Bug 309064

Summary:	Do some security hardening after 308536@main
Product:	WebKit	Reporter:	Chris Dumez <cdumez>
Component:	WebKit2	Assignee:	Chris Dumez <cdumez>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	kkinnunen, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Chris Dumez

Reported 2026-03-03 05:06:53 PST

Do some security hardening after 308536@main. Create a copy of the SharedMemory data on the recipient side before we attempt to decode it, to guard against TOCTOU bugs. This is performance sensitive anyway as this IPC logic is only a fallback when hitting a MACH_SEND_TOO_LARGE when sending.

Attachments
Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2026-03-03 05:09:34 PST

Pull request: https://github.com/WebKit/WebKit/pull/59796

EWS

Comment 2 2026-03-03 15:34:52 PST

Committed 308585@main (b55fd4fb1945): <https://commits.webkit.org/308585@main> Reviewed commits have been landed. Closing PR #59796 and removing active labels.

Radar WebKit Bug Importer

Comment 3 2026-03-03 15:35:12 PST

<rdar://problem/171667235>

EWS

Comment 4 2026-03-03 19:54:12 PST

Committed 305413.394@safari-7624-branch (d5dc50e167de): <https://commits.webkit.org/305413.394@safari-7624-branch> Reviewed commits have been landed. Closing PR #4607 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.