Bug 227247

Summary: [Cocoa] Force a copy of font data when receiving it from the untrusted web process
Product: WebKit Reporter: Myles C. Maxfield <mmaxfield>
Component: New BugsAssignee: Myles C. Maxfield <mmaxfield>
Status: RESOLVED FIXED    
Severity: Normal CC: dino, jonlee, mjs, simon.fraser, thorton, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Myles C. Maxfield 2021-06-21 20:53:55 PDT 
[Cocoa] Force a copy of font data when receiving it from the untrusted web process
Comment 1 Myles C. Maxfield 2021-06-21 20:57:32 PDT 
Created attachment 431943 [details]
Patch
Comment 2 Myles C. Maxfield 2021-06-21 20:58:20 PDT 
<rdar://problem/70825675>
Comment 3 Maciej Stachowiak 2021-06-21 21:30:25 PDT 
Comment on attachment 431943 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=431943&action=review

r=me, but see comment regarding testing.

> Source/WebKit/ChangeLog:14
> +        No new tests because there is no behavior change.

There's no behavior change if all goes well, but there is a behavior change in the case of a compromised WebContent process. It should be possible to add some kind of internal interface that makes WebCore send over font data and then scribble over it with random timing, which would hopefully eventually crash without this patch, and then show with this patch it doesn't crash. I don't know how practical that is though.
Comment 4 EWS 2021-06-22 00:42:15 PDT 
Committed r279106 (239023@main): <https://commits.webkit.org/239023@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 431943 [details].