RESOLVED FIXED Bug 208012
[Cocoa] Limit set of classes that can be decoded when a preference has changed 
https://bugs.webkit.org/show_bug.cgi?id=208012
Summary [Cocoa] Limit set of classes that can be decoded when a preference has changed
Per Arne Vollan
Reported 2020-02-20 10:00:50 PST
As a hardening measure, limit the set of ObjectiveC classes that can be decoded in the WebContent process as a result of a preference change.
Attachments
Patch (7.31 KB, patch)
2020-02-20 10:05 PST, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (7.34 KB, patch)
2020-02-28 13:24 PST, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (7.31 KB, patch)
2020-03-09 12:31 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (7.37 KB, patch)
2020-03-13 07:13 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (7.36 KB, patch)
2020-03-13 09:44 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2020-02-20 10:01:16 PST
<rdar://problem/59633032>
Per Arne Vollan
Comment 2 2020-02-20 10:05:00 PST
Created attachment 391299 [details] Patch
Brent Fulgham
Comment 3 2020-02-26 13:15:27 PST
Comment on attachment 391299 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=391299&action=review I think this looks good, but marking r- because I think this introduces a leak. > Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:945 > + auto classes = [NSSet setWithArray:@[[NSString class], [NSNumber class], [NSDate class], [NSDictionary class], [NSArray class], [NSData class]]]; We should consider making this a static thing that doesn't have to get reconstructed every time there is a preference change. > Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:946 > + id object = [NSKeyedUnarchiver unarchivedObjectOfClasses:classes fromData:encodedData.get() error:&err]; Don't we still need to retain the unarchived object returned by this method? Either we were over-releasing previously, or you've introduced a leak here.
Per Arne Vollan
Comment 4 2020-02-28 13:24:42 PST
Created attachment 392013 [details] Patch
Per Arne Vollan
Comment 5 2020-02-28 13:28:01 PST
(In reply to Brent Fulgham from comment #3) > Comment on attachment 391299 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=391299&action=review > > I think this looks good, but marking r- because I think this introduces a > leak. > > > Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:945 > > + auto classes = [NSSet setWithArray:@[[NSString class], [NSNumber class], [NSDate class], [NSDictionary class], [NSArray class], [NSData class]]]; > > We should consider making this a static thing that doesn't have to get > reconstructed every time there is a preference change. > Fixed. > > Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:946 > > + id object = [NSKeyedUnarchiver unarchivedObjectOfClasses:classes fromData:encodedData.get() error:&err]; > > Don't we still need to retain the unarchived object returned by this method? > Either we were over-releasing previously, or you've introduced a leak here. I could be wrong, but I believe this patch does not change the retain count of the object after returning from the method, since the RetainPtr variable was local. Thanks for reviewing!
Per Arne Vollan
Comment 6 2020-03-09 12:31:04 PDT
Created attachment 393062 [details] Patch
Per Arne Vollan
Comment 7 2020-03-13 07:13:42 PDT
Created attachment 393478 [details] Patch
Per Arne Vollan
Comment 8 2020-03-13 09:44:33 PDT
Created attachment 393491 [details] Patch
Per Arne Vollan
Comment 9 2020-03-13 10:15:28 PDT
(In reply to Brent Fulgham from comment #3) > Comment on attachment 391299 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=391299&action=review > > I think this looks good, but marking r- because I think this introduces a > leak. > > > Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:945 > > + auto classes = [NSSet setWithArray:@[[NSString class], [NSNumber class], [NSDate class], [NSDictionary class], [NSArray class], [NSData class]]]; > > We should consider making this a static thing that doesn't have to get > reconstructed every time there is a preference change. > For some reason, making this static introduced a crash, so I went back to declaring it as a stack allocated variable. > > Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:946 > > + id object = [NSKeyedUnarchiver unarchivedObjectOfClasses:classes fromData:encodedData.get() error:&err]; > > Don't we still need to retain the unarchived object returned by this method? > Either we were over-releasing previously, or you've introduced a leak here.
Brent Fulgham
Comment 10 2020-03-14 16:34:11 PDT
Comment on attachment 393491 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=393491&action=review r=me > Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:915 > + id object = [NSKeyedUnarchiver unarchivedObjectOfClasses:classes fromData:encodedData.get() error:&err]; Oh, excellent. Thank you for cleaning this one up.
Per Arne Vollan
Comment 11 2020-03-16 07:36:06 PDT
Comment on attachment 393491 [details] Patch Thanks for reviewing!
WebKit Commit Bot
Comment 12 2020-03-16 08:19:57 PDT
Comment on attachment 393491 [details] Patch Clearing flags on attachment: 393491 Committed r258495: <https://trac.webkit.org/changeset/258495>
WebKit Commit Bot
Comment 13 2020-03-16 08:19:59 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.