[webkit-reviews] review granted: [Bug 233148] Do some hardening in IPC::createMessageDecoder() : [Attachment 444307] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Nov 15 17:37:44 PST 2021


Darin Adler <darin at apple.com> has granted Chris Dumez <cdumez at apple.com>'s
request for review:
Bug 233148: Do some hardening in IPC::createMessageDecoder()
https://bugs.webkit.org/show_bug.cgi?id=233148

Attachment 444307: Patch

https://bugs.webkit.org/attachment.cgi?id=444307&action=review




--- Comment #3 from Darin Adler <darin at apple.com> ---
Comment on attachment 444307
  --> https://bugs.webkit.org/attachment.cgi?id=444307
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=444307&action=review

> Source/WebKit/Platform/IPC/cocoa/ConnectionCocoa.mm:438
> +    auto sizeWithPortDescriptors = CheckedSize { sizeof(mach_msg_header_t) }
+ sizeof(mach_msg_body_t) + numberOfPortDescriptors *
sizeof(mach_msg_port_descriptor_t);

Could add the first two sizes inside CheckedSize.

Is the numberOfPortDescriptors multiplication safe without CheckedSize?
Currently it’s converted to CheckedSize only after multiplying.

> Source/WebKit/Platform/IPC/cocoa/ConnectionCocoa.mm:483
> +    auto messageBodySize = CheckedSize { header->msgh_size } -
sizeWithPortDescriptors;

Not important to have the CheckedSize cast here.


More information about the webkit-reviews mailing list