Check contextIDs when handling WebContent messages
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 4 Mar 2019 21:01:37 +0000 (21:01 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 4 Mar 2019 21:01:37 +0000 (21:01 +0000)
https://bugs.webkit.org/show_bug.cgi?id=195289
<rdar://problem/48475870>

Reviewed by Alex Christensen.

The WebContent process is untrusted because it handles arbitrary markup and javascript from untrusted sources.
We should handle its messages with suspicion, and make sure the arguments are valid and usable before honoring them.

This patch hardens the message passing layer by performing MESSAGE_CHECK in places that had been overlooked.

* UIProcess/Cocoa/PlaybackSessionManagerProxy.mm:
(WebKit::PlaybackSessionManagerProxy::setUpPlaybackControlsManagerWithID):
(WebKit::PlaybackSessionManagerProxy::currentTimeChanged):
(WebKit::PlaybackSessionManagerProxy::bufferedTimeChanged):
(WebKit::PlaybackSessionManagerProxy::seekableRangesVectorChanged):
(WebKit::PlaybackSessionManagerProxy::canPlayFastReverseChanged):
(WebKit::PlaybackSessionManagerProxy::audioMediaSelectionOptionsChanged):
(WebKit::PlaybackSessionManagerProxy::legibleMediaSelectionOptionsChanged):
(WebKit::PlaybackSessionManagerProxy::audioMediaSelectionIndexChanged):
(WebKit::PlaybackSessionManagerProxy::legibleMediaSelectionIndexChanged):
(WebKit::PlaybackSessionManagerProxy::externalPlaybackPropertiesChanged):
(WebKit::PlaybackSessionManagerProxy::wirelessVideoPlaybackDisabledChanged):
(WebKit::PlaybackSessionManagerProxy::mutedChanged):
(WebKit::PlaybackSessionManagerProxy::volumeChanged):
(WebKit::PlaybackSessionManagerProxy::durationChanged):
(WebKit::PlaybackSessionManagerProxy::playbackStartedTimeChanged):
(WebKit::PlaybackSessionManagerProxy::rateChanged):
(WebKit::PlaybackSessionManagerProxy::pictureInPictureSupportedChanged):
(WebKit::PlaybackSessionManagerProxy::pictureInPictureActiveChanged):
(WebKit::PlaybackSessionManagerProxy::handleControlledElementIDResponse const):
* UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp:
(WebKit::UserMediaCaptureManagerProxy::createMediaSourceForCaptureDeviceWithConstraints):
(WebKit::UserMediaCaptureManagerProxy::startProducingData):
(WebKit::UserMediaCaptureManagerProxy::stopProducingData):
(WebKit::UserMediaCaptureManagerProxy::end):
(WebKit::UserMediaCaptureManagerProxy::capabilities):
(WebKit::UserMediaCaptureManagerProxy::setMuted):
(WebKit::UserMediaCaptureManagerProxy::applyConstraints):
* UIProcess/Cocoa/VideoFullscreenManagerProxy.mm:
(WebKit::VideoFullscreenManagerProxy::setupFullscreenWithID):
(WebKit::VideoFullscreenManagerProxy::setHasVideo):
(WebKit::VideoFullscreenManagerProxy::setVideoDimensions):
(WebKit::VideoFullscreenManagerProxy::enterFullscreen):
(WebKit::VideoFullscreenManagerProxy::exitFullscreen):
(WebKit::VideoFullscreenManagerProxy::exitFullscreenWithoutAnimationToMode):
(WebKit::VideoFullscreenManagerProxy::setInlineRect):
(WebKit::VideoFullscreenManagerProxy::setHasVideoContentLayer):
(WebKit::VideoFullscreenManagerProxy::cleanupFullscreen):
(WebKit::VideoFullscreenManagerProxy::preparedToReturnToInline):
(WebKit::VideoFullscreenManagerProxy::preparedToExitFullscreen):
* UIProcess/ios/EditableImageController.mm:
(WebKit::EditableImageController::didCreateEditableImage):
(WebKit::EditableImageController::didDestroyEditableImage):
(WebKit::EditableImageController::associateWithAttachment):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@242378 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm
Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp
Source/WebKit/UIProcess/Cocoa/VideoFullscreenManagerProxy.mm
Source/WebKit/UIProcess/ios/EditableImageController.mm

