[webkit-changes] [WebKit/WebKit] 6a6162: IPC validation for DocumentEditingContext::Range s...

Wenson Hsieh Mon, 29 Jan 2024 11:07:21 -0800

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 6a616251c48f7ff3bed68e4281a17f06a574cd41
      
https://github.com/WebKit/WebKit/commit/6a616251c48f7ff3bed68e4281a17f06a574cd41
  Author: Wenson Hsieh <wenson_hs...@apple.com>
  Date:   2024-01-29 (Mon, 29 Jan 2024)


  Changed paths:
    M Source/WebKit/Shared/DocumentEditingContext.serialization.in

  Log Message:
  -----------
  IPC validation for DocumentEditingContext::Range should not crash on overflow
https://bugs.webkit.org/show_bug.cgi?id=268300
rdar://121859057

Reviewed by Chris Dumez.

It's currently possible to crash the UI process by having it attempt to decode a
`DocumentEditingContext::Range` that overflows the `uint64_t` limit. This is 
because the validator
currently creates a `Checked<uint64_t>`, which (by default) uses the 
`CrashOnOverflow` handler. This
should use `RecordOverflow` instead, which we can get by adopting the 
`CheckedUint64` type alias.

* Source/WebKit/Shared/DocumentEditingContext.serialization.in:

Canonical link: https://commits.webkit.org/273671@main


_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [WebKit/WebKit] 6a6162: IPC validation for DocumentEditingContext::Range s...

Reply via email to