210621 – -[WebPreferences initWithCoder:] should use -[NSCoder decodeValueOfObjCType:at:size:]

RESOLVED FIXED 210621

-[WebPreferences initWithCoder:] should use -[NSCoder decodeValueOfObjCType:at:size:]

https://bugs.webkit.org/show_bug.cgi?id=210621

Summary -[WebPreferences initWithCoder:] should use -[NSCoder decodeValueOfObjCType:a...

David Kilzer (:ddkilzer)

Reported 2020-04-16 15:14:33 PDT

-[WebPreferences initWithCoder:] should use -[NSCoder decodeValueOfObjCType:at:size:]. Found by clang static analyzer: Deprecated method '-decodeValueOfObjCType:at:' is insecure as it can lead to potential buffer overflows. Use the safer '-decodeValueOfObjCType:at:size:' method

Attachments
Patch v1 (1.61 KB, patch) 2020-04-16 15:19 PDT, David Kilzer (:ddkilzer)	no flags	Details Formatted Diff Diff
Patch v1 (1.61 KB, patch) 2020-04-16 15:20 PDT, David Kilzer (:ddkilzer)	no flags	Details Formatted Diff Diff
Patch v1 third time (1.61 KB, patch) 2020-04-16 16:45 PDT, David Kilzer (:ddkilzer)	no flags	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2020-04-16 15:14:45 PDT

<rdar://problem/61906458>

David Kilzer (:ddkilzer)

Comment 2 2020-04-16 15:19:46 PDT

Created attachment 396705 [details] Patch v1

David Kilzer (:ddkilzer)

Comment 3 2020-04-16 15:20:18 PDT

Created attachment 396706 [details] Patch v1

David Kilzer (:ddkilzer)

Comment 4 2020-04-16 15:21:37 PDT

(In reply to David Kilzer (:ddkilzer) from comment #3) > Created attachment 396706 [details] > Patch v1 Tired. Uploaded the same patch twice.

David Kilzer (:ddkilzer)

Comment 5 2020-04-16 16:45:56 PDT

Created attachment 396722 [details] Patch v1 third time Sigh. EWS bots won't let me rebuild an obsoleted patch, even if I un-obsolete it.

David Kilzer (:ddkilzer)

Comment 6 2020-04-17 16:55:27 PDT

Patch is ready for review.

EWS

Comment 7 2020-04-18 09:33:08 PDT

Committed r260315: <https://trac.webkit.org/changeset/260315> All reviewed patches have been landed. Closing bug and clearing flags on attachment 396722 [details].

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product Security

Component Security

Assignee

David Kilzer (:ddkilzer)

Reported

2020-04-16 15:14 PDT

Modified

2021-08-15 08:38 PDT History

CC List

6 users Show

URL

Keywords InRadar

Depends on

Blocks