SharedMemory::Handle::m_size should be more consistent

<https://webkit.org/b/209007> <rdar://problem/60340890> Reviewed by Darin Adler. * Platform/cocoa/SharedMemoryCocoa.cpp: (WebKit::SharedMemory::Handle::decode): - Return early if an invalid `size` is decoded. (WebKit::SharedMemory::map): - Drive-by fix to change '0' to 'nullptr'. - Since all known methods of creating a SharedMemory::Handle() set SharedMemory::Handle::m_size to a value of round_page(), this means we can also change `round_page(handle.m_size)` to `handle.m_size` in the call to mach_vm_map() since we know they're equal. Canonical link: https://commits.webkit.org/222133@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258620 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · Mar 18, 2020 · 942c15e · 942c15e
1 parent d5589ac
commit 942c15e
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 3 deletions.
diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
@@ -1,3 +1,22 @@
+2020-03-17  David Kilzer  <ddkilzer@apple.com>
+
+        SharedMemory::Handle::m_size should be more consistent
+        <https://webkit.org/b/209007>
+        <rdar://problem/60340890>
+
+        Reviewed by Darin Adler.
+
+        * Platform/cocoa/SharedMemoryCocoa.cpp:
+        (WebKit::SharedMemory::Handle::decode):
+        - Return early if an invalid `size` is decoded.
+        (WebKit::SharedMemory::map):
+        - Drive-by fix to change '0' to 'nullptr'.
+        - Since all known methods of creating a SharedMemory::Handle()
+          set SharedMemory::Handle::m_size to a value of round_page(),
+          this means we can also change `round_page(handle.m_size)` to
+          `handle.m_size` in the call to mach_vm_map() since we know
+          they're equal.
+
 2020-03-17  Commit Queue  <commit-queue@webkit.org>
 
         Unreviewed, reverting r258496.

diff --git a/Source/WebKit/Platform/cocoa/SharedMemoryCocoa.cpp b/Source/WebKit/Platform/cocoa/SharedMemoryCocoa.cpp
@@ -93,6 +93,8 @@ bool SharedMemory::Handle::decode(IPC::Decoder& decoder, Handle& handle)
     uint64_t size;
     if (!decoder.decode(size))
         return false;
+    if (size != round_page(size))
+        return false;
 
     IPC::MachPort machPort;
     if (!decoder.decode(machPort))
@@ -190,13 +192,13 @@ RefPtr<SharedMemory> SharedMemory::wrapMap(void* data, size_t size, Protection p
 RefPtr<SharedMemory> SharedMemory::map(const Handle& handle, Protection protection)
 {
     if (handle.isNull())
-        return 0;
-    
+        return nullptr;
+
     ASSERT(round_page(handle.m_size) == handle.m_size);
 
     vm_prot_t vmProtection = machProtection(protection);
     mach_vm_address_t mappedAddress = 0;
-    kern_return_t kr = mach_vm_map(mach_task_self(), &mappedAddress, round_page(handle.m_size), 0, VM_FLAGS_ANYWHERE, handle.m_port, 0, false, vmProtection, vmProtection, VM_INHERIT_NONE);
+    kern_return_t kr = mach_vm_map(mach_task_self(), &mappedAddress, handle.m_size, 0, VM_FLAGS_ANYWHERE, handle.m_port, 0, false, vmProtection, vmProtection, VM_INHERIT_NONE);
 #if RELEASE_LOG_DISABLED
     if (kr != KERN_SUCCESS)
         return nullptr;