RESOLVED FIXED 170700
Restrict WebKit image formats to a known whitelist 
https://bugs.webkit.org/show_bug.cgi?id=170700
Summary Restrict WebKit image formats to a known whitelist
Said Abou-Hallawa
Reported 2017-04-10 15:24:11 PDT
Instead of allowing any image format to be loaded, decoded and drawn, WebKit is going to restrict its image formats to a known whitelist. We are going to start by using the list of image formats which CGImageSourceCopyTypeIdentifiers() return.
Attachments
Patch for EWS (65.71 KB, patch)
2017-04-21 22:16 PDT, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
Patch for review (3.15 KB, patch)
2017-04-21 22:18 PDT, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews103 for mac-elcapitan (686.97 KB, application/zip)
2017-04-21 23:10 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews104 for mac-elcapitan-wk2 (667.58 KB, application/zip)
2017-04-21 23:12 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews117 for mac-elcapitan (707.51 KB, application/zip)
2017-04-21 23:16 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews122 for ios-simulator-wk2 (9.58 MB, application/zip)
2017-04-21 23:24 PDT, Build Bot 		no flags
Details
Patch for EWS (67.40 KB, patch)
2017-04-22 01:04 PDT, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
Patch for review (3.42 KB, patch)
2017-04-23 16:32 PDT, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
Patch (17.68 KB, patch)
2017-04-25 12:02 PDT, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
Patch (29.48 KB, patch)
2017-04-25 14:04 PDT, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
Patch (29.48 KB, patch)
2017-04-25 14:05 PDT, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
Patch (16.35 KB, patch)
2017-04-26 12:10 PDT, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
Show Obsolete (11) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2017-04-10 15:26:02 PDT
<rdar://problem/31543425>
Said Abou-Hallawa
Comment 2 2017-04-21 22:16:46 PDT
Created attachment 307883 [details] Patch for EWS
Said Abou-Hallawa
Comment 3 2017-04-21 22:18:36 PDT
Created attachment 307885 [details] Patch for review
Build Bot
Comment 4 2017-04-21 23:10:49 PDT
Comment on attachment 307883 [details] Patch for EWS Attachment 307883 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/3582463 Number of test failures exceeded the failure limit.
Build Bot
Comment 5 2017-04-21 23:10:51 PDT
Created attachment 307890 [details] Archive of layout-test-results from ews103 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Build Bot
Comment 6 2017-04-21 23:12:49 PDT
Comment on attachment 307883 [details] Patch for EWS Attachment 307883 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/3582467 Number of test failures exceeded the failure limit.
Build Bot
Comment 7 2017-04-21 23:12:50 PDT
Created attachment 307891 [details] Archive of layout-test-results from ews104 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews104 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6
Build Bot
Comment 8 2017-04-21 23:16:13 PDT
Comment on attachment 307883 [details] Patch for EWS Attachment 307883 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/3582454 Number of test failures exceeded the failure limit.
Build Bot
Comment 9 2017-04-21 23:16:14 PDT
Created attachment 307892 [details] Archive of layout-test-results from ews117 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews117 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Build Bot
Comment 10 2017-04-21 23:23:59 PDT
Comment on attachment 307883 [details] Patch for EWS Attachment 307883 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/3582377 Number of test failures exceeded the failure limit.
Build Bot
Comment 11 2017-04-21 23:24:01 PDT
Created attachment 307894 [details] Archive of layout-test-results from ews122 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews122 Port: ios-simulator-wk2 Platform: Mac OS X 10.11.6
Said Abou-Hallawa
Comment 12 2017-04-22 01:04:03 PDT
Created attachment 307900 [details] Patch for EWS
Ryosuke Niwa
Comment 13 2017-04-22 01:11:48 PDT
Comment on attachment 307900 [details] Patch for EWS View in context: https://bugs.webkit.org/attachment.cgi?id=307900&action=review > Source/WebCore/ChangeLog:16 > +2017-04-21 Said Abou-Hallawa <sabouhallawa@apple.com> You have three change log entries in your patch.
Ryosuke Niwa
Comment 14 2017-04-22 01:13:38 PDT
Comment on attachment 307900 [details] Patch for EWS View in context: https://bugs.webkit.org/attachment.cgi?id=307900&action=review > Source/WebCore/platform/graphics/cg/UTIRegistry.cpp:49 > + // CG at least supports the following standard image types: > + static NeverDestroyed<HashSet<String>> s_allowedImageUTIs = std::initializer_list<String> { We should make sure we're adverting and only advertising these image types in HTTP's accept header.
