[webkit-reviews] review denied: [Bug 204159] Use SecTrustEvaluateWithError instead of SecTrustEvaluate where available : [Attachment 383459] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Nov 13 09:13:32 PST 2019

Darin Adler <darin at apple.com> has denied Alex Christensen
<achristensen at apple.com>'s request for review:
Bug 204159: Use SecTrustEvaluateWithError instead of SecTrustEvaluate where

Attachment 383459: Patch


--- Comment #3 from Darin Adler <darin at apple.com> ---
Comment on attachment 383459
  --> https://bugs.webkit.org/attachment.cgi?id=383459

View in context: https://bugs.webkit.org/attachment.cgi?id=383459&action=review

> Source/WebCore/platform/network/cocoa/ResourceResponseCocoa.mm:101
> +	   bool success = SecTrustEvaluateWithError(trust, &error);

This will leak the CFErrorRef. Note that the error argument is marked
CF_RETURNS_RETAINED that indicates it’s the caller’s responsibility to release.

> Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:938
> +	   bool success = SecTrustEvaluateWithError(trust, &error);


> Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:947
> +	   infoDictionary = [(__bridge NSDictionary *)SecTrustCopyInfo(trust)

Not important, but a side note. This line is just re-indented and this is not
new code, but I would write this instead:

    infoDictionary = CFBridgingRelease(SecTrustCopyInfo(trust));

More information about the webkit-reviews mailing list