<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[242504] branches/safari-607.1.40.1-branch/Source/WebKit</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/242504">242504</a></dd>
<dt>Author</dt> <dd>kocsen_chung@apple.com</dd>
<dt>Date</dt> <dd>2019-03-05 13:49:30 -0800 (Tue, 05 Mar 2019)</dd>
</dl>

<h3>Log Message</h3>
<pre>Cherry-pick <a href="http://trac.webkit.org/projects/webkit/changeset/242378">r242378</a>. rdar://problem/48591280

    Check contextIDs when handling WebContent messages
    https://bugs.webkit.org/show_bug.cgi?id=195289
    <rdar://problem/48475870>

    Reviewed by Alex Christensen.

    The WebContent process is untrusted because it handles arbitrary markup and javascript from untrusted sources.
    We should handle its messages with suspicion, and make sure the arguments are valid and usable before honoring them.

    This patch hardens the message passing layer by performing MESSAGE_CHECK in places that had been overlooked.

    * UIProcess/Cocoa/PlaybackSessionManagerProxy.mm:
    (WebKit::PlaybackSessionManagerProxy::setUpPlaybackControlsManagerWithID):
    (WebKit::PlaybackSessionManagerProxy::currentTimeChanged):
    (WebKit::PlaybackSessionManagerProxy::bufferedTimeChanged):
    (WebKit::PlaybackSessionManagerProxy::seekableRangesVectorChanged):
    (WebKit::PlaybackSessionManagerProxy::canPlayFastReverseChanged):
    (WebKit::PlaybackSessionManagerProxy::audioMediaSelectionOptionsChanged):
    (WebKit::PlaybackSessionManagerProxy::legibleMediaSelectionOptionsChanged):
    (WebKit::PlaybackSessionManagerProxy::audioMediaSelectionIndexChanged):
    (WebKit::PlaybackSessionManagerProxy::legibleMediaSelectionIndexChanged):
    (WebKit::PlaybackSessionManagerProxy::externalPlaybackPropertiesChanged):
    (WebKit::PlaybackSessionManagerProxy::wirelessVideoPlaybackDisabledChanged):
    (WebKit::PlaybackSessionManagerProxy::mutedChanged):
    (WebKit::PlaybackSessionManagerProxy::volumeChanged):
    (WebKit::PlaybackSessionManagerProxy::durationChanged):
    (WebKit::PlaybackSessionManagerProxy::playbackStartedTimeChanged):
    (WebKit::PlaybackSessionManagerProxy::rateChanged):
    (WebKit::PlaybackSessionManagerProxy::pictureInPictureSupportedChanged):
    (WebKit::PlaybackSessionManagerProxy::pictureInPictureActiveChanged):
    (WebKit::PlaybackSessionManagerProxy::handleControlledElementIDResponse const):
    * UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp:
    (WebKit::UserMediaCaptureManagerProxy::createMediaSourceForCaptureDeviceWithConstraints):
    (WebKit::UserMediaCaptureManagerProxy::startProducingData):
    (WebKit::UserMediaCaptureManagerProxy::stopProducingData):
    (WebKit::UserMediaCaptureManagerProxy::end):
    (WebKit::UserMediaCaptureManagerProxy::capabilities):
    (WebKit::UserMediaCaptureManagerProxy::setMuted):
    (WebKit::UserMediaCaptureManagerProxy::applyConstraints):
    * UIProcess/Cocoa/VideoFullscreenManagerProxy.mm:
    (WebKit::VideoFullscreenManagerProxy::setupFullscreenWithID):
    (WebKit::VideoFullscreenManagerProxy::setHasVideo):
    (WebKit::VideoFullscreenManagerProxy::setVideoDimensions):
    (WebKit::VideoFullscreenManagerProxy::enterFullscreen):
    (WebKit::VideoFullscreenManagerProxy::exitFullscreen):
    (WebKit::VideoFullscreenManagerProxy::exitFullscreenWithoutAnimationToMode):
    (WebKit::VideoFullscreenManagerProxy::setInlineRect):
    (WebKit::VideoFullscreenManagerProxy::setHasVideoContentLayer):
    (WebKit::VideoFullscreenManagerProxy::cleanupFullscreen):
    (WebKit::VideoFullscreenManagerProxy::preparedToReturnToInline):
    (WebKit::VideoFullscreenManagerProxy::preparedToExitFullscreen):
    * UIProcess/ios/EditableImageController.mm:
    (WebKit::EditableImageController::didCreateEditableImage):
    (WebKit::EditableImageController::didDestroyEditableImage):
    (WebKit::EditableImageController::associateWithAttachment):

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@242378 268f45cc-cd09-0410-ab3c-d52691b4dbfc</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#branchessafari6071401branchSourceWebKitChangeLog">branches/safari-607.1.40.1-branch/Source/WebKit/ChangeLog</a></li>
