WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
170700
Restrict WebKit image formats to a known whitelist
https://bugs.webkit.org/show_bug.cgi?id=170700
Summary
Restrict WebKit image formats to a known whitelist
Said Abou-Hallawa
Reported
2017-04-10 15:24:11 PDT
Instead of allowing any image format to be loaded, decoded and drawn, WebKit is going to restrict its image formats to a known whitelist. We are going to start by using the list of image formats which CGImageSourceCopyTypeIdentifiers() return.
Attachments
Patch for EWS
(65.71 KB, patch)
2017-04-21 22:16 PDT
,
Said Abou-Hallawa
no flags
Details
Formatted Diff
Diff
Patch for review
(3.15 KB, patch)
2017-04-21 22:18 PDT
,
Said Abou-Hallawa
no flags
Details
Formatted Diff
Diff
Archive of layout-test-results from ews103 for mac-elcapitan
(686.97 KB, application/zip)
2017-04-21 23:10 PDT
,
Build Bot
no flags
Details
Archive of layout-test-results from ews104 for mac-elcapitan-wk2
(667.58 KB, application/zip)
2017-04-21 23:12 PDT
,
Build Bot
no flags
Details
Archive of layout-test-results from ews117 for mac-elcapitan
(707.51 KB, application/zip)
2017-04-21 23:16 PDT
,
Build Bot
no flags
Details
Archive of layout-test-results from ews122 for ios-simulator-wk2
(9.58 MB, application/zip)
2017-04-21 23:24 PDT
,
Build Bot
no flags
Details
Patch for EWS
(67.40 KB, patch)
2017-04-22 01:04 PDT
,
Said Abou-Hallawa
no flags
Details
Formatted Diff
Diff
Patch for review
(3.42 KB, patch)
2017-04-23 16:32 PDT
,
Said Abou-Hallawa
no flags
Details
Formatted Diff
Diff
Patch
(17.68 KB, patch)
2017-04-25 12:02 PDT
,
Said Abou-Hallawa
no flags
Details
Formatted Diff
Diff
Patch
(29.48 KB, patch)
2017-04-25 14:04 PDT
,
Said Abou-Hallawa
no flags
Details
Formatted Diff
Diff
Patch
(29.48 KB, patch)
2017-04-25 14:05 PDT
,
Said Abou-Hallawa
no flags
Details
Formatted Diff
Diff
Patch
(16.35 KB, patch)
2017-04-26 12:10 PDT
,
Said Abou-Hallawa
no flags
Details
Formatted Diff
Diff
Show Obsolete
(11)
View All
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2017-04-10 15:26:02 PDT
<
rdar://problem/31543425
>
Said Abou-Hallawa
Comment 2
2017-04-21 22:16:46 PDT
Created
attachment 307883
[details]
Patch for EWS
Said Abou-Hallawa
Comment 3
2017-04-21 22:18:36 PDT
Created
attachment 307885
[details]
Patch for review
Build Bot
Comment 4
2017-04-21 23:10:49 PDT
Comment on
attachment 307883
[details]
Patch for EWS
Attachment 307883
[details]
did not pass mac-ews (mac): Output:
http://webkit-queues.webkit.org/results/3582463
Number of test failures exceeded the failure limit.
Build Bot
Comment 5
2017-04-21 23:10:51 PDT
Created
attachment 307890
[details]
Archive of layout-test-results from ews103 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Build Bot
Comment 6
2017-04-21 23:12:49 PDT
Comment on
attachment 307883
[details]
Patch for EWS
Attachment 307883
[details]
did not pass mac-wk2-ews (mac-wk2): Output:
http://webkit-queues.webkit.org/results/3582467
Number of test failures exceeded the failure limit.
Build Bot
Comment 7
2017-04-21 23:12:50 PDT
Created
attachment 307891
[details]
Archive of layout-test-results from ews104 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews104 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6
Build Bot
Comment 8
2017-04-21 23:16:13 PDT
Comment on
attachment 307883
[details]
Patch for EWS
Attachment 307883
[details]
did not pass mac-debug-ews (mac): Output:
http://webkit-queues.webkit.org/results/3582454
Number of test failures exceeded the failure limit.
Build Bot
Comment 9
2017-04-21 23:16:14 PDT
Created
attachment 307892
[details]
Archive of layout-test-results from ews117 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews117 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Build Bot
Comment 10
2017-04-21 23:23:59 PDT
Comment on
attachment 307883
[details]
Patch for EWS
Attachment 307883
[details]
did not pass ios-sim-ews (ios-simulator-wk2): Output:
http://webkit-queues.webkit.org/results/3582377
Number of test failures exceeded the failure limit.
Build Bot
Comment 11
2017-04-21 23:24:01 PDT
Created
attachment 307894
[details]
Archive of layout-test-results from ews122 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews122 Port: ios-simulator-wk2 Platform: Mac OS X 10.11.6
Said Abou-Hallawa
Comment 12
2017-04-22 01:04:03 PDT
Created
attachment 307900
[details]
Patch for EWS
Ryosuke Niwa
Comment 13
2017-04-22 01:11:48 PDT
Comment on
attachment 307900
[details]
Patch for EWS View in context:
https://bugs.webkit.org/attachment.cgi?id=307900&action=review
> Source/WebCore/ChangeLog:16 > +2017-04-21 Said Abou-Hallawa <
sabouhallawa@apple.com
>
You have three change log entries in your patch.
