268300 – IPC validation for DocumentEditingContext::Range should not crash on overflow

RESOLVED FIXED 268300

IPC validation for DocumentEditingContext::Range should not crash on overflow

https://bugs.webkit.org/show_bug.cgi?id=268300

Summary IPC validation for DocumentEditingContext::Range should not crash on overflow

Wenson Hsieh

Reported 2024-01-29 08:58:20 PST

Checked<uint64_t> { … } handles overflow by crashing, which isn't ideal. The validator should instead fail decoding gracefully and MESSAGE_CHECK the web process, by recording the uint64_t overflow.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2024-01-29 09:00:08 PST

<rdar://problem/121859057>

Wenson Hsieh

Comment 2 2024-01-29 09:14:27 PST

Pull request: https://github.com/WebKit/WebKit/pull/23429

EWS

Comment 3 2024-01-29 11:07:04 PST

Committed 273671@main (6a616251c48f): <https://commits.webkit.org/273671@main> Reviewed commits have been landed. Closing PR #23429 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKit2

Assignee

Wenson Hsieh

Reported

2024-01-29 08:58 PST

Modified

2024-01-29 11:07 PST History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks