189840 – Should we really CRASH() in ChildProcess::didReceiveInvalidMessage?

RESOLVED INVALID 189840

Should we really CRASH() in ChildProcess::didReceiveInvalidMessage?

https://bugs.webkit.org/show_bug.cgi?id=189840

Summary Should we really CRASH() in ChildProcess::didReceiveInvalidMessage?

Michael Catanzaro

Reported 2018-09-21 09:31:18 PDT

Both the cross-platform and Cocoa-specific implementations of ChildProcess::didReceiveInvalidMessage call CRASH(). So any invalid message sent from a child process will crash the parent process. But the WK2 security model assumes the child process is compromised. Surely a malicious child process should not be able to DOS the UI process just by sending an invalid message. I think CRASH() would only be appropriate if running a debug build.

Attachments
Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2018-09-22 15:14:00 PDT

Could you clarify the scenario that you have in mind? ChildProcess::didReceiveInvalidMessage is code that runs in child processes, so it doesn't crash the UI process.

Michael Catanzaro

Comment 2 2018-09-22 20:13:59 PDT

Ummm yeah, you are right of course. I must have been thinking it was ChildProcessProxy... but I was even looking at a NetworkProcess crash at the time... I guess my brain was turned off when I reported this. Closing.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution INVALID

Priority P2

Severity Normal

Classification Unclassified

Version Other

Hardware PC

OS Linux

Product WebKit

Component WebKit2

Assignee

Nobody

Reported

2018-09-21 09:31 PDT

Modified

2018-09-22 20:13 PDT History

CC List

2 users Show

URL

Keywords

Depends on

Blocks