[webkit-changes] [WebKit/WebKit] 5d3f12: [IPC] Don't unwrap invalid SendSyncResult replies

Dan Glastonbury noreply at github.com
Tue Jul 18 17:12:14 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 5d3f12cc83daa4b96f7d3563646af53dbe5273e1
      https://github.com/WebKit/WebKit/commit/5d3f12cc83daa4b96f7d3563646af53dbe5273e1
  Author: Dan Glastonbury <djg at apple.com>
  Date:   2023-07-18 (Tue, 18 Jul 2023)

  Changed paths:
    M Source/WebKit/Platform/IPC/Connection.h
    M Source/WebKit/Platform/IPC/MessageSenderInlines.h
    M Source/WebKit/Platform/IPC/StreamClientConnection.h
    M Source/WebKit/UIProcess/AuxiliaryProcessProxy.h

  Log Message:
  -----------
  [IPC] Don't unwrap invalid SendSyncResult replies
https://bugs.webkit.org/show_bug.cgi?id=259301
rdar://111895837

Reviewed by Dean Jackson.

We have a number of crash reports from an assert firing in std::optional when
unwrapping the result of a synchronous IPC call. This assert hints that we have
received a result where `succeeded()` returns true, yet we don't have a reply
payload in replyArguments. This is a violation of the prerequisites for
`ConnectionSendSyncReply`. This issue has been causes by improper handling of
`decoder` failure and has been fixed piecemeal, for example in
https://bugs.webkit.org/show_bug.cgi?id=259006.

This change extends the succeeded check to include checking for non-none
replyArguments to avoid asserting when using `if (sendResult.succeeded()) {
... = sendResult.reply(); }` pattern.

As an extra level of protection, the new ConnecttionSendSyncResult will set
error to Error::Unspecified if passed replyArguments that are none.

* Source/WebKit/Platform/IPC/Connection.h:
(IPC::ConnectionSendSyncResult::ConnectionSendSyncResult):
(IPC::ConnectionSendSyncResult::succeeded const):
(IPC::Connection::sendSync):
* Source/WebKit/Platform/IPC/MessageSenderInlines.h:
(IPC::MessageSender::sendSync):
* Source/WebKit/Platform/IPC/StreamClientConnection.h:
(IPC::StreamClientConnection::sendSync):
(IPC::StreamClientConnection::trySendSyncStream):
* Source/WebKit/UIProcess/AuxiliaryProcessProxy.h:
(WebKit::AuxiliaryProcessProxy::sendSync):

Canonical link: https://commits.webkit.org/266147@main

More information about the webkit-changes mailing list