194186 – LocalAuthenticator::getAssertion attempts to put an NSData into a string using %s

RESOLVED FIXED Bug 194186

LocalAuthenticator::getAssertion attempts to put an NSData into a string using %s

https://bugs.webkit.org/show_bug.cgi?id=194186

Summary LocalAuthenticator::getAssertion attempts to put an NSData into a string usin...

Darin Adler

Reported 2019-02-01 20:00:20 PST

When converting code to remove uses of String::format, I noticed this misuse: m_connection->getUserConsent( String::format("Log into %s with %s.", requestData().requestOptions.rpId.utf8().data(), selectedCredentialAttributes[(id)kSecAttrApplicationTag]), (__bridge SecAccessControlRef)selectedCredentialAttributes[(id)kSecAttrAccessControl], WTFMove(callback)); selectedCredentialAttributes[(id)kSecAttrApplicationTag] returns an NSData *, which can't be usefully formatted with %s.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2019-02-04 08:59:34 PST

<rdar://problem/47787251>

Darin Adler

Comment 2 2019-02-25 09:44:08 PST

I fixed this in r242014 <https://trac.webkit.org/changeset/242014> but it’s untested.

Jiewen Tan

Comment 3 2019-02-25 12:22:24 PST

(In reply to Darin Adler from comment #2) > I fixed this in r242014 <https://trac.webkit.org/changeset/242014> but it’s > untested. Thanks, Darin. I will test it before closing the bug.

Jiewen Tan

Comment 4 2019-08-06 13:13:47 PDT

Verified fix by: Committed r248308: <https://trac.webkit.org/changeset/248308>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebCore Misc.

Assignee

Nobody

Reported

2019-02-01 20:00 PST

Modified

2019-08-06 13:13 PDT History

CC List

4 users Show

URL

Keywords InRadar

Depends on

Blocks

181943

Dependancies

tree graph