RESOLVED INVALID 237100
Restrict supported image decoding types when in CaptivePortal mode 
https://bugs.webkit.org/show_bug.cgi?id=237100
Summary Restrict supported image decoding types when in CaptivePortal mode
Brent Fulgham
Reported 2022-02-23 11:53:53 PST
Adopt the CGImageSourceSetAllowableTypes SPI to prevent CoreGraphics from running image decoders for riskier image types.
Attachments
Patch (2.89 KB, patch)
2022-02-23 12:02 PST, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Patch (2.88 KB, patch)
2022-02-23 13:39 PST, Brent Fulgham 		darin: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2022-02-23 11:54:15 PST
<rdar://problem/89369518>
Brent Fulgham
Comment 2 2022-02-23 12:02:30 PST
Created attachment 453010 [details] Patch
Brent Fulgham
Comment 3 2022-02-23 13:39:22 PST
Created attachment 453023 [details] Patch
Darin Adler
Comment 4 2022-02-23 15:01:29 PST
Comment on attachment 453023 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=453023&action=review > Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:248 > +#if HAVE(CGIMAGESOURCE_WITH_SET_ALLOWABLE_TYPES) > +static NSArray *UTITypes() > +{ > + return @[@"public.jpeg", > + @"public.png", > + @"org.webmproject.webp", > + @"com.compuserve.gif", > + ]; > +} > +#endif Does not seem like we need a separate function for this. NSArray *types = @[ @"public.jpeg", @"public.png", @"org.webmproject.webp", @"com.compuserve.gif", ]; auto status = CGImageSourceSetAllowableTypes(bridge_cast(types)); Could even use auto or constexpr. > Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:255 > +#if HAVE(CGIMAGESOURCE_WITH_SET_ALLOWABLE_TYPES) I think we should format the #if differently. Strange to just check the boolean and then do nothing, so maybe we can put more of the function inside the #if, or put the #if at the call site too.
Brent Fulgham
Comment 6 2022-02-23 15:58:13 PST
See Bug 237120 for the actual issue.
Brent Fulgham
Comment 7 2022-02-23 16:22:18 PST
After reviewing this with the CoreGraphics/ImageIO team, we don't need to do this, as we have already adopted the necessary entitlements to limit decoders in Captive Portal mode. The cause of PDF images still appearing is a separate issue, which requires a different fix (see Bug 237120).
Note You need to log in before you can comment on or make changes to this bug.