Bug 227247 - [Cocoa] Force a copy of font data when receiving it from the untrusted web process
Summary: [Cocoa] Force a copy of font data when receiving it from the untrusted web pr...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Myles C. Maxfield
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-06-21 20:53 PDT by Myles C. Maxfield
Modified: 2021-06-22 00:42 PDT (History)
6 users (show)

See Also:

Attachments
Patch (3.15 KB, patch)
2021-06-21 20:57 PDT, Myles C. Maxfield 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Myles C. Maxfield 2021-06-21 20:53:55 PDT 
[Cocoa] Force a copy of font data when receiving it from the untrusted web process
Comment 1 Myles C. Maxfield 2021-06-21 20:57:32 PDT 
Created attachment 431943 [details]
Patch
Comment 2 Myles C. Maxfield 2021-06-21 20:58:20 PDT 
<rdar://problem/70825675>
Comment 3 Maciej Stachowiak 2021-06-21 21:30:25 PDT 
Comment on attachment 431943 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=431943&action=review

r=me, but see comment regarding testing.

> Source/WebKit/ChangeLog:14
> +        No new tests because there is no behavior change.

There's no behavior change if all goes well, but there is a behavior change in the case of a compromised WebContent process. It should be possible to add some kind of internal interface that makes WebCore send over font data and then scribble over it with random timing, which would hopefully eventually crash without this patch, and then show with this patch it doesn't crash. I don't know how practical that is though.
Comment 4 EWS 2021-06-22 00:42:15 PDT 
Committed r279106 (239023@main): <https://commits.webkit.org/239023@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 431943 [details].