Bug 229121

Summary: -[WebView initWithCoder:] should use -[NSCoder decodeValueOfObjCType:at:size:]
Product: WebKit Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: WebKit Misc.Assignee: David Kilzer (:ddkilzer) <ddkilzer>
Status: RESOLVED FIXED    
Severity: Normal CC: andersca, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=210621
Attachments:
Description Flags
Patch v1 none

David Kilzer (:ddkilzer)
Reported 2021-08-15 08:38:08 PDT
-[WebView initWithCoder:] should use -[NSCoder decodeValueOfObjCType:at:size:]. Found by clang static analyzer: Deprecated method '-decodeValueOfObjCType:at:' is insecure as it can lead to potential buffer overflows. Use the safer '-decodeValueOfObjCType:at:size:' method
Attachments
Patch v1 (1.60 KB, patch)
2021-08-15 08:40 PDT, David Kilzer (:ddkilzer) 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-08-15 08:39:28 PDT
<rdar://problem/81956163>
David Kilzer (:ddkilzer)
Comment 2 2021-08-15 08:40:41 PDT
Created attachment 435565 [details] Patch v1
EWS
Comment 3 2021-08-16 07:45:19 PDT
Committed r281081 (240541@main): <https://commits.webkit.org/240541@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 435565 [details].
Note You need to log in before you can comment on or make changes to this bug.