Validate ItemHandles when decoding them in GPUProcess
Created attachment 417832 [details] Patch
<rdar://problem/72931549>
Created attachment 417837 [details] Patch
Created attachment 417865 [details] Patch
Comment on attachment 417865 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=417865&action=review > Source/WebCore/platform/graphics/displaylists/DisplayListItemBuffer.cpp:543 > +template<typename, typename = void> inline constexpr bool HasIsValid = false; > +template<typename T> inline constexpr bool HasIsValid<T, std::void_t<decltype(std::declval<T>().isValid())>> = true; This is a really neat trick! > Source/WebCore/platform/graphics/displaylists/DisplayListItemBuffer.cpp:559 > +bool ItemHandle::decodeInto(ItemHandle destination) const Nit - I think the notion of "copying" is more accurate here than "decoding" (the latter of which sounds like it would involve marshaling of data to and from buffers, à la IPC encoding/decoding). Perhaps "createValidCopy" or "copyWithValidation"?
Created attachment 418117 [details] Patch
Thanks for the review. > > Source/WebCore/platform/graphics/displaylists/DisplayListItemBuffer.cpp:559 > > +bool ItemHandle::decodeInto(ItemHandle destination) const > > Nit - I think the notion of "copying" is more accurate here than "decoding" > (the latter of which sounds like it would involve marshaling of data to and > from buffers, à la IPC encoding/decoding). Perhaps "createValidCopy" or > "copyWithValidation"? I changed to safeCopy
Committed r271741: <https://trac.webkit.org/changeset/271741> All reviewed patches have been landed. Closing bug and clearing flags on attachment 418117 [details].