Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

REPLAY-1892 Sanitize invalid CGColor values #1373

Merged
merged 1 commit into from
Jul 14, 2023
Merged

REPLAY-1892 Sanitize invalid CGColor values #1373

merged 1 commit into from
Jul 14, 2023

Conversation

ncreated
Copy link
Collaborator

@ncreated ncreated commented Jul 13, 2023
edited
Loading

What and why?

📦 This PR adds a guard logic in SR to prevent it from crashing the app if the assumed value of view.layer.borderColor is not a valid CGColor object.

Such situation is likely possible in apps that leverage User Defined Runtime Attributes and do it wrong like in this example:

Screenshot 2023-07-11 at 14 46 18 (2)

Although the layer.borderColor seems to be set properly, at runtime it is resolved to UIDynamicCatalogSystemColor at runtime, which isn't compatible with CGColor. Calling layer.borderColor?.alpha in such case will crash the app. Interestingly, this seems to only impact view.layer properties as they use CG* types. Setting view.backgroundColor this way will work because UIKit is smart enough to resolve UIColor properly.

We consider this likely and possible, hence we want to prevent SR from causing crashes by adding safety check.

How?

Added basic check with CFGetTypeID(_:) to guard if the typeID of received CGColor is indeed CGColor.typeID.

The fact that view attribtues are captured in with immutable ViewAttributes construct helped to centralise this check. Added second sanity check in the hexString(from:) logic, which is the only place where we query assumed CGColor objects.

Review checklist

  • Feature or bugfix MUST have appropriate tests (unit, integration)
  • Make sure each commit and the PR mention the Issue number or JIRA reference
  • Add CHANGELOG entry for user facing changes

Custom CI job configuration (optional)

  • Run unit tests
  • Run integration tests
  • Run smoke tests

@ncreated ncreated self-assigned this Jul 13, 2023
@ncreated ncreated force-pushed the ncreated/REPLAY-1892/sanitize-cgcolors branch from 54b477a to 378be1a Compare July 13, 2023 13:43
@ncreated ncreated force-pushed the ncreated/REPLAY-1892/sanitize-cgcolors branch from ade3203 to 9cca06c Compare July 13, 2023 15:07
@ncreated ncreated marked this pull request as ready for review July 13, 2023 16:05
@ncreated ncreated requested a review from a team as a code owner July 13, 2023 16:05
@ncreated ncreated merged commit c042120 into develop Jul 14, 2023
@ncreated ncreated deleted the ncreated/REPLAY-1892/sanitize-cgcolors branch July 14, 2023 12:10
@ncreated ncreated mentioned this pull request Jul 25, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maciejburda maciejburda maciejburda approved these changes

Assignees

@ncreated ncreated

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ncreated @maciejburda