<li><a href="#branchessafari6071401branchSourceWebKitUIProcessCocoaPlaybackSessionManagerProxymm">branches/safari-607.1.40.1-branch/Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm</a></li>
<li><a href="#branchessafari6071401branchSourceWebKitUIProcessCocoaUserMediaCaptureManagerProxycpp">branches/safari-607.1.40.1-branch/Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp</a></li>
<li><a href="#branchessafari6071401branchSourceWebKitUIProcessCocoaVideoFullscreenManagerProxymm">branches/safari-607.1.40.1-branch/Source/WebKit/UIProcess/Cocoa/VideoFullscreenManagerProxy.mm</a></li>
<li><a href="#branchessafari6071401branchSourceWebKitUIProcessiosEditableImageControllermm">branches/safari-607.1.40.1-branch/Source/WebKit/UIProcess/ios/EditableImageController.mm</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchessafari6071401branchSourceWebKitChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-607.1.40.1-branch/Source/WebKit/ChangeLog (242503 => 242504)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-607.1.40.1-branch/Source/WebKit/ChangeLog        2019-03-05 21:49:28 UTC (rev 242503)
+++ branches/safari-607.1.40.1-branch/Source/WebKit/ChangeLog   2019-03-05 21:49:30 UTC (rev 242504)
</span><span class="lines">@@ -1,3 +1,123 @@
</span><ins>+2019-03-05  Kocsen Chung  <kocsen_chung@apple.com>
+
+        Cherry-pick r242378. rdar://problem/48591280
+
+    Check contextIDs when handling WebContent messages
+    https://bugs.webkit.org/show_bug.cgi?id=195289
+    <rdar://problem/48475870>
+    
+    Reviewed by Alex Christensen.
+    
+    The WebContent process is untrusted because it handles arbitrary markup and javascript from untrusted sources.
+    We should handle its messages with suspicion, and make sure the arguments are valid and usable before honoring them.
+    
+    This patch hardens the message passing layer by performing MESSAGE_CHECK in places that had been overlooked.
+    
+    * UIProcess/Cocoa/PlaybackSessionManagerProxy.mm:
+    (WebKit::PlaybackSessionManagerProxy::setUpPlaybackControlsManagerWithID):
+    (WebKit::PlaybackSessionManagerProxy::currentTimeChanged):
+    (WebKit::PlaybackSessionManagerProxy::bufferedTimeChanged):
+    (WebKit::PlaybackSessionManagerProxy::seekableRangesVectorChanged):
+    (WebKit::PlaybackSessionManagerProxy::canPlayFastReverseChanged):
+    (WebKit::PlaybackSessionManagerProxy::audioMediaSelectionOptionsChanged):
+    (WebKit::PlaybackSessionManagerProxy::legibleMediaSelectionOptionsChanged):
+    (WebKit::PlaybackSessionManagerProxy::audioMediaSelectionIndexChanged):
+    (WebKit::PlaybackSessionManagerProxy::legibleMediaSelectionIndexChanged):
+    (WebKit::PlaybackSessionManagerProxy::externalPlaybackPropertiesChanged):
+    (WebKit::PlaybackSessionManagerProxy::wirelessVideoPlaybackDisabledChanged):
+    (WebKit::PlaybackSessionManagerProxy::mutedChanged):
+    (WebKit::PlaybackSessionManagerProxy::volumeChanged):
+    (WebKit::PlaybackSessionManagerProxy::durationChanged):
+    (WebKit::PlaybackSessionManagerProxy::playbackStartedTimeChanged):
+    (WebKit::PlaybackSessionManagerProxy::rateChanged):
+    (WebKit::PlaybackSessionManagerProxy::pictureInPictureSupportedChanged):
+    (WebKit::PlaybackSessionManagerProxy::pictureInPictureActiveChanged):
+    (WebKit::PlaybackSessionManagerProxy::handleControlledElementIDResponse const):
+    * UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp:
+    (WebKit::UserMediaCaptureManagerProxy::createMediaSourceForCaptureDeviceWithConstraints):
+    (WebKit::UserMediaCaptureManagerProxy::startProducingData):
+    (WebKit::UserMediaCaptureManagerProxy::stopProducingData):
+    (WebKit::UserMediaCaptureManagerProxy::end):
+    (WebKit::UserMediaCaptureManagerProxy::capabilities):
+    (WebKit::UserMediaCaptureManagerProxy::setMuted):
+    (WebKit::UserMediaCaptureManagerProxy::applyConstraints):
+    * UIProcess/Cocoa/VideoFullscreenManagerProxy.mm:
+    (WebKit::VideoFullscreenManagerProxy::setupFullscreenWithID):
+    (WebKit::VideoFullscreenManagerProxy::setHasVideo):
+    (WebKit::VideoFullscreenManagerProxy::setVideoDimensions):
+    (WebKit::VideoFullscreenManagerProxy::enterFullscreen):
+    (WebKit::VideoFullscreenManagerProxy::exitFullscreen):
+    (WebKit::VideoFullscreenManagerProxy::exitFullscreenWithoutAnimationToMode):
+    (WebKit::VideoFullscreenManagerProxy::setInlineRect):
+    (WebKit::VideoFullscreenManagerProxy::setHasVideoContentLayer):
+    (WebKit::VideoFullscreenManagerProxy::cleanupFullscreen):
+    (WebKit::VideoFullscreenManagerProxy::preparedToReturnToInline):
+    (WebKit::VideoFullscreenManagerProxy::preparedToExitFullscreen):
+    * UIProcess/ios/EditableImageController.mm:
+    (WebKit::EditableImageController::didCreateEditableImage):
+    (WebKit::EditableImageController::didDestroyEditableImage):
+    (WebKit::EditableImageController::associateWithAttachment):
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@242378 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2019-03-04  Brent Fulgham  <bfulgham@apple.com>
+
+            Check contextIDs when handling WebContent messages
+            https://bugs.webkit.org/show_bug.cgi?id=195289
+            <rdar://problem/48475870>
+
+            Reviewed by Alex Christensen.
+
+            The WebContent process is untrusted because it handles arbitrary markup and javascript from untrusted sources.
+            We should handle its messages with suspicion, and make sure the arguments are valid and usable before honoring them.
+
+            This patch hardens the message passing layer by performing MESSAGE_CHECK in places that had been overlooked.
+
+            * UIProcess/Cocoa/PlaybackSessionManagerProxy.mm:
+            (WebKit::PlaybackSessionManagerProxy::setUpPlaybackControlsManagerWithID):
+            (WebKit::PlaybackSessionManagerProxy::currentTimeChanged):
+            (WebKit::PlaybackSessionManagerProxy::bufferedTimeChanged):
+            (WebKit::PlaybackSessionManagerProxy::seekableRangesVectorChanged):
+            (WebKit::PlaybackSessionManagerProxy::canPlayFastReverseChanged):
+            (WebKit::PlaybackSessionManagerProxy::audioMediaSelectionOptionsChanged):
+            (WebKit::PlaybackSessionManagerProxy::legibleMediaSelectionOptionsChanged):
+            (WebKit::PlaybackSessionManagerProxy::audioMediaSelectionIndexChanged):
+            (WebKit::PlaybackSessionManagerProxy::legibleMediaSelectionIndexChanged):
+            (WebKit::PlaybackSessionManagerProxy::externalPlaybackPropertiesChanged):
+            (WebKit::PlaybackSessionManagerProxy::wirelessVideoPlaybackDisabledChanged):
+            (WebKit::PlaybackSessionManagerProxy::mutedChanged):
+            (WebKit::PlaybackSessionManagerProxy::volumeChanged):
+            (WebKit::PlaybackSessionManagerProxy::durationChanged):
+            (WebKit::PlaybackSessionManagerProxy::playbackStartedTimeChanged):
+            (WebKit::PlaybackSessionManagerProxy::rateChanged):
+            (WebKit::PlaybackSessionManagerProxy::pictureInPictureSupportedChanged):
+            (WebKit::PlaybackSessionManagerProxy::pictureInPictureActiveChanged):
+            (WebKit::PlaybackSessionManagerProxy::handleControlledElementIDResponse const):
+            * UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp:
+            (WebKit::UserMediaCaptureManagerProxy::createMediaSourceForCaptureDeviceWithConstraints):
+            (WebKit::UserMediaCaptureManagerProxy::startProducingData):
+            (WebKit::UserMediaCaptureManagerProxy::stopProducingData):
+            (WebKit::UserMediaCaptureManagerProxy::end):
+            (WebKit::UserMediaCaptureManagerProxy::capabilities):
+            (WebKit::UserMediaCaptureManagerProxy::setMuted):
+            (WebKit::UserMediaCaptureManagerProxy::applyConstraints):
+            * UIProcess/Cocoa/VideoFullscreenManagerProxy.mm:
+            (WebKit::VideoFullscreenManagerProxy::setupFullscreenWithID):
+            (WebKit::VideoFullscreenManagerProxy::setHasVideo):
+            (WebKit::VideoFullscreenManagerProxy::setVideoDimensions):
+            (WebKit::VideoFullscreenManagerProxy::enterFullscreen):
+            (WebKit::VideoFullscreenManagerProxy::exitFullscreen):
+            (WebKit::VideoFullscreenManagerProxy::exitFullscreenWithoutAnimationToMode):
