[webkit-changes] [WebKit/WebKit] b17879: Fix a few more secure decoding issues

[Alex Christensen]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: b17879dcdd0ef0481319a90dac73d50fceb48f28
      https://github.com/WebKit/WebKit/commit/b17879dcdd0ef0481319a90dac73d50fceb48f28
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2023-05-15 (Mon, 15 May 2023)

  Changed paths:
    M Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm

  Log Message:
  -----------
  Fix a few more secure decoding issues
https://bugs.webkit.org/show_bug.cgi?id=256790
rdar://109286881

Reviewed by Wenson Hsieh.

Reports indicate DDScannerResult can contain NSMutableStrings, which fail to decode
in strict mode when expecting an NSString.  Fix this by doing the same transformation
from mutable to not mutable on the encoding side that we do elsewhere.

Reports also indicate that NSURLRequest can contain mutable plist types like
NSMutableURLRequest can.  To be conservative, add the same allowed mutable plist types
when decoding the two classes.

The soft linking code for PAL::isDataDetectorsCoreFrameworkAvailable already effectively
caches the result of dlsym, so making our own cache is redundant.  Same with the other
similar caches.

Also, as a slight perf optimization, check the bools like rewriteMutableString first
before calling dynamic_objc_cast since the former is often false, the latter is more
expensive, and both need to be true to enter the condition.

* Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm:
(-[WKSecureCodingArchivingDelegate archiver:willEncodeObject:]):
(-[WKSecureCodingArchivingDelegate init]):
(IPC::encodeSecureCodingInternal):
(IPC::shouldEnableStrictMode):
(IPC::decodeSecureCodingInternal):

Canonical link: https://commits.webkit.org/264079@main