Said Abou-Hallawa
Comment 15 2017-04-23 16:29:35 PDT
(In reply to Ryosuke Niwa from comment #14) > Comment on attachment 307900 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=307900&action=review > > > Source/WebCore/platform/graphics/cg/UTIRegistry.cpp:49 > > + // CG at least supports the following standard image types: > > + static NeverDestroyed<HashSet<String>> s_allowedImageUTIs = std::initializer_list<String> { > > We should make sure we're adverting and only advertising these image types > in HTTP's accept header. In the function acceptHeaderValueFromType() and for the case CachedResource::Type::ImageResource, we return: ASCIILiteral("image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5"). Including "image/*" in the accept header will match image/png, image/svg, image/gif and any other image types. I can change this string to include the MIME types of the supported image formats only. The only problem is UTTypeCopyPreferredTagWithClass() does not return a valid MIME type for: "com.microsoft.cur" and "public.mpo-image".
Said Abou-Hallawa
Comment 16 2017-04-23 16:32:43 PDT
Created attachment 307945 [details] Patch for review
Said Abou-Hallawa
Comment 17 2017-04-23 17:21:30 PDT
Comment on attachment 307900 [details] Patch for EWS View in context: https://bugs.webkit.org/attachment.cgi?id=307900&action=review >> Source/WebCore/ChangeLog:16 >> +2017-04-21 Said Abou-Hallawa <sabouhallawa@apple.com> > > You have three change log entries in your patch. This patch is not for review. It is for EWS only. It includes the patches of the bugs https://bugs.webkit.org/show_bug.cgi?id=171042 https://bugs.webkit.org/show_bug.cgi?id=171077 https://bugs.webkit.org/show_bug.cgi?id=170700 I combined all of them to be able to verify the EWS will pass if the first two patches get landed. I attached a smaller patch for review which is the difference between this patch and the combination of the first two patches.
Tim Horton
Comment 18 2017-04-24 16:04:59 PDT
Comment on attachment 307945 [details] Patch for review View in context: https://bugs.webkit.org/attachment.cgi?id=307945&action=review > Source/WebCore/loader/cache/CachedImage.cpp:394 > +EncodedDataStatus CachedImage::setImageIncrementalDataBuffer(SharedBuffer& data, bool allDataReceived) it's not incremental if allDataReceived is true. Maybe a different name?
Said Abou-Hallawa
Comment 19 2017-04-25 12:02:42 PDT
Created attachment 308125 [details] Patch
Said Abou-Hallawa
Comment 20 2017-04-25 14:04:10 PDT
Created attachment 308140 [details] Patch
Said Abou-Hallawa
Comment 21 2017-04-25 14:05:41 PDT
Created attachment 308141 [details] Patch
WebKit Commit Bot
Comment 22 2017-04-25 15:24:00 PDT
Comment on attachment 308141 [details] Patch Clearing flags on attachment: 308141 Committed r215767: <http://trac.webkit.org/changeset/215767>
WebKit Commit Bot
Comment 23 2017-04-25 15:24:02 PDT
All reviewed patches have been landed. Closing bug.
Ryan Haddad
Comment 24 2017-04-26 09:04:41 PDT
The LayoutTest for this change is a flaky failure on the bots: https://build.webkit.org/results/Apple%20Sierra%20Debug%20WK1%20(Tests)/r215798%20(793)/results.html The test also crashes when run under GuardMalloc / ASan.
Ryan Haddad
Comment 25 2017-04-26 09:13:07 PDT
Reverted r215767 for reason: The LayoutTest for this change is a flaky failure. Committed r215803: <http://trac.webkit.org/changeset/215803>
Said Abou-Hallawa
Comment 26 2017-04-26 09:34:29 PDT
(In reply to Ryan Haddad from comment #25) > Reverted r215767 for reason: > > The LayoutTest for this change is a flaky failure. > > Committed r215803: <http://trac.webkit.org/changeset/215803> The test has four images. The order of receiving onload or onerror for these images might be different on EWS from the order I got on my machine. Sorting the output messages or making setting their src attributes sequential should fix the flakness issue.
Said Abou-Hallawa
Comment 27 2017-04-26 12:10:33 PDT
Created attachment 308272 [details] Patch
WebKit Commit Bot
Comment 28 2017-04-26 13:35:11 PDT
Comment on attachment 308272 [details] Patch Clearing flags on attachment: 308272 Committed r215829: <http://trac.webkit.org/changeset/215829>
WebKit Commit Bot
Comment 29 2017-04-26 13:35:13 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.