+            (WebKit::VideoFullscreenManagerProxy::setInlineRect):
+            (WebKit::VideoFullscreenManagerProxy::setHasVideoContentLayer):
+            (WebKit::VideoFullscreenManagerProxy::cleanupFullscreen):
+            (WebKit::VideoFullscreenManagerProxy::preparedToReturnToInline):
+            (WebKit::VideoFullscreenManagerProxy::preparedToExitFullscreen):
+            * UIProcess/ios/EditableImageController.mm:
+            (WebKit::EditableImageController::didCreateEditableImage):
+            (WebKit::EditableImageController::didDestroyEditableImage):
+            (WebKit::EditableImageController::associateWithAttachment):
+
</ins><span class="cx"> 2019-02-27  Alan Coon  <alancoon@apple.com>
</span><span class="cx"> 
</span><span class="cx">         Apply patch. rdar://problem/48429602
</span></span></pre></div>
<a id="branchessafari6071401branchSourceWebKitUIProcessCocoaPlaybackSessionManagerProxymm"></a>
<div class="modfile"><h4>Modified: branches/safari-607.1.40.1-branch/Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm (242503 => 242504)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-607.1.40.1-branch/Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm   2019-03-05 21:49:28 UTC (rev 242503)
+++ branches/safari-607.1.40.1-branch/Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm      2019-03-05 21:49:30 UTC (rev 242504)
</span><span class="lines">@@ -33,6 +33,8 @@
</span><span class="cx"> #import "WebPageProxy.h"
</span><span class="cx"> #import "WebProcessProxy.h"
</span><span class="cx"> 
</span><ins>+#define MESSAGE_CHECK_CONTEXTID(contextID) MESSAGE_CHECK_BASE(m_contextMap.isValidKey(contextId), m_page->process().connection())
+
</ins><span class="cx"> namespace WebKit {
</span><span class="cx"> using namespace WebCore;
</span><span class="cx"> 
</span><span class="lines">@@ -371,6 +373,7 @@
</span><span class="cx"> 
</span><span class="cx"> void PlaybackSessionManagerProxy::setUpPlaybackControlsManagerWithID(uint64_t contextId)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextID);
</ins><span class="cx">     if (m_controlsManagerContextId == contextId)
</span><span class="cx">         return;
</span><span class="cx"> 
</span><span class="lines">@@ -396,16 +399,19 @@
</span><span class="cx"> 
</span><span class="cx"> void PlaybackSessionManagerProxy::currentTimeChanged(uint64_t contextId, double currentTime, double hostTime)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextID);
</ins><span class="cx">     ensureModel(contextId).currentTimeChanged(currentTime);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void PlaybackSessionManagerProxy::bufferedTimeChanged(uint64_t contextId, double bufferedTime)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextID);
</ins><span class="cx">     ensureModel(contextId).bufferedTimeChanged(bufferedTime);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void PlaybackSessionManagerProxy::seekableRangesVectorChanged(uint64_t contextId, Vector<std::pair<double, double>> ranges, double lastModifiedTime, double liveUpdateInterval)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextID);
</ins><span class="cx">     Ref<TimeRanges> timeRanges = TimeRanges::create();
</span><span class="cx">     for (const auto& range : ranges) {
</span><span class="cx">         ASSERT(isfinite(range.first));
</span><span class="lines">@@ -419,31 +425,37 @@
</span><span class="cx"> 
</span><span class="cx"> void PlaybackSessionManagerProxy::canPlayFastReverseChanged(uint64_t contextId, bool value)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextID);
</ins><span class="cx">     ensureModel(contextId).canPlayFastReverseChanged(value);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void PlaybackSessionManagerProxy::audioMediaSelectionOptionsChanged(uint64_t contextId, Vector<MediaSelectionOption> options, uint64_t selectedIndex)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextID);
</ins><span class="cx">     ensureModel(contextId).audioMediaSelectionOptionsChanged(options, selectedIndex);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void PlaybackSessionManagerProxy::legibleMediaSelectionOptionsChanged(uint64_t contextId, Vector<MediaSelectionOption> options, uint64_t selectedIndex)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextID);
</ins><span class="cx">     ensureModel(contextId).legibleMediaSelectionOptionsChanged(options, selectedIndex);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void PlaybackSessionManagerProxy::audioMediaSelectionIndexChanged(uint64_t contextId, uint64_t selectedIndex)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextID);
</ins><span class="cx">     ensureModel(contextId).audioMediaSelectionIndexChanged(selectedIndex);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void PlaybackSessionManagerProxy::legibleMediaSelectionIndexChanged(uint64_t contextId, uint64_t selectedIndex)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextID);
</ins><span class="cx">     ensureModel(contextId).legibleMediaSelectionIndexChanged(selectedIndex);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void PlaybackSessionManagerProxy::externalPlaybackPropertiesChanged(uint64_t contextId, bool enabled, uint32_t targetType, String localizedDeviceName)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextID);
</ins><span class="cx">     PlaybackSessionModel::ExternalPlaybackTargetType type = static_cast<PlaybackSessionModel::ExternalPlaybackTargetType>(targetType);
</span><span class="cx">     ASSERT(type == PlaybackSessionModel::TargetTypeAirPlay || type == PlaybackSessionModel::TargetTypeTVOut || type == PlaybackSessionModel::TargetTypeNone);
</span><span class="cx"> 
</span><span class="lines">@@ -452,46 +464,55 @@
</span><span class="cx"> 
</span><span class="cx"> void PlaybackSessionManagerProxy::wirelessVideoPlaybackDisabledChanged(uint64_t contextId, bool disabled)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextID);
</ins><span class="cx">     ensureModel(contextId).wirelessVideoPlaybackDisabledChanged(disabled);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void PlaybackSessionManagerProxy::mutedChanged(uint64_t contextId, bool muted)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextID);
</ins><span class="cx">     ensureModel(contextId).mutedChanged(muted);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void PlaybackSessionManagerProxy::volumeChanged(uint64_t contextId, double volume)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextID);
</ins><span class="cx">     ensureModel(contextId).volumeChanged(volume);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void PlaybackSessionManagerProxy::durationChanged(uint64_t contextId, double duration)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextID);
</ins><span class="cx">     ensureModel(contextId).durationChanged(duration);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void PlaybackSessionManagerProxy::playbackStartedTimeChanged(uint64_t contextId, double playbackStartedTime)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextID);
</ins><span class="cx">     ensureModel(contextId).playbackStartedTimeChanged(playbackStartedTime);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void PlaybackSessionManagerProxy::rateChanged(uint64_t contextId, bool isPlaying, double rate)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextID);
</ins><span class="cx">     ensureModel(contextId).rateChanged(isPlaying, rate);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void PlaybackSessionManagerProxy::pictureInPictureSupportedChanged(uint64_t contextId, bool supported)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextID);
</ins><span class="cx">     ensureModel(contextId).pictureInPictureSupportedChanged(supported);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void PlaybackSessionManagerProxy::pictureInPictureActiveChanged(uint64_t contextId, bool active)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextID);
</ins><span class="cx">     ensureModel(contextId).pictureInPictureActiveChanged(active);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void PlaybackSessionManagerProxy::handleControlledElementIDResponse(uint64_t contextId, String identifier) const
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextID);
</ins><span class="cx"> #if PLATFORM(MAC)
</span><span class="cx">     if (contextId == m_controlsManagerContextId)
</span><span class="cx">         m_page->handleControlledElementIDResponse(identifier);
</span><span class="lines">@@ -607,4 +628,6 @@
</span><span class="cx"> 
</span><span class="cx"> } // namespace WebKit
</span><span class="cx"> 
</span><ins>+#undef MESSAGE_CHECK_CONTEXTID
+
</ins><span class="cx"> #endif // PLATFORM(IOS_FAMILY) || (PLATFORM(MAC) && ENABLE(VIDEO_PRESENTATION_MODE))
</span></span></pre></div>
<a id="branchessafari6071401branchSourceWebKitUIProcessCocoaUserMediaCaptureManagerProxycpp"></a>
<div class="modfile"><h4>Modified: branches/safari-607.1.40.1-branch/Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp (242503 => 242504)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-607.1.40.1-branch/Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp 2019-03-05 21:49:28 UTC (rev 242503)
+++ branches/safari-607.1.40.1-branch/Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp    2019-03-05 21:49:30 UTC (rev 242504)
</span><span class="lines">@@ -39,6 +39,8 @@
</span><span class="cx"> #include <WebCore/WebAudioBufferList.h>
</span><span class="cx"> #include <wtf/UniqueRef.h>
</span><span class="cx"> 
</span><ins>+#define MESSAGE_CHECK_CONTEXTID(id) MESSAGE_CHECK_BASE(m_proxies.isValidKey(id), m_process.connection())
+
</ins><span class="cx"> namespace WebKit {
</span><span class="cx"> using namespace WebCore;
</span><span class="cx"> 
</span><span class="lines">@@ -139,6 +141,8 @@
</span><span class="cx"> 
</span><span class="cx"> void UserMediaCaptureManagerProxy::createMediaSourceForCaptureDeviceWithConstraints(uint64_t id, const CaptureDevice& device, String&& hashSalt, const MediaConstraints& constraints, bool& succeeded, String& invalidConstraints, WebCore::RealtimeMediaSourceSettings& settings)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(id);
+
</ins><span class="cx">     CaptureSourceOrError sourceOrError;
</span><span class="cx">     switch (device.type()) {
</span><span class="cx">     case WebCore::CaptureDevice::DeviceType::Microphone:
</span><span class="lines">@@ -170,6 +174,7 @@
</span><span class="cx"> 
</span><span class="cx"> void UserMediaCaptureManagerProxy::startProducingData(uint64_t id)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(id);
</ins><span class="cx">     auto iter = m_proxies.find(id);
</span><span class="cx">     if (iter != m_proxies.end())
</span><span class="cx">         iter->value->source().start();
</span><span class="lines">@@ -177,6 +182,7 @@
</span><span class="cx"> 
</span><span class="cx"> void UserMediaCaptureManagerProxy::stopProducingData(uint64_t id)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(id);
</ins><span class="cx">     auto iter = m_proxies.find(id);
</span><span class="cx">     if (iter != m_proxies.end())
</span><span class="cx">         iter->value->source().stop();
</span><span class="lines">@@ -184,6 +190,7 @@
</span><span class="cx"> 
</span><span class="cx"> void UserMediaCaptureManagerProxy::capabilities(uint64_t id, WebCore::RealtimeMediaSourceCapabilities& capabilities)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(id);
</ins><span class="cx">     auto iter = m_proxies.find(id);
</span><span class="cx">     if (iter != m_proxies.end())
</span><span class="cx">         capabilities = iter->value->source().capabilities();
</span><span class="lines">@@ -191,6 +198,7 @@
</span><span class="cx"> 
</span><span class="cx"> void UserMediaCaptureManagerProxy::setMuted(uint64_t id, bool muted)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(id);
</ins><span class="cx">     auto iter = m_proxies.find(id);
</span><span class="cx">     if (iter != m_proxies.end())
</span><span class="cx">         iter->value->source().setMuted(muted);
</span><span class="lines">@@ -198,6 +206,7 @@
</span><span class="cx"> 
</span><span class="cx"> void UserMediaCaptureManagerProxy::applyConstraints(uint64_t id, const WebCore::MediaConstraints& constraints)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(id);
</ins><span class="cx">     auto iter = m_proxies.find(id);
</span><span class="cx">     if (iter == m_proxies.end())
</span><span class="cx">         return;
</span><span class="lines">@@ -212,4 +221,6 @@
</span><span class="cx"> 
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+#undef MESSAGE_CHECK_CONTEXTID
+
</ins><span class="cx"> #endif
</span></span></pre></div>
<a id="branchessafari6071401branchSourceWebKitUIProcessCocoaVideoFullscreenManagerProxymm"></a>
<div class="modfile"><h4>Modified: branches/safari-607.1.40.1-branch/Source/WebKit/UIProcess/Cocoa/VideoFullscreenManagerProxy.mm (242503 => 242504)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-607.1.40.1-branch/Source/WebKit/UIProcess/Cocoa/VideoFullscreenManagerProxy.mm   2019-03-05 21:49:28 UTC (rev 242503)
+++ branches/safari-607.1.40.1-branch/Source/WebKit/UIProcess/Cocoa/VideoFullscreenManagerProxy.mm      2019-03-05 21:49:30 UTC (rev 242504)
</span><span class="lines">@@ -121,6 +121,8 @@
</span><span class="cx"> 
</span><span class="cx"> #endif
</span><span class="cx"> 
</span><ins>+#define MESSAGE_CHECK_CONTEXTID(contextID) MESSAGE_CHECK_BASE(m_contextMap.isValidKey(contextId), m_page->process().connection())
+
</ins><span class="cx"> namespace WebKit {
</span><span class="cx"> using namespace WebCore;
</span><span class="cx"> 
</span><span class="lines">@@ -468,6 +470,8 @@
</span><span class="cx"> 
</span><span class="cx"> void VideoFullscreenManagerProxy::setupFullscreenWithID(uint64_t contextId, uint32_t videoLayerID, const WebCore::IntRect& initialRect, float hostingDeviceScaleFactor, HTMLMediaElementEnums::VideoFullscreenMode videoFullscreenMode, bool allowsPictureInPicture, bool standby)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextId);
+
</ins><span class="cx">     ASSERT(videoLayerID);
</span><span class="cx">     RefPtr<VideoFullscreenModelContext> model;
</span><span class="cx">     RefPtr<PlatformVideoFullscreenInterface> interface;
</span><span class="lines">@@ -504,16 +508,20 @@
</span><span class="cx"> 
</span><span class="cx"> void VideoFullscreenManagerProxy::setHasVideo(uint64_t contextId, bool hasVideo)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextId);
</ins><span class="cx">     ensureInterface(contextId).hasVideoChanged(hasVideo);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void VideoFullscreenManagerProxy::setVideoDimensions(uint64_t contextId, const FloatSize& videoDimensions)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextId);
</ins><span class="cx">     ensureInterface(contextId).videoDimensionsChanged(videoDimensions);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void VideoFullscreenManagerProxy::enterFullscreen(uint64_t contextId)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextId);
+
</ins><span class="cx">     auto& interface = ensureInterface(contextId);
</span><span class="cx">     interface.enterFullscreen();
</span><span class="cx"> 
</span><span class="lines">@@ -531,6 +539,8 @@
</span><span class="cx"> 
</span><span class="cx"> void VideoFullscreenManagerProxy::exitFullscreen(uint64_t contextId, WebCore::IntRect finalRect)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextId);
+
</ins><span class="cx"> #if PLATFORM(IOS_FAMILY)
</span><span class="cx">     ensureInterface(contextId).exitFullscreen(finalRect);
</span><span class="cx"> #else
</span><span class="lines">@@ -543,6 +553,7 @@
</span><span class="cx"> #if PLATFORM(MAC) && ENABLE(VIDEO_PRESENTATION_MODE)
</span><span class="cx"> void VideoFullscreenManagerProxy::exitFullscreenWithoutAnimationToMode(uint64_t contextId, WebCore::HTMLMediaElementEnums::VideoFullscreenMode targetMode)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextId);
</ins><span class="cx">     ensureInterface(contextId).exitFullscreenWithoutAnimationToMode(targetMode);
</span><span class="cx"> }
</span><span class="cx"> #endif
</span><span class="lines">@@ -551,11 +562,13 @@
</span><span class="cx"> 
</span><span class="cx"> void VideoFullscreenManagerProxy::setInlineRect(uint64_t contextId, const WebCore::IntRect& inlineRect, bool visible)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextId);
</ins><span class="cx">     ensureInterface(contextId).setInlineRect(inlineRect, visible);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void VideoFullscreenManagerProxy::setHasVideoContentLayer(uint64_t contextId, bool value)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextId);
</ins><span class="cx">     ensureInterface(contextId).setHasVideoContentLayer(value);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -575,11 +588,13 @@
</span><span class="cx"> 
</span><span class="cx"> void VideoFullscreenManagerProxy::cleanupFullscreen(uint64_t contextId)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextId);
</ins><span class="cx">     ensureInterface(contextId).cleanupFullscreen();
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void VideoFullscreenManagerProxy::preparedToReturnToInline(uint64_t contextId, bool visible, WebCore::IntRect inlineRect)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextId);
</ins><span class="cx">     m_page->fullscreenMayReturnToInline();
</span><span class="cx"> 
</span><span class="cx"> #if PLATFORM(IOS_FAMILY)
</span><span class="lines">@@ -593,6 +608,7 @@
</span><span class="cx"> 
</span><span class="cx"> void VideoFullscreenManagerProxy::preparedToExitFullscreen(uint64_t contextId)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_CONTEXTID(contextId);
</ins><span class="cx">     ensureInterface(contextId).preparedToExitFullscreen();
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -693,4 +709,6 @@
</span><span class="cx"> 
</span><span class="cx"> } // namespace WebKit
</span><span class="cx"> 
</span><ins>+#undef MESSAGE_CHECK_CONTEXTID
+
</ins><span class="cx"> #endif // PLATFORM(IOS_FAMILY) || (PLATFORM(MAC) && ENABLE(VIDEO_PRESENTATION_MODE))
</span></span></pre></div>
<a id="branchessafari6071401branchSourceWebKitUIProcessiosEditableImageControllermm"></a>
<div class="modfile"><h4>Modified: branches/safari-607.1.40.1-branch/Source/WebKit/UIProcess/ios/EditableImageController.mm (242503 => 242504)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-607.1.40.1-branch/Source/WebKit/UIProcess/ios/EditableImageController.mm 2019-03-05 21:49:28 UTC (rev 242503)
+++ branches/safari-607.1.40.1-branch/Source/WebKit/UIProcess/ios/EditableImageController.mm    2019-03-05 21:49:30 UTC (rev 242504)
</span><span class="lines">@@ -38,6 +38,8 @@
</span><span class="cx"> #import <WebCore/GraphicsLayer.h>
</span><span class="cx"> #import <wtf/RetainPtr.h>
</span><span class="cx"> 
</span><ins>+#define MESSAGE_CHECK_VIEWID(embeddedViewID) MESSAGE_CHECK_BASE(m_editableImages.isValidKey(embeddedViewID), connection())
+
</ins><span class="cx"> namespace WebKit {
</span><span class="cx"> 
</span><span class="cx"> EditableImageController::EditableImageController(WebPageProxy& webPageProxy)
</span><span class="lines">@@ -73,16 +75,19 @@
</span><span class="cx"> 
</span><span class="cx"> void EditableImageController::didCreateEditableImage(WebCore::GraphicsLayer::EmbeddedViewID embeddedViewID)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_VIEWID(embeddedViewID);
</ins><span class="cx">     ensureEditableImage(embeddedViewID);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void EditableImageController::didDestroyEditableImage(WebCore::GraphicsLayer::EmbeddedViewID embeddedViewID)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_VIEWID(embeddedViewID);
</ins><span class="cx">     m_editableImages.remove(embeddedViewID);
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void EditableImageController::associateWithAttachment(WebCore::GraphicsLayer::EmbeddedViewID embeddedViewID, const String& attachmentID)
</span><span class="cx"> {
</span><ins>+    MESSAGE_CHECK_VIEWID(embeddedViewID);
</ins><span class="cx">     if (!m_webPageProxy)
</span><span class="cx">         return;
</span><span class="cx">     auto& page = *m_webPageProxy;
</span><span class="lines">@@ -150,4 +155,6 @@
</span><span class="cx"> 
</span><span class="cx"> } // namespace WebKit
</span><span class="cx"> 
</span><ins>+#undef MESSAGE_CHECK_VIEWID
+
</ins><span class="cx"> #endif // HAVE(PENCILKIT)
</span></span></pre>
</div>
</div>

</body>
</html>