index 8ac6dbf..c8b5e77 100644 (file)
@@ -1,3 +1,61 @@
+2019-03-04  Brent Fulgham  <bfulgham@apple.com>
+
+        Check contextIDs when handling WebContent messages
+        https://bugs.webkit.org/show_bug.cgi?id=195289
+        <rdar://problem/48475870>
+
+        Reviewed by Alex Christensen.
+
+        The WebContent process is untrusted because it handles arbitrary markup and javascript from untrusted sources.
+        We should handle its messages with suspicion, and make sure the arguments are valid and usable before honoring them.
+
+        This patch hardens the message passing layer by performing MESSAGE_CHECK in places that had been overlooked.
+
+        * UIProcess/Cocoa/PlaybackSessionManagerProxy.mm:
+        (WebKit::PlaybackSessionManagerProxy::setUpPlaybackControlsManagerWithID):
+        (WebKit::PlaybackSessionManagerProxy::currentTimeChanged):
+        (WebKit::PlaybackSessionManagerProxy::bufferedTimeChanged):
+        (WebKit::PlaybackSessionManagerProxy::seekableRangesVectorChanged):
+        (WebKit::PlaybackSessionManagerProxy::canPlayFastReverseChanged):
+        (WebKit::PlaybackSessionManagerProxy::audioMediaSelectionOptionsChanged):
+        (WebKit::PlaybackSessionManagerProxy::legibleMediaSelectionOptionsChanged):
+        (WebKit::PlaybackSessionManagerProxy::audioMediaSelectionIndexChanged):
+        (WebKit::PlaybackSessionManagerProxy::legibleMediaSelectionIndexChanged):
+        (WebKit::PlaybackSessionManagerProxy::externalPlaybackPropertiesChanged):
+        (WebKit::PlaybackSessionManagerProxy::wirelessVideoPlaybackDisabledChanged):
+        (WebKit::PlaybackSessionManagerProxy::mutedChanged):
+        (WebKit::PlaybackSessionManagerProxy::volumeChanged):
+        (WebKit::PlaybackSessionManagerProxy::durationChanged):
+        (WebKit::PlaybackSessionManagerProxy::playbackStartedTimeChanged):
+        (WebKit::PlaybackSessionManagerProxy::rateChanged):
+        (WebKit::PlaybackSessionManagerProxy::pictureInPictureSupportedChanged):
+        (WebKit::PlaybackSessionManagerProxy::pictureInPictureActiveChanged):
+        (WebKit::PlaybackSessionManagerProxy::handleControlledElementIDResponse const):
+        * UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp:
+        (WebKit::UserMediaCaptureManagerProxy::createMediaSourceForCaptureDeviceWithConstraints):
+        (WebKit::UserMediaCaptureManagerProxy::startProducingData):
+        (WebKit::UserMediaCaptureManagerProxy::stopProducingData):
+        (WebKit::UserMediaCaptureManagerProxy::end):
+        (WebKit::UserMediaCaptureManagerProxy::capabilities):
+        (WebKit::UserMediaCaptureManagerProxy::setMuted):
+        (WebKit::UserMediaCaptureManagerProxy::applyConstraints):
+        * UIProcess/Cocoa/VideoFullscreenManagerProxy.mm:
+        (WebKit::VideoFullscreenManagerProxy::setupFullscreenWithID):
+        (WebKit::VideoFullscreenManagerProxy::setHasVideo):
+        (WebKit::VideoFullscreenManagerProxy::setVideoDimensions):
+        (WebKit::VideoFullscreenManagerProxy::enterFullscreen):
+        (WebKit::VideoFullscreenManagerProxy::exitFullscreen):
+        (WebKit::VideoFullscreenManagerProxy::exitFullscreenWithoutAnimationToMode):
+        (WebKit::VideoFullscreenManagerProxy::setInlineRect):
+        (WebKit::VideoFullscreenManagerProxy::setHasVideoContentLayer):
+        (WebKit::VideoFullscreenManagerProxy::cleanupFullscreen):
+        (WebKit::VideoFullscreenManagerProxy::preparedToReturnToInline):
+        (WebKit::VideoFullscreenManagerProxy::preparedToExitFullscreen):
+        * UIProcess/ios/EditableImageController.mm:
+        (WebKit::EditableImageController::didCreateEditableImage):
+        (WebKit::EditableImageController::didDestroyEditableImage):
+        (WebKit::EditableImageController::associateWithAttachment):
+
 2019-03-04  Alex Christensen  <achristensen@webkit.org>
 
         Fix crashes when NetworkResourceLoader/NetworkLoadChecker are destroyed during HTTPS upgrade check
index 8677a04..f05d79c 100644 (file)
@@ -33,6 +33,8 @@
 #import "WebPageProxy.h"
 #import "WebProcessProxy.h"
 
+#define MESSAGE_CHECK_CONTEXTID(contextID) MESSAGE_CHECK_BASE(m_contextMap.isValidKey(contextId), m_page->process().connection())
+
 namespace WebKit {
 using namespace WebCore;
 
@@ -371,6 +373,7 @@ void PlaybackSessionManagerProxy::removeClientForContext(uint64_t contextId)
 
 void PlaybackSessionManagerProxy::setUpPlaybackControlsManagerWithID(uint64_t contextId)
 {
+    MESSAGE_CHECK_CONTEXTID(contextID);
     if (m_controlsManagerContextId == contextId)
         return;
 
@@ -396,16 +399,19 @@ void PlaybackSessionManagerProxy::clearPlaybackControlsManager()
 
 void PlaybackSessionManagerProxy::currentTimeChanged(uint64_t contextId, double currentTime, double hostTime)
 {
+    MESSAGE_CHECK_CONTEXTID(contextID);
     ensureModel(contextId).currentTimeChanged(currentTime);
 }
 
 void PlaybackSessionManagerProxy::bufferedTimeChanged(uint64_t contextId, double bufferedTime)
 {
+    MESSAGE_CHECK_CONTEXTID(contextID);
     ensureModel(contextId).bufferedTimeChanged(bufferedTime);
 }
 
 void PlaybackSessionManagerProxy::seekableRangesVectorChanged(uint64_t contextId, Vector<std::pair<double, double>> ranges, double lastModifiedTime, double liveUpdateInterval)
 {
+    MESSAGE_CHECK_CONTEXTID(contextID);
     Ref<TimeRanges> timeRanges = TimeRanges::create();
     for (const auto& range : ranges) {
         ASSERT(isfinite(range.first));
@@ -419,31 +425,37 @@ void PlaybackSessionManagerProxy::seekableRangesVectorChanged(uint64_t contextId
 
 void PlaybackSessionManagerProxy::canPlayFastReverseChanged(uint64_t contextId, bool value)
 {
+    MESSAGE_CHECK_CONTEXTID(contextID);
     ensureModel(contextId).canPlayFastReverseChanged(value);
 }
 
 void PlaybackSessionManagerProxy::audioMediaSelectionOptionsChanged(uint64_t contextId, Vector<MediaSelectionOption> options, uint64_t selectedIndex)
 {
+    MESSAGE_CHECK_CONTEXTID(contextID);
     ensureModel(contextId).audioMediaSelectionOptionsChanged(options, selectedIndex);
 }
 
 void PlaybackSessionManagerProxy::legibleMediaSelectionOptionsChanged(uint64_t contextId, Vector<MediaSelectionOption> options, uint64_t selectedIndex)
 {
+    MESSAGE_CHECK_CONTEXTID(contextID);
     ensureModel(contextId).legibleMediaSelectionOptionsChanged(options, selectedIndex);
 }
 
 void PlaybackSessionManagerProxy::audioMediaSelectionIndexChanged(uint64_t contextId, uint64_t selectedIndex)
 {
+    MESSAGE_CHECK_CONTEXTID(contextID);
     ensureModel(contextId).audioMediaSelectionIndexChanged(selectedIndex);
 }
 
 void PlaybackSessionManagerProxy::legibleMediaSelectionIndexChanged(uint64_t contextId, uint64_t selectedIndex)
 {
+    MESSAGE_CHECK_CONTEXTID(contextID);
     ensureModel(contextId).legibleMediaSelectionIndexChanged(selectedIndex);
 }
 
 void PlaybackSessionManagerProxy::externalPlaybackPropertiesChanged(uint64_t contextId, bool enabled, uint32_t targetType, String localizedDeviceName)
 {
+    MESSAGE_CHECK_CONTEXTID(contextID);
     PlaybackSessionModel::ExternalPlaybackTargetType type = static_cast<PlaybackSessionModel::ExternalPlaybackTargetType>(targetType);
     ASSERT(type == PlaybackSessionModel::TargetTypeAirPlay || type == PlaybackSessionModel::TargetTypeTVOut || type == PlaybackSessionModel::TargetTypeNone);
 
