[IPC] Fail PAL::SessionID decoding if the decoded integer is not a valid session ID
https://bugs.webkit.org/show_bug.cgi?id=204917
<rdar://problem/53418119>
Reviewed by Ryosuke Niwa.
Fail PAL::SessionID IPC decoding if the decoded integer is not a valid session ID.
This makes our IPC more robust to bad input and makes sure we don't try to lookup
an invalid sessionID from a HashMap as a result of a bad IPC.
* pal/SessionID.h:
(PAL::SessionID::decode):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@253180 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebCore/PAL/ChangeLog b/Source/WebCore/PAL/ChangeLog
index 12d7fb3..8ebe658 100644
--- a/Source/WebCore/PAL/ChangeLog
+++ b/Source/WebCore/PAL/ChangeLog
@@ -1,3 +1,18 @@
+2019-12-05 Chris Dumez <cdumez@apple.com>
+
+ [IPC] Fail PAL::SessionID decoding if the decoded integer is not a valid session ID
+ https://bugs.webkit.org/show_bug.cgi?id=204917
+ <rdar://problem/53418119>
+
+ Reviewed by Ryosuke Niwa.
+
+ Fail PAL::SessionID IPC decoding if the decoded integer is not a valid session ID.
+ This makes our IPC more robust to bad input and makes sure we don't try to lookup
+ an invalid sessionID from a HashMap as a result of a bad IPC.
+
+ * pal/SessionID.h:
+ (PAL::SessionID::decode):
+
2019-12-04 Tim Horton <timothy_horton@apple.com>
Introduce a GPU process
diff --git a/Source/WebCore/PAL/pal/SessionID.h b/Source/WebCore/PAL/pal/SessionID.h
index e1443f0..3bcd491 100644
--- a/Source/WebCore/PAL/pal/SessionID.h
+++ b/Source/WebCore/PAL/pal/SessionID.h
@@ -98,9 +98,8 @@
{
Optional<uint64_t> sessionID;
decoder >> sessionID;
- if (!sessionID)
+ if (!sessionID || !isValidSessionIDValue(*sessionID))
return WTF::nullopt;
- ASSERT(isValidSessionIDValue(*sessionID));
return SessionID { *sessionID };
}