[webkit-changes] [WebKit/WebKit] 09eff9: rdar://119489615 ([CoreIPC] SEGV in WebKit::Remote...

mscottapple noreply at github.com
Tue Mar 19 08:59:48 PDT 2024


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 09eff921fc9a28f36ed936bbfcb56d5f5d722cfe
      https://github.com/WebKit/WebKit/commit/09eff921fc9a28f36ed936bbfcb56d5f5d722cfe
  Author: Scott Marcy <mscott at apple.com>
  Date:   2024-03-19 (Tue, 19 Mar 2024)

  Changed paths:
    M LayoutTests/TestExpectations
    A LayoutTests/ipc/invalid-message-to-addTrackBuffer-expected.txt
    A LayoutTests/ipc/invalid-message-to-addTrackBuffer.html
    M Source/WebKit/GPUProcess/media/RemoteSourceBufferProxy.cpp

  Log Message:
  -----------
  rdar://119489615 ([CoreIPC] SEGV in WebKit::RemoteSourceBufferProxy::addTrackBuffer)

Checks that the TrackPrivateRemoteIdentifier argument for the IPC call RemoteSourceBufferProxy::addTrackBuffer() is valid and invalidates the IPC message if not.

Reviewed by David Kilzer.

If the TrackPrivateRemoteIdentifier value is not a known value, the IPC message will be marked as invalid, which is supposed
to crash the content process thereby thwarting any attempted attack through this mechanism.

* LayoutTests/TestExpectations:
* LayoutTests/ipc/invalid-message-to-addTrackBuffer-expected.txt: Added.
* LayoutTests/ipc/invalid-message-to-addTrackBuffer.html: Added.
* Source/WebKit/GPUProcess/media/RemoteSourceBufferProxy.cpp:
(WebKit::RemoteSourceBufferProxy::addTrackBuffer):

Originally-landed-as: 272448.259 at safari-7618-branch (60f8c4667d7a). rdar://124555372
Canonical link: https://commits.webkit.org/276351@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications


More information about the webkit-changes mailing list