@@ -452,46 +464,55 @@ void PlaybackSessionManagerProxy::externalPlaybackPropertiesChanged(uint64_t con
 
 void PlaybackSessionManagerProxy::wirelessVideoPlaybackDisabledChanged(uint64_t contextId, bool disabled)
 {
+    MESSAGE_CHECK_CONTEXTID(contextID);
     ensureModel(contextId).wirelessVideoPlaybackDisabledChanged(disabled);
 }
 
 void PlaybackSessionManagerProxy::mutedChanged(uint64_t contextId, bool muted)
 {
+    MESSAGE_CHECK_CONTEXTID(contextID);
     ensureModel(contextId).mutedChanged(muted);
 }
 
 void PlaybackSessionManagerProxy::volumeChanged(uint64_t contextId, double volume)
 {
+    MESSAGE_CHECK_CONTEXTID(contextID);
     ensureModel(contextId).volumeChanged(volume);
 }
 
 void PlaybackSessionManagerProxy::durationChanged(uint64_t contextId, double duration)
 {
+    MESSAGE_CHECK_CONTEXTID(contextID);
     ensureModel(contextId).durationChanged(duration);
 }
 
 void PlaybackSessionManagerProxy::playbackStartedTimeChanged(uint64_t contextId, double playbackStartedTime)
 {
+    MESSAGE_CHECK_CONTEXTID(contextID);
     ensureModel(contextId).playbackStartedTimeChanged(playbackStartedTime);
 }
 
 void PlaybackSessionManagerProxy::rateChanged(uint64_t contextId, bool isPlaying, double rate)
 {
+    MESSAGE_CHECK_CONTEXTID(contextID);
     ensureModel(contextId).rateChanged(isPlaying, rate);
 }
 
 void PlaybackSessionManagerProxy::pictureInPictureSupportedChanged(uint64_t contextId, bool supported)
 {
+    MESSAGE_CHECK_CONTEXTID(contextID);
     ensureModel(contextId).pictureInPictureSupportedChanged(supported);
 }
 
 void PlaybackSessionManagerProxy::pictureInPictureActiveChanged(uint64_t contextId, bool active)
 {
+    MESSAGE_CHECK_CONTEXTID(contextID);
     ensureModel(contextId).pictureInPictureActiveChanged(active);
 }
 
 void PlaybackSessionManagerProxy::handleControlledElementIDResponse(uint64_t contextId, String identifier) const
 {
+    MESSAGE_CHECK_CONTEXTID(contextID);
 #if PLATFORM(MAC)
     if (contextId == m_controlsManagerContextId)
         m_page->handleControlledElementIDResponse(identifier);
@@ -607,4 +628,6 @@ PlatformPlaybackSessionInterface* PlaybackSessionManagerProxy::controlsManagerIn
 
 } // namespace WebKit
 
+#undef MESSAGE_CHECK_CONTEXTID
+
 #endif // PLATFORM(IOS_FAMILY) || (PLATFORM(MAC) && ENABLE(VIDEO_PRESENTATION_MODE))
index 154b997..f395fd7 100644 (file)
@@ -39,6 +39,8 @@
 #include <WebCore/WebAudioBufferList.h>
 #include <wtf/UniqueRef.h>
 
+#define MESSAGE_CHECK_CONTEXTID(id) MESSAGE_CHECK_BASE(m_proxies.isValidKey(id), m_process.connection())
+
 namespace WebKit {
 using namespace WebCore;
 
@@ -139,6 +141,8 @@ UserMediaCaptureManagerProxy::~UserMediaCaptureManagerProxy()
 
 void UserMediaCaptureManagerProxy::createMediaSourceForCaptureDeviceWithConstraints(uint64_t id, const CaptureDevice& device, String&& hashSalt, const MediaConstraints& constraints, bool& succeeded, String& invalidConstraints, WebCore::RealtimeMediaSourceSettings& settings)
 {
+    MESSAGE_CHECK_CONTEXTID(id);
+
     CaptureSourceOrError sourceOrError;
     switch (device.type()) {
     case WebCore::CaptureDevice::DeviceType::Microphone:
@@ -169,6 +173,7 @@ void UserMediaCaptureManagerProxy::createMediaSourceForCaptureDeviceWithConstrai
 
 void UserMediaCaptureManagerProxy::startProducingData(uint64_t id)
 {
+    MESSAGE_CHECK_CONTEXTID(id);
     auto iter = m_proxies.find(id);
     if (iter != m_proxies.end())
         iter->value->source().start();
@@ -176,6 +181,7 @@ void UserMediaCaptureManagerProxy::startProducingData(uint64_t id)
 
 void UserMediaCaptureManagerProxy::stopProducingData(uint64_t id)
 {
+    MESSAGE_CHECK_CONTEXTID(id);
     auto iter = m_proxies.find(id);
     if (iter != m_proxies.end())
         iter->value->source().stop();
@@ -183,11 +189,13 @@ void UserMediaCaptureManagerProxy::stopProducingData(uint64_t id)
 
 void UserMediaCaptureManagerProxy::end(uint64_t id)
 {
+    MESSAGE_CHECK_CONTEXTID(id);
     m_proxies.remove(id);
 }
 
 void UserMediaCaptureManagerProxy::capabilities(uint64_t id, WebCore::RealtimeMediaSourceCapabilities& capabilities)
 {
+    MESSAGE_CHECK_CONTEXTID(id);
     auto iter = m_proxies.find(id);
     if (iter != m_proxies.end())
         capabilities = iter->value->source().capabilities();
@@ -195,6 +203,7 @@ void UserMediaCaptureManagerProxy::capabilities(uint64_t id, WebCore::RealtimeMe
 
 void UserMediaCaptureManagerProxy::setMuted(uint64_t id, bool muted)
 {
+    MESSAGE_CHECK_CONTEXTID(id);
     auto iter = m_proxies.find(id);
     if (iter != m_proxies.end())
         iter->value->source().setMuted(muted);
@@ -202,6 +211,7 @@ void UserMediaCaptureManagerProxy::setMuted(uint64_t id, bool muted)
 
 void UserMediaCaptureManagerProxy::applyConstraints(uint64_t id, const WebCore::MediaConstraints& constraints)
 {
+    MESSAGE_CHECK_CONTEXTID(id);
     auto iter = m_proxies.find(id);
     if (iter == m_proxies.end())
         return;
@@ -221,4 +231,6 @@ void UserMediaCaptureManagerProxy::clear()
 
 }
 
+#undef MESSAGE_CHECK_CONTEXTID
+
 #endif
index cc6037d..6ba479e 100644 (file)
 
 #endif
 
+#define MESSAGE_CHECK_CONTEXTID(contextID) MESSAGE_CHECK_BASE(m_contextMap.isValidKey(contextId), m_page->process().connection())
+
 namespace WebKit {
 using namespace WebCore;
 
@@ -468,6 +470,8 @@ void VideoFullscreenManagerProxy::removeClientForContext(uint64_t contextId)
 
 void VideoFullscreenManagerProxy::setupFullscreenWithID(uint64_t contextId, uint32_t videoLayerID, const WebCore::IntRect& initialRect, float hostingDeviceScaleFactor, HTMLMediaElementEnums::VideoFullscreenMode videoFullscreenMode, bool allowsPictureInPicture, bool standby)
 {
+    MESSAGE_CHECK_CONTEXTID(contextId);
+
     ASSERT(videoLayerID);
     RefPtr<VideoFullscreenModelContext> model;
     RefPtr<PlatformVideoFullscreenInterface> interface;
@@ -504,16 +508,20 @@ void VideoFullscreenManagerProxy::setupFullscreenWithID(uint64_t contextId, uint
 
 void VideoFullscreenManagerProxy::setHasVideo(uint64_t contextId, bool hasVideo)
 {
+    MESSAGE_CHECK_CONTEXTID(contextId);
     ensureInterface(contextId).hasVideoChanged(hasVideo);
 }
 
 void VideoFullscreenManagerProxy::setVideoDimensions(uint64_t contextId, const FloatSize& videoDimensions)
 {
+    MESSAGE_CHECK_CONTEXTID(contextId);
     ensureInterface(contextId).videoDimensionsChanged(videoDimensions);
 }
 
 void VideoFullscreenManagerProxy::enterFullscreen(uint64_t contextId)
 {
+    MESSAGE_CHECK_CONTEXTID(contextId);
+
     auto& interface = ensureInterface(contextId);
     interface.enterFullscreen();
 
