[Cocoa] Force a copy of font data when receiving it from the untrusted web process
Created attachment 431943 [details] Patch
<rdar://problem/70825675>
Comment on attachment 431943 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=431943&action=review r=me, but see comment regarding testing. > Source/WebKit/ChangeLog:14 > + No new tests because there is no behavior change. There's no behavior change if all goes well, but there is a behavior change in the case of a compromised WebContent process. It should be possible to add some kind of internal interface that makes WebCore send over font data and then scribble over it with random timing, which would hopefully eventually crash without this patch, and then show with this patch it doesn't crash. I don't know how practical that is though.
Committed r279106 (239023@main): <https://commits.webkit.org/239023@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 431943 [details].