Ryosuke Niwa
Comment 14
2017-04-22 01:13:38 PDT
Comment on
attachment 307900
[details]
Patch for EWS View in context:
https://bugs.webkit.org/attachment.cgi?id=307900&action=review
> Source/WebCore/platform/graphics/cg/UTIRegistry.cpp:49 > + // CG at least supports the following standard image types: > + static NeverDestroyed<HashSet<String>> s_allowedImageUTIs = std::initializer_list<String> {
We should make sure we're adverting and only advertising these image types in HTTP's accept header.
Said Abou-Hallawa
Comment 15
2017-04-23 16:29:35 PDT
(In reply to Ryosuke Niwa from
comment #14
)
> Comment on
attachment 307900
[details]
> Patch > > View in context: >
https://bugs.webkit.org/attachment.cgi?id=307900&action=review
> > > Source/WebCore/platform/graphics/cg/UTIRegistry.cpp:49 > > + // CG at least supports the following standard image types: > > + static NeverDestroyed<HashSet<String>> s_allowedImageUTIs = std::initializer_list<String> { > > We should make sure we're adverting and only advertising these image types > in HTTP's accept header.
In the function acceptHeaderValueFromType() and for the case CachedResource::Type::ImageResource, we return: ASCIILiteral("image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5"). Including "image/*" in the accept header will match image/png, image/svg, image/gif and any other image types. I can change this string to include the MIME types of the supported image formats only. The only problem is UTTypeCopyPreferredTagWithClass() does not return a valid MIME type for: "com.microsoft.cur" and "public.mpo-image".
Said Abou-Hallawa
Comment 16
2017-04-23 16:32:43 PDT
Created
attachment 307945
[details]
Patch for review
Said Abou-Hallawa
Comment 17
2017-04-23 17:21:30 PDT
Comment on
attachment 307900
[details]
Patch for EWS View in context:
https://bugs.webkit.org/attachment.cgi?id=307900&action=review
>> Source/WebCore/ChangeLog:16 >> +2017-04-21 Said Abou-Hallawa <
sabouhallawa@apple.com
> > > You have three change log entries in your patch.
This patch is not for review. It is for EWS only. It includes the patches of the bugs
https://bugs.webkit.org/show_bug.cgi?id=171042
https://bugs.webkit.org/show_bug.cgi?id=171077
https://bugs.webkit.org/show_bug.cgi?id=170700
I combined all of them to be able to verify the EWS will pass if the first two patches get landed. I attached a smaller patch for review which is the difference between this patch and the combination of the first two patches.
Tim Horton
Comment 18
2017-04-24 16:04:59 PDT
Comment on
attachment 307945
[details]
Patch for review View in context:
https://bugs.webkit.org/attachment.cgi?id=307945&action=review
> Source/WebCore/loader/cache/CachedImage.cpp:394 > +EncodedDataStatus CachedImage::setImageIncrementalDataBuffer(SharedBuffer& data, bool allDataReceived)
it's not incremental if allDataReceived is true. Maybe a different name?
Said Abou-Hallawa
Comment 19
2017-04-25 12:02:42 PDT
Created
attachment 308125
[details]
Patch
Said Abou-Hallawa
Comment 20
2017-04-25 14:04:10 PDT
Created
attachment 308140
[details]
Patch
Said Abou-Hallawa
Comment 21
2017-04-25 14:05:41 PDT
Created
attachment 308141
[details]
Patch
WebKit Commit Bot
Comment 22
2017-04-25 15:24:00 PDT
Comment on
attachment 308141
[details]
Patch Clearing flags on attachment: 308141 Committed
r215767
: <
http://trac.webkit.org/changeset/215767
>
WebKit Commit Bot
Comment 23
2017-04-25 15:24:02 PDT
All reviewed patches have been landed. Closing bug.
Ryan Haddad
Comment 24
2017-04-26 09:04:41 PDT
The LayoutTest for this change is a flaky failure on the bots:
https://build.webkit.org/results/Apple%20Sierra%20Debug%20WK1%20(Tests)/r215798%20(793)/results.html
The test also crashes when run under GuardMalloc / ASan.
Ryan Haddad
Comment 25
2017-04-26 09:13:07 PDT
Reverted
r215767
for reason: The LayoutTest for this change is a flaky failure. Committed
r215803
: <
http://trac.webkit.org/changeset/215803
>
Said Abou-Hallawa
Comment 26
2017-04-26 09:34:29 PDT
(In reply to Ryan Haddad from
comment #25
)
> Reverted
r215767
for reason: > > The LayoutTest for this change is a flaky failure. > > Committed
r215803
: <
http://trac.webkit.org/changeset/215803
>
The test has four images. The order of receiving onload or onerror for these images might be different on EWS from the order I got on my machine. Sorting the output messages or making setting their src attributes sequential should fix the flakness issue.
Said Abou-Hallawa
Comment 27
2017-04-26 12:10:33 PDT
Created
attachment 308272
[details]
Patch
WebKit Commit Bot
Comment 28
2017-04-26 13:35:11 PDT
Comment on
attachment 308272
[details]
Patch Clearing flags on attachment: 308272 Committed
r215829
: <
http://trac.webkit.org/changeset/215829
>
WebKit Commit Bot
Comment 29
2017-04-26 13:35:13 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug