Bug 229121

Summary: -[WebView initWithCoder:] should use -[NSCoder decodeValueOfObjCType:at:size:]
Product: WebKit Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: WebKit Misc.Assignee: David Kilzer (:ddkilzer) <ddkilzer>
Status: RESOLVED FIXED    
Severity: Normal CC: andersca, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=210621
Attachments:
Description Flags
Patch v1 none

Description David Kilzer (:ddkilzer) 2021-08-15 08:38:08 PDT 
-[WebView initWithCoder:] should use -[NSCoder decodeValueOfObjCType:at:size:].

Found by clang static analyzer:

Deprecated method '-decodeValueOfObjCType:at:' is insecure as it can lead to potential buffer overflows. Use the safer '-decodeValueOfObjCType:at:size:' method
Comment 1 Radar WebKit Bug Importer 2021-08-15 08:39:28 PDT 
<rdar://problem/81956163>
Comment 2 David Kilzer (:ddkilzer) 2021-08-15 08:40:41 PDT 
Created attachment 435565 [details]
Patch v1
Comment 3 EWS 2021-08-16 07:45:19 PDT 
Committed r281081 (240541@main): <https://commits.webkit.org/240541@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 435565 [details].