[webkit-changes] [WebKit/WebKit] 1bfda1: Mitigate crashes under Quirks::advancedPrivacyProt...

Wenson Hsieh noreply at github.com
Thu Dec 14 19:53:34 PST 2023


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 1bfda19669abc863671034e16c5808ae0bacf848
      https://github.com/WebKit/WebKit/commit/1bfda19669abc863671034e16c5808ae0bacf848
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2023-12-14 (Thu, 14 Dec 2023)

  Changed paths:
    M Source/WebCore/page/Quirks.cpp

  Log Message:
  -----------
  Mitigate crashes under Quirks::advancedPrivacyProtectionSubstituteDataURLForScriptWithFeatures()
https://bugs.webkit.org/show_bug.cgi?id=266380
rdar://118479646

Reviewed by Yusuke Suzuki.

Even after the mitigations in 269984 at main, we're still sometimes crashing when attempting to
determine whether or not we should apply hard-coded canvas fingerprinting mitigations when advanced
privacy protections are enabled. From discussing with JSC folks, this seems to be due to the way in
which we're currently trying to walk the stack by traversing `callerFrame()`s:

```
while (!codeBlock) {
    callFrame = callFrame->callerFrame();
    if (!callFrame)
        break;
    codeBlock = callFrame->codeBlock();
}
```

Instead of implementing it this way, the JSC team recommended using `StackVisitor::visit` instead to
walk the stack, which is the de-facto mechanism used to perform similar stack traversals elsewhere
in the codebase. In addition, I'm also rearranging this check, so that we only ever attempt this
relatively more expensive stack walk in the case where the `lastDrawnText`, `canvasWidth` and
`canvasHeight` all match their expected values for the quirk.

* Source/WebCore/page/Quirks.cpp:
(WebCore::Quirks::advancedPrivacyProtectionSubstituteDataURLForScriptWithFeatures const):

In my manual testing, I found that the source code length on some of the affected sites has been
changed slightly; adjust this quirk to match.

Canonical link: https://commits.webkit.org/272093@main




More information about the webkit-changes mailing list