Bug 227247

Summary: [Cocoa] Force a copy of font data when receiving it from the untrusted web process
Product: WebKit Reporter: Myles C. Maxfield <mmaxfield>
Component: New BugsAssignee: Myles C. Maxfield <mmaxfield>
Status: RESOLVED FIXED    
Severity: Normal CC: dino, jonlee, mjs, simon.fraser, thorton, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Myles C. Maxfield
Reported 2021-06-21 20:53:55 PDT
[Cocoa] Force a copy of font data when receiving it from the untrusted web process
Attachments
Patch (3.15 KB, patch)
2021-06-21 20:57 PDT, Myles C. Maxfield 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Myles C. Maxfield
Comment 1 2021-06-21 20:57:32 PDT
Created attachment 431943 [details] Patch
Myles C. Maxfield
Comment 2 2021-06-21 20:58:20 PDT
<rdar://problem/70825675>
Maciej Stachowiak
Comment 3 2021-06-21 21:30:25 PDT
Comment on attachment 431943 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=431943&action=review r=me, but see comment regarding testing. > Source/WebKit/ChangeLog:14 > + No new tests because there is no behavior change. There's no behavior change if all goes well, but there is a behavior change in the case of a compromised WebContent process. It should be possible to add some kind of internal interface that makes WebCore send over font data and then scribble over it with random timing, which would hopefully eventually crash without this patch, and then show with this patch it doesn't crash. I don't know how practical that is though.
EWS
Comment 4 2021-06-22 00:42:15 PDT
Committed r279106 (239023@main): <https://commits.webkit.org/239023@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 431943 [details].
Note You need to log in before you can comment on or make changes to this bug.