[Webkit-unassigned] [Bug 189840] New: Should we really CRASH() in ChildProcess::didReceiveInvalidMessage?

Fri Sep 21 09:31:18 PDT 2018

https://bugs.webkit.org/show_bug.cgi?id=189840

            Bug ID: 189840
           Summary: Should we really CRASH() in
                    ChildProcess::didReceiveInvalidMessage?
           Product: WebKit
           Version: Other
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit2
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com

Both the cross-platform and Cocoa-specific implementations of ChildProcess::didReceiveInvalidMessage call CRASH(). So any invalid message sent from a child process will crash the parent process.

But the WK2 security model assumes the child process is compromised. Surely a malicious child process should not be able to DOS the UI process just by sending an invalid message. I think CRASH() would only be appropriate if running a debug build.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180921/548d1cec/attachment.html>