Bug 237100

Summary: Restrict supported image decoding types when in CaptivePortal mode
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit Misc.Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED INVALID    
Severity: Normal CC: bfulgham, cdumez, darin, sabouhallawa, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=237120
Attachments:
Description Flags
Patch
none
Patch darin: review+

Brent Fulgham
Reported 2022-02-23 11:53:53 PST
Adopt the CGImageSourceSetAllowableTypes SPI to prevent CoreGraphics from running image decoders for riskier image types.
Attachments
Patch (2.89 KB, patch)
2022-02-23 12:02 PST, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Patch (2.88 KB, patch)
2022-02-23 13:39 PST, Brent Fulgham 		darin: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2022-02-23 11:54:15 PST
<rdar://problem/89369518>
Brent Fulgham
Comment 2 2022-02-23 12:02:30 PST
Created attachment 453010 [details] Patch
Brent Fulgham
Comment 3 2022-02-23 13:39:22 PST
Created attachment 453023 [details] Patch
Darin Adler
Comment 4 2022-02-23 15:01:29 PST
Comment on attachment 453023 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=453023&action=review > Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:248 > +#if HAVE(CGIMAGESOURCE_WITH_SET_ALLOWABLE_TYPES) > +static NSArray *UTITypes() > +{ > + return @[@"public.jpeg", > + @"public.png", > + @"org.webmproject.webp", > + @"com.compuserve.gif", > + ]; > +} > +#endif Does not seem like we need a separate function for this. NSArray *types = @[ @"public.jpeg", @"public.png", @"org.webmproject.webp", @"com.compuserve.gif", ]; auto status = CGImageSourceSetAllowableTypes(bridge_cast(types)); Could even use auto or constexpr. > Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:255 > +#if HAVE(CGIMAGESOURCE_WITH_SET_ALLOWABLE_TYPES) I think we should format the #if differently. Strange to just check the boolean and then do nothing, so maybe we can put more of the function inside the #if, or put the #if at the call site too.
Brent Fulgham
Comment 6 2022-02-23 15:58:13 PST
See Bug 237120 for the actual issue.
Brent Fulgham
Comment 7 2022-02-23 16:22:18 PST
After reviewing this with the CoreGraphics/ImageIO team, we don't need to do this, as we have already adopted the necessary entitlements to limit decoders in Captive Portal mode. The cause of PDF images still appearing is a separate issue, which requires a different fix (see Bug 237120).
Note You need to log in before you can comment on or make changes to this bug.