Changeset 245911 in webkit
- Timestamp:
- May 30, 2019 5:00:09 PM (5 years ago)
- Location:
- trunk/Source/WebKit
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit/ChangeLog
r245904 r245911 1 2019-05-30 Chris Dumez <cdumez@apple.com> 2 3 Network process crash when decoding SecItemResponseData 4 https://bugs.webkit.org/show_bug.cgi?id=198388 5 <rdar://problem/50408046> 6 7 Reviewed by Alex Christensen. 8 9 * Shared/cf/ArgumentCodersCF.cpp: 10 (IPC::decode): 11 When decoding the elements inside a CFArrayRef, if decoding was successful but 12 the CFTypeRef element is still null then skip it instead of trying to append it 13 to the array. A CFArray container is not allowed to contain null. 14 Some of our decoders for CFTypeRef types may not initialize the element even if 15 the decode() function returns true. For example, the decoders for CFArrayRef and 16 CFDictionaryRef return true if the encoded container was null but do not create 17 a container. 18 19 * Shared/mac/SecItemResponseData.cpp: 20 (WebKit::SecItemResponseData::SecItemResponseData): 21 nit: The wrong parameter was being moved. This is more efficient. 22 23 (WebKit::SecItemResponseData::encode const): 24 nit: Drop unnecessary .get(). 25 26 * UIProcess/mac/SecItemShimProxy.cpp: 27 (WebKit::SecItemShimProxy::secItemRequest): 28 nit: Use nullptr instead of 0. 29 1 30 2019-05-30 Sihui Liu <sihui_liu@apple.com> 2 31 -
trunk/Source/WebKit/Shared/cf/ArgumentCodersCF.cpp
r245468 r245911 372 372 return false; 373 373 374 RetainPtr<CFMutableArrayRef>array = adoptCF(CFArrayCreateMutable(0, 0, &kCFTypeArrayCallBacks));374 auto array = adoptCF(CFArrayCreateMutable(0, 0, &kCFTypeArrayCallBacks)); 375 375 376 376 for (size_t i = 0; i < size; ++i) { … … 379 379 return false; 380 380 381 if (!element) 382 continue; 383 381 384 CFArrayAppendValue(array.get(), element.get()); 382 385 } -
trunk/Source/WebKit/Shared/mac/SecItemResponseData.cpp
r243460 r245911 33 33 34 34 SecItemResponseData::SecItemResponseData(OSStatus resultCode, RetainPtr<CFTypeRef>&& resultObject) 35 : m_resultObject( resultObject)36 , m_resultCode( WTFMove(resultCode))35 : m_resultObject(WTFMove(resultObject)) 36 , m_resultCode(resultCode) 37 37 { 38 38 } … … 41 41 { 42 42 encoder << static_cast<int64_t>(m_resultCode); 43 encoder << static_cast<bool>(m_resultObject .get());43 encoder << static_cast<bool>(m_resultObject); 44 44 if (m_resultObject) 45 45 IPC::encode(encoder, m_resultObject.get()); -
trunk/Source/WebKit/UIProcess/mac/SecItemShimProxy.cpp
r241441 r245911 66 66 case SecItemRequestData::Invalid: 67 67 LOG_ERROR("SecItemShimProxy::secItemRequest received an invalid data request. Please file a bug if you know how you caused this."); 68 response(SecItemResponseData (errSecParam, nullptr));68 response(SecItemResponseData { errSecParam, nullptr }); 69 69 break; 70 70 71 71 case SecItemRequestData::CopyMatching: { 72 CFTypeRef resultObject = 0;72 CFTypeRef resultObject = nullptr; 73 73 OSStatus resultCode = SecItemCopyMatching(request.query(), &resultObject); 74 response(SecItemResponseData (resultCode, adoptCF(resultObject).get()));74 response(SecItemResponseData { resultCode, adoptCF(resultObject) }); 75 75 break; 76 76 } … … 80 80 // serialize SecKeychainItemRef. 81 81 OSStatus resultCode = SecItemAdd(request.query(), nullptr); 82 response(SecItemResponseData (resultCode, nullptr));82 response(SecItemResponseData { resultCode, nullptr }); 83 83 break; 84 84 } … … 86 86 case SecItemRequestData::Update: { 87 87 OSStatus resultCode = SecItemUpdate(request.query(), request.attributesToMatch()); 88 response(SecItemResponseData (resultCode, 0));88 response(SecItemResponseData { resultCode, nullptr }); 89 89 break; 90 90 } … … 92 92 case SecItemRequestData::Delete: { 93 93 OSStatus resultCode = SecItemDelete(request.query()); 94 response(SecItemResponseData (resultCode, 0));94 response(SecItemResponseData { resultCode, nullptr }); 95 95 break; 96 96 }
Note: See TracChangeset
for help on using the changeset viewer.