-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Cherry-pick 259548.723@safari-7615-branch (9e8e582). https://bugs.web…
…kit.org/show_bug.cgi?id=255629 TransformOperation subclasses should verify deserialized type https://bugs.webkit.org/show_bug.cgi?id=255629 rdar://108161092 Reviewed by David Kilzer. The type needs to line up with the same types used by the is, downcast, and dynamicDowncast functions. * Source/WebCore/animation/KeyframeEffect.cpp: (WebCore::KeyframeEffect::computedNeedsForcedLayout): * Source/WebCore/platform/graphics/transforms/IdentityTransformOperation.h: * Source/WebCore/platform/graphics/transforms/Matrix3DTransformOperation.h: * Source/WebCore/platform/graphics/transforms/MatrixTransformOperation.h: * Source/WebCore/platform/graphics/transforms/PerspectiveTransformOperation.h: * Source/WebCore/platform/graphics/transforms/RotateTransformOperation.cpp: (WebCore::RotateTransformOperation::RotateTransformOperation): * Source/WebCore/platform/graphics/transforms/RotateTransformOperation.h: * Source/WebCore/platform/graphics/transforms/ScaleTransformOperation.cpp: (WebCore::ScaleTransformOperation::ScaleTransformOperation): * Source/WebCore/platform/graphics/transforms/ScaleTransformOperation.h: * Source/WebCore/platform/graphics/transforms/SkewTransformOperation.cpp: (WebCore::SkewTransformOperation::SkewTransformOperation): * Source/WebCore/platform/graphics/transforms/SkewTransformOperation.h: * Source/WebCore/platform/graphics/transforms/TransformOperation.h: (WebCore::TransformOperation::isRotateTransformOperationType): (WebCore::TransformOperation::isScaleTransformOperationType): (WebCore::TransformOperation::isSkewTransformOperationType): (WebCore::TransformOperation::isTranslateTransformOperationType): (WebCore::TransformOperation::isRotateTransformOperationType const): Deleted. (WebCore::TransformOperation::isScaleTransformOperationType const): Deleted. (WebCore::TransformOperation::isSkewTransformOperationType const): Deleted. (WebCore::TransformOperation::isTranslateTransformOperationType const): Deleted. * Source/WebCore/platform/graphics/transforms/TranslateTransformOperation.cpp: (WebCore::TranslateTransformOperation::TranslateTransformOperation): * Source/WebCore/platform/graphics/transforms/TranslateTransformOperation.h: * Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in: Canonical link: https://commits.webkit.org/259548.723@safari-7615-branch
- Loading branch information
1 parent
0fe7013
commit e5958f9
Showing
15 changed files
with
40 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
e5958f9
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mcatanzaro are you able to fix the permissions for that bug report linked in the commit message? several of my applications embed webkitgtk and i'd like to gauge how likely i am to have been impacted by the RCEs announced alongside this latest update -- and how i should adjust my practices to decrease the impact of future similar bugs -- but that takes a lot more work for me and i'm more likely to miss something important when the bug reports are marked private.
e5958f9
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @uninsane, WebKit generally does not make security bug reports public. Sorry. I think it makes sense to make them public after the fix has shipped, but it's not really up to me.
What I can tell you is there is no useful information of any sort in the bug report, so it wouldn't make any difference in this case. The only comments in the bug report are links to internal Apple issue trackers and internal Apple GitHub, so whatever discussion exists must be private to Apple only. I don't have any information about this vulnerability other than what you see in the commit message here.
Remote code execution vulnerabilities are very common in WebKit, as in all web engines. It won't be very long before the next batch of issues drops. Regularly updating to the latest stable version of WebKitGTK is highly recommended. I also strongly recommend enabling the web process sandbox (
webkit_web_context_set_sandbox_enabled()
) if you're using the older webkit2gtk-4.0 or webkit2gtk-4.1 API versions (it is always enabled if you're using the latest webkitgtk-6.0 API version).