Bug 213161 - [IPC hardening] Return type of -[NSCoder validateClassSupportsSecureCoding:] is incorrect
Summary: [IPC hardening] Return type of -[NSCoder validateClassSupportsSecureCoding:] ...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: Other
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: David Kilzer (:ddkilzer)
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-06-12 19:35 PDT by David Kilzer (:ddkilzer)
Modified: 2020-06-14 17:58 PDT (History)
4 users (show)

See Also:

Attachments
Patch v1 (2.02 KB, patch)
2020-06-12 19:40 PDT, David Kilzer (:ddkilzer) 		no flags Details | Formatted Diff | Diff
Patch v2 (2.25 KB, patch)
2020-06-14 16:20 PDT, David Kilzer (:ddkilzer) 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David Kilzer (:ddkilzer) 2020-06-12 19:35:53 PDT 
Return type of -[NSCoder validateClassSupportsSecureCoding:] is incorrect.

It's currently defined as void, but should be BOOL.
Comment 1 David Kilzer (:ddkilzer) 2020-06-12 19:36:03 PDT 
<rdar://problem/64050085>
Comment 2 David Kilzer (:ddkilzer) 2020-06-12 19:40:26 PDT 
Created attachment 401820 [details]
Patch v1
Comment 3 Darin Adler 2020-06-13 13:49:33 PDT 
Comment on attachment 401820 [details]
Patch v1

View in context: https://bugs.webkit.org/attachment.cgi?id=401820&action=review

> Source/WebKit/Shared/API/Cocoa/WKRemoteObjectCoder.mm:642
> +    ASSERT_UNUSED(result, result);

Wait, shouldn’t this be raising an exception instead of ignoring it, if the value returned is false?
Comment 4 David Kilzer (:ddkilzer) 2020-06-14 16:20:20 PDT 
Comment on attachment 401820 [details]
Patch v1

View in context: https://bugs.webkit.org/attachment.cgi?id=401820&action=review

>> Source/WebKit/Shared/API/Cocoa/WKRemoteObjectCoder.mm:642
>> +    ASSERT_UNUSED(result, result);
> 
> Wait, shouldn’t this be raising an exception instead of ignoring it, if the value returned is false?

The -validateClassSupportsSecureCoding: method currently throws an NSException before returning NO, but that behavior is configurable, so yes, WebKit should also throw just in case that gets turned off unexpectedly.
Comment 5 David Kilzer (:ddkilzer) 2020-06-14 16:20:51 PDT 
Created attachment 401875 [details]
Patch v2
Comment 6 EWS 2020-06-14 17:58:47 PDT 
Committed r263016: <https://trac.webkit.org/changeset/263016>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 401875 [details].