@@ -531,6 +539,8 @@ void VideoFullscreenManagerProxy::enterFullscreen(uint64_t contextId)
 
 void VideoFullscreenManagerProxy::exitFullscreen(uint64_t contextId, WebCore::IntRect finalRect)
 {
+    MESSAGE_CHECK_CONTEXTID(contextId);
+
     ASSERT(m_contextMap.contains(contextId));
     if (!m_contextMap.contains(contextId))
         return;
@@ -547,6 +557,7 @@ void VideoFullscreenManagerProxy::exitFullscreen(uint64_t contextId, WebCore::In
 #if PLATFORM(MAC) && ENABLE(VIDEO_PRESENTATION_MODE)
 void VideoFullscreenManagerProxy::exitFullscreenWithoutAnimationToMode(uint64_t contextId, WebCore::HTMLMediaElementEnums::VideoFullscreenMode targetMode)
 {
+    MESSAGE_CHECK_CONTEXTID(contextId);
     ensureInterface(contextId).exitFullscreenWithoutAnimationToMode(targetMode);
 }
 #endif
@@ -555,11 +566,13 @@ void VideoFullscreenManagerProxy::exitFullscreenWithoutAnimationToMode(uint64_t
 
 void VideoFullscreenManagerProxy::setInlineRect(uint64_t contextId, const WebCore::IntRect& inlineRect, bool visible)
 {
+    MESSAGE_CHECK_CONTEXTID(contextId);
     ensureInterface(contextId).setInlineRect(inlineRect, visible);
 }
 
 void VideoFullscreenManagerProxy::setHasVideoContentLayer(uint64_t contextId, bool value)
 {
+    MESSAGE_CHECK_CONTEXTID(contextId);
     ensureInterface(contextId).setHasVideoContentLayer(value);
 }
 
@@ -579,11 +592,13 @@ NO_RETURN_DUE_TO_ASSERT void VideoFullscreenManagerProxy::setHasVideoContentLaye
 
 void VideoFullscreenManagerProxy::cleanupFullscreen(uint64_t contextId)
 {
+    MESSAGE_CHECK_CONTEXTID(contextId);
     ensureInterface(contextId).cleanupFullscreen();
 }
 
 void VideoFullscreenManagerProxy::preparedToReturnToInline(uint64_t contextId, bool visible, WebCore::IntRect inlineRect)
 {
+    MESSAGE_CHECK_CONTEXTID(contextId);
     m_page->fullscreenMayReturnToInline();
 
 #if PLATFORM(IOS_FAMILY)
@@ -597,6 +612,7 @@ void VideoFullscreenManagerProxy::preparedToReturnToInline(uint64_t contextId, b
 
 void VideoFullscreenManagerProxy::preparedToExitFullscreen(uint64_t contextId)
 {
+    MESSAGE_CHECK_CONTEXTID(contextId);
     ensureInterface(contextId).preparedToExitFullscreen();
 }
 
@@ -697,4 +713,6 @@ void VideoFullscreenManagerProxy::fullscreenMayReturnToInline(uint64_t contextId
 
 } // namespace WebKit
 
+#undef MESSAGE_CHECK_CONTEXTID
+
 #endif // PLATFORM(IOS_FAMILY) || (PLATFORM(MAC) && ENABLE(VIDEO_PRESENTATION_MODE))
index a9ae981..d9376b5 100644 (file)
@@ -38,6 +38,8 @@
 #import <WebCore/GraphicsLayer.h>
 #import <wtf/RetainPtr.h>
 
+#define MESSAGE_CHECK_VIEWID(embeddedViewID) MESSAGE_CHECK_BASE(m_editableImages.isValidKey(embeddedViewID), connection())
+
 namespace WebKit {
 
 EditableImageController::EditableImageController(WebPageProxy& webPageProxy)
@@ -73,16 +75,19 @@ EditableImage* EditableImageController::editableImage(WebCore::GraphicsLayer::Em
 
 void EditableImageController::didCreateEditableImage(WebCore::GraphicsLayer::EmbeddedViewID embeddedViewID)
 {
+    MESSAGE_CHECK_VIEWID(embeddedViewID);
     ensureEditableImage(embeddedViewID);
 }
 
 void EditableImageController::didDestroyEditableImage(WebCore::GraphicsLayer::EmbeddedViewID embeddedViewID)
 {
+    MESSAGE_CHECK_VIEWID(embeddedViewID);
     m_editableImages.remove(embeddedViewID);
 }
 
 void EditableImageController::associateWithAttachment(WebCore::GraphicsLayer::EmbeddedViewID embeddedViewID, const String& attachmentID)
 {
+    MESSAGE_CHECK_VIEWID(embeddedViewID);
     if (!m_webPageProxy)
         return;
     auto& page = *m_webPageProxy;
@@ -150,4 +155,6 @@ WebPageProxy::ShouldUpdateAttachmentAttributes EditableImageController::willUpda
 
 } // namespace WebKit
 
+#undef MESSAGE_CHECK_VIEWID
+
 #endif // HAVE(PENCILKIT)