Changeset 259346 in webkit


Ignore:
Timestamp:
Apr 1, 2020, 9:01:36 AM (5 years ago)
Author:
Wenson Hsieh
Message:

Make WebPasteboardProxy::didModifyContentsOfPasteboard robust when pasteboardName is null
https://bugs.webkit.org/show_bug.cgi?id=209848
<rdar://problem/61121810>

Reviewed by Megan Gardner and David Kilzer.

Add more IPC message checks in WebPasteboardProxy; see below for more detail.

  • UIProcess/Cocoa/WebPasteboardProxyCocoa.mm:

Rename what is currently MESSAGE_CHECK to MESSAGE_CHECK_COMPLETION, and introduce two more message check macros:
MESSAGE_CHECK_WITH_RETURN_VALUE, which supports a return value, and MESSAGE_CHECK, which returns with no value.

(WebKit::WebPasteboardProxy::canAccessPasteboardData const):

Replace the early returns when pasteboardName is empty or when the web process for the given connection is null
with MESSAGE_CHECKs. When the web content process is well-behaved, these early returns should never be hit.

(WebKit::WebPasteboardProxy::didModifyContentsOfPasteboard):

Similarly, replace this early return with a message check, and additionally MESSAGE_CHECK when the pasteboard
name is empty. This addresses the main issue caught by this radar.

(WebKit::WebPasteboardProxy::setPasteboardBufferForType):

Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r259345 r259346  
     12020-04-01  Wenson Hsieh  <wenson_hsieh@apple.com>
     2
     3        Make WebPasteboardProxy::didModifyContentsOfPasteboard robust when pasteboardName is null
     4        https://bugs.webkit.org/show_bug.cgi?id=209848
     5        <rdar://problem/61121810>
     6
     7        Reviewed by Megan Gardner and David Kilzer.
     8
     9        Add more IPC message checks in WebPasteboardProxy; see below for more detail.
     10
     11        * UIProcess/Cocoa/WebPasteboardProxyCocoa.mm:
     12
     13        Rename what is currently MESSAGE_CHECK to MESSAGE_CHECK_COMPLETION, and introduce two more message check macros:
     14        MESSAGE_CHECK_WITH_RETURN_VALUE, which supports a return value, and MESSAGE_CHECK, which returns with no value.
     15
     16        (WebKit::WebPasteboardProxy::canAccessPasteboardData const):
     17
     18        Replace the early returns when pasteboardName is empty or when the web process for the given connection is null
     19        with `MESSAGE_CHECK`s. When the web content process is well-behaved, these early returns should never be hit.
     20
     21        (WebKit::WebPasteboardProxy::didModifyContentsOfPasteboard):
     22
     23        Similarly, replace this early return with a message check, and additionally `MESSAGE_CHECK` when the pasteboard
     24        name is empty. This addresses the main issue caught by this radar.
     25
     26        (WebKit::WebPasteboardProxy::setPasteboardBufferForType):
     27
    1282020-04-01  Victor M. Jaquez <vjaquez@igalia.com>
    229

  • trunk/Source/WebKit/UIProcess/Cocoa/WebPasteboardProxyCocoa.mm

    r259151 r259346  
    3939#import <wtf/URL.h>
    4040
    41 #define MESSAGE_CHECK(assertion, completion) MESSAGE_CHECK_COMPLETION_BASE(assertion, (&connection), completion)
     41#define MESSAGE_CHECK(assertion) MESSAGE_CHECK_BASE(assertion, (&connection))
     42#define MESSAGE_CHECK_WITH_RETURN_VALUE(assertion, returnValue) MESSAGE_CHECK_WITH_RETURN_VALUE_BASE(assertion, (&connection), returnValue)
     43#define MESSAGE_CHECK_COMPLETION(assertion, completion) MESSAGE_CHECK_COMPLETION_BASE(assertion, (&connection), completion)
    4244
    4345namespace WebKit {
     
    7476bool WebPasteboardProxy::canAccessPasteboardData(IPC::Connection& connection, const String& pasteboardName) const
    7577{
    76     if (pasteboardName.isEmpty()) {
    77         ASSERT_NOT_REACHED();
    78         return false;
    79     }
     78    MESSAGE_CHECK_WITH_RETURN_VALUE(!pasteboardName.isEmpty(), false);
    8079
    8180    auto* process = webProcessProxyForConnection(connection);
    82     if (!process)
    83         return false;
     81    MESSAGE_CHECK_WITH_RETURN_VALUE(process, false);
    8482
    8583    for (auto* page : process->pages()) {
     
    107105void WebPasteboardProxy::didModifyContentsOfPasteboard(IPC::Connection& connection, const String& pasteboardName, int64_t previousChangeCount, int64_t newChangeCount)
    108106{
     107    MESSAGE_CHECK(!pasteboardName.isEmpty());
     108
    109109    auto* process = webProcessProxyForConnection(connection);
    110     if (!process)
    111         return;
     110    MESSAGE_CHECK(process);
    112111
    113112    auto changeCountAndProcesses = m_pasteboardNameToChangeCountAndProcessesMap.find(pasteboardName);
     
    301300
    302301    // SharedMemory::Handle::size() is rounded up to the nearest page.
    303     MESSAGE_CHECK(size <= handle.size(), completionHandler(0));
     302    MESSAGE_CHECK_COMPLETION(size <= handle.size(), completionHandler(0));
    304303
    305304    RefPtr<SharedMemory> sharedMemoryBuffer = SharedMemory::map(handle, SharedMemory::Protection::ReadOnly);
Note: See TracChangeset for help on using the changeset viewer.