Changeset 253206 in webkit
- Timestamp:
- Dec 6, 2019 8:06:12 AM (4 years ago)
- Location:
- trunk/Source
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r253205 r253206 1 2019-12-05 Chris Dumez <cdumez@apple.com> 2 3 Stop using reserveCapacity() / reserveInitialCapacity() in IPC decoders 4 https://bugs.webkit.org/show_bug.cgi?id=204930 5 <rdar://problem/57682737> 6 7 Reviewed by Ryosuke Niwa. 8 9 This is IPC hardening since the size we use to reserve the capacity is encoded over IPC 10 and cannot be trusted in some cases. 11 12 * page/csp/ContentSecurityPolicyResponseHeaders.h: 13 (WebCore::ContentSecurityPolicyResponseHeaders::decode): 14 1 15 2019-12-06 Antti Koivisto <antti@apple.com> 2 16 -
trunk/Source/WebCore/page/csp/ContentSecurityPolicyResponseHeaders.h
r231479 r253206 75 75 if (!decoder.decode(headersSize)) 76 76 return false; 77 headers.m_headers.reserveCapacity(static_cast<size_t>(headersSize));78 77 for (size_t i = 0; i < headersSize; ++i) { 79 78 String header; … … 85 84 headers.m_headers.append(std::make_pair(header, headerType)); 86 85 } 86 headers.m_headers.shrinkToFit(); 87 87 88 88 if (!decoder.decode(headers.m_httpStatusCode)) -
trunk/Source/WebKit/ChangeLog
r253203 r253206 1 2019-12-05 Chris Dumez <cdumez@apple.com> 2 3 Stop using reserveCapacity() / reserveInitialCapacity() in IPC decoders 4 https://bugs.webkit.org/show_bug.cgi?id=204930 5 <rdar://problem/57682737> 6 7 Reviewed by Ryosuke Niwa. 8 9 This is IPC hardening since the size we use to reserve the capacity is encoded over IPC 10 and cannot be trusted in some cases. 11 12 * Platform/IPC/ArgumentCoders.h: 13 * Shared/WebCoreArgumentCoders.cpp: 14 (IPC::ArgumentCoder<Vector<RefPtr<SecurityOrigin>>>::decode): 15 1 16 2019-12-06 youenn fablet <youenn@apple.com> 2 17 -
trunk/Source/WebKit/Platform/IPC/ArgumentCoders.h
r250673 r253206 379 379 380 380 HashMapType hashMap; 381 hashMap.reserveInitialCapacity(hashMapSize);382 381 for (uint32_t i = 0; i < hashMapSize; ++i) { 383 382 Optional<KeyArg> key; -
trunk/Source/WebKit/Shared/WebCoreArgumentCoders.cpp
r252641 r253206 3035 3035 return false; 3036 3036 3037 origins.reserveInitialCapacity(dataSize);3038 3037 for (uint64_t i = 0; i < dataSize; ++i) { 3039 3038 auto decodedOriginRefPtr = SecurityOrigin::decode(decoder); 3040 3039 if (!decodedOriginRefPtr) 3041 3040 return false; 3042 origins.uncheckedAppend(decodedOriginRefPtr.releaseNonNull()); 3043 } 3041 origins.append(decodedOriginRefPtr.releaseNonNull()); 3042 } 3043 origins.shrinkToFit(); 3044 3044 3045 return true; 3045 3046 }
Note: See TracChangeset
for help on using the changeset viewer.