WKAttachmentTests.CopyAndPasteBetweenWebViews, the API test added with <https://trac.webkit.org/changeset/237624/webkit>, fails on macOS 10.13. It works on macOS 10.12 because USE_SECURE_ARCHIVER_API is 0, so we simply archive the NSFileWrapper; and it works on macOS 10.14 because USE_SECURE_ARCHIVER_API is 1, but NSFileWrapper is secure-coding-compliant. On macOS 10.13, we try to use the secure archiver despite NSFileWrapper not supporting it.
I think we can address this by only requiring secure archival on macOS 10.14+ and iOS 12+
<rdar://problem/45700410>
Created attachment 353495 [details] Speculative fix
Comment on attachment 353495 [details] Speculative fix View in context: https://bugs.webkit.org/attachment.cgi?id=353495&action=review > Source/WebKit/ChangeLog:13 > + To fix this, we only use the secure archiver on ⥠macOS 10.14 and ⥠iOS 12. (Bugzilla garbled ≥ into â¥)
Created attachment 353498 [details] Speculative fix
Created attachment 353499 [details] Patch
Comment on attachment 353499 [details] Patch Clearing flags on attachment: 353499 Committed r237648: <https://trac.webkit.org/changeset/237648>
All reviewed patches have been landed. Closing bug.
Unfortunately, it appears that this did not work: <https://build.webkit.org/builders/Apple%20High%20Sierra%20Release%20WK2%20(Tests)/builds/7545/steps/run-api-tests/logs/stdio>. Continuing to investigate...
Created attachment 353563 [details] Patch
Comment on attachment 353563 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=353563&action=review > Source/WebKit/ChangeLog:9 > + Followup to r237648: also make sure that we unsecurely unarchive NSFileWrapper on platforms that don't support typo: unsecurely > Source/WebKit/UIProcess/API/Cocoa/APIAttachmentCocoa.mm:161 > + NSFileWrapper *fileWrapper = insecurelyUnarchiveObjectFromData(serializedData.get()); Isn't this insecure? :)
Comment on attachment 353563 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=353563&action=review >> Source/WebKit/ChangeLog:9 >> + Followup to r237648: also make sure that we unsecurely unarchive NSFileWrapper on platforms that don't support > > typo: unsecurely Oops! Fixed.
Comment on attachment 353563 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=353563&action=review >> Source/WebKit/UIProcess/API/Cocoa/APIAttachmentCocoa.mm:161 >> + NSFileWrapper *fileWrapper = insecurelyUnarchiveObjectFromData(serializedData.get()); > > Isn't this insecure? :) ...that's a good point, I think this additionally warrants a check that [fileWrapper isKindOfClass:NSFileWrapper.class]
Created attachment 353568 [details] Patch for landing
Comment on attachment 353568 [details] Patch for landing Clearing flags on attachment: 353568 Committed r237667: <https://trac.webkit.org/changeset/237667>
Comment on attachment 353563 [details] Patch Attachment 353563 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/9805037 New failing tests: http/wpt/mediarecorder/MediaRecorder-mock-dataavailable.html
Created attachment 353573 [details] Archive of layout-test-results from ews121 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews121 Port: ios-simulator-wk2 Platform: Mac OS X 10.13.6