[webkit-reviews] review granted: [Bug 227247] [Cocoa] Force a copy of font data when receiving it from the untrusted web process : [Attachment 431943] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jun 21 21:30:25 PDT 2021
Maciej Stachowiak <mjs at apple.com> has granted Myles C. Maxfield
<mmaxfield at apple.com>'s request for review:
Bug 227247: [Cocoa] Force a copy of font data when receiving it from the
untrusted web process
https://bugs.webkit.org/show_bug.cgi?id=227247
Attachment 431943: Patch
https://bugs.webkit.org/attachment.cgi?id=431943&action=review
--- Comment #3 from Maciej Stachowiak <mjs at apple.com> ---
Comment on attachment 431943
--> https://bugs.webkit.org/attachment.cgi?id=431943
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=431943&action=review
r=me, but see comment regarding testing.
> Source/WebKit/ChangeLog:14
> + No new tests because there is no behavior change.
There's no behavior change if all goes well, but there is a behavior change in
the case of a compromised WebContent process. It should be possible to add some
kind of internal interface that makes WebCore send over font data and then
scribble over it with random timing, which would hopefully eventually crash
without this patch, and then show with this patch it doesn't crash. I don't
know how practical that is though.
More information about the webkit-reviews
mailing list