Changeset 260216 in webkit
- Timestamp:
- Apr 16, 2020, 1:13:01 PM (5 years ago)
- Location:
- trunk/Source/WebKit
- Files:
-
- 3 edited
-
ChangeLog (modified) (1 diff)
-
Platform/IPC/cocoa/ConnectionCocoa.mm (modified) (1 diff)
-
Platform/IPC/cocoa/MachMessage.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit/ChangeLog
r260215 r260216 1 2020-04-16 David Kilzer <ddkilzer@apple.com> 2 3 Rollout: [IPC Hardening] MachMessage::create() should use checked arithmetic 4 <https://webkit.org/b/210572> 5 <rdar://problem/61729947> 6 7 Unreviewed rollout of r260160. 8 9 Appears to have caused 8 API test failures on iOS. 10 11 * Platform/IPC/cocoa/ConnectionCocoa.mm: 12 (IPC::Connection::sendOutgoingMessage): 13 * Platform/IPC/cocoa/MachMessage.cpp: 14 (IPC::MachMessage::create): 15 1 16 2020-04-16 Brent Fulgham <bfulgham@apple.com> 2 17 -
trunk/Source/WebKit/Platform/IPC/cocoa/ConnectionCocoa.mm
r260160 r260216 310 310 size_t safeMessageSize = messageSize.unsafeGet(); 311 311 auto message = MachMessage::create(encoder->messageReceiverName().toString(), encoder->messageName().toString(), safeMessageSize); 312 if (!message)313 return false;314 312 315 313 auto* header = message->header(); -
trunk/Source/WebKit/Platform/IPC/cocoa/MachMessage.cpp
r260167 r260216 42 42 std::unique_ptr<MachMessage> MachMessage::create(CString&& messageReceiverName, CString&& messageName, size_t size) 43 43 { 44 auto bufferSize = CheckedSize(sizeof(MachMessage)) + size; 45 if (bufferSize.hasOverflowed()) 46 return nullptr; 47 void* memory = WTF::fastZeroedMalloc(bufferSize.unsafeGet()); 44 void* memory = WTF::fastZeroedMalloc(sizeof(MachMessage) + size); 48 45 return std::unique_ptr<MachMessage> { new (NotNull, memory) MachMessage { WTFMove(messageReceiverName), WTFMove(messageName), size } }; 49 46 }
Note:
See TracChangeset
for help on using the changeset viewer.
