commit 1e57bc58415e9564d755afc0cfb9f49368a7dbf5
author cdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Fri Dec 06 00:34:15 2019 +0000
committer cdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Fri Dec 06 00:34:15 2019 +0000
tree e4ea2e447713391e0fd5dc6c02087ec2149eaabb
parent bbea73caca71d4dcbf33b03f78e99a6eaa26b1af

[IPC] Fail ObjectIdentifier decoding if the decoded integer is not a valid ID
https://bugs.webkit.org/show_bug.cgi?id=204921
<rdar://problem/57677747>

Reviewed by Ryosuke Niwa.

* wtf/ObjectIdentifier.h:
(WTF::ObjectIdentifier::decode):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@253186 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WTF/ChangeLog

diff --git a/Source/WTF/ChangeLog b/Source/WTF/ChangeLog
index dfc57ba..0c6bf9f 100644
--- a/Source/WTF/ChangeLog
+++ b/Source/WTF/ChangeLog
@@ -1,3 +1,14 @@
+2019-12-05  Chris Dumez  <cdumez@apple.com>
+
+        [IPC] Fail ObjectIdentifier decoding if the decoded integer is not a valid ID
+        https://bugs.webkit.org/show_bug.cgi?id=204921
+        <rdar://problem/57677747>
+
+        Reviewed by Ryosuke Niwa.
+
+        * wtf/ObjectIdentifier.h:
+        (WTF::ObjectIdentifier::decode):
+
 2019-12-03  Sunny He  <sunny_he@apple.com>
 
         Enable security assertions on all ASAN builds

Source/WTF/wtf/ObjectIdentifier.h

diff --git a/Source/WTF/wtf/ObjectIdentifier.h b/Source/WTF/wtf/ObjectIdentifier.h
index b0993c9..f73c04e 100644
--- a/Source/WTF/wtf/ObjectIdentifier.h
+++ b/Source/WTF/wtf/ObjectIdentifier.h
@@ -66,9 +66,8 @@
     {
         Optional<uint64_t> identifier;
         decoder >> identifier;
-        if (!identifier)
+        if (!identifier || !isValidIdentifier(*identifier))
             return WTF::nullopt;
-        ASSERT(isValidIdentifier(*identifier));
         return ObjectIdentifier { *identifier };
     }