatted DiffDiff
Patch v2 (2.25 KB, patch)
2020-06-14 16:20 PDT, David Kilzer (:ddkilzer) 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2020-06-12 19:36:03 PDT
<rdar://problem/64050085>
David Kilzer (:ddkilzer)
Comment 2 2020-06-12 19:40:26 PDT
Created attachment 401820 [details] Patch v1
Darin Adler
Comment 3 2020-06-13 13:49:33 PDT
Comment on attachment 401820 [details] Patch v1 View in context: https://bugs.webkit.org/attachment.cgi?id=401820&action=review > Source/WebKit/Shared/API/Cocoa/WKRemoteObjectCoder.mm:642 > + ASSERT_UNUSED(result, result); Wait, shouldn’t this be raising an exception instead of ignoring it, if the value returned is false?
David Kilzer (:ddkilzer)
Comment 4 2020-06-14 16:20:20 PDT
Comment on attachment 401820 [details] Patch v1 View in context: https://bugs.webkit.org/attachment.cgi?id=401820&action=review >> Source/WebKit/Shared/API/Cocoa/WKRemoteObjectCoder.mm:642 >> + ASSERT_UNUSED(result, result); > > Wait, shouldn’t this be raising an exception instead of ignoring it, if the value returned is false? The -validateClassSupportsSecureCoding: method currently throws an NSException before returning NO, but that behavior is configurable, so yes, WebKit should also throw just in case that gets turned off unexpectedly.
David Kilzer (:ddkilzer)
Comment 5 2020-06-14 16:20:51 PDT
Created attachment 401875 [details] Patch v2
EWS
Comment 6 2020-06-14 17:58:47 PDT
Committed r263016: <https://trac.webkit.org/changeset/263016> All reviewed patches have been landed. Closing bug and clearing flags on attachment 401875 [details].
Note You need to log in before you can comment on or make changes to this bug.