[webkit-changes] [WebKit/WebKit] 6bac3a: Cherry-pick 252432.808 at safari-7614-branch (b6d2a12...
Wenson Hsieh
noreply at github.com
Tue Jan 24 10:58:55 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 6bac3a2a1f025e5073f2fe314405c1938775d2a1
https://github.com/WebKit/WebKit/commit/6bac3a2a1f025e5073f2fe314405c1938775d2a1
Author: Wenson Hsieh <wenson_hsieh at apple.com>
Date: 2023-01-24 (Tue, 24 Jan 2023)
Changed paths:
M Source/WebKit/UIProcess/mac/WebContextMenuProxyMac.mm
Log Message:
-----------
Cherry-pick 252432.808 at safari-7614-branch (b6d2a12d8d70). rdar://104600105
[macOS] WebContextMenuProxy use-after-free when triggering context menu presentation using IPC
https://bugs.webkit.org/show_bug.cgi?id=247590
rdar://102049265
Reviewed by Aditya Keerthi.
Replace these raw pointers with `WeakPtr` to avoid accessing invalid memory, in the case where a
compromised web process triggers context menu presentation on macOS by sending an out-of-band
`WebPageProxy::ShowContextMenu` IPC message.
* Source/WebKit/UIProcess/mac/WebContextMenuProxyMac.mm:
(-[WKMenuTarget menuProxy]):
(-[WKMenuTarget forwardContextMenuAction:]):
Canonical link: https://commits.webkit.org/252432.808@safari-7614-branch
Canonical link: https://commits.webkit.org/259293@main
More information about the webkit-changes
mailing list