github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-04-10 03:01:51 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: bounds-check the IPC result before accessing. (#24041)

Browse Source 
* fix: bounds-check the IPC result before accessing.

* fix: address feedback about safety checking JS too

* fix: address feedback: check JS array length, too.
This commit is contained in:
Charles Kerr
2020-06-11 11:47:58 -05:00
committed by GitHub
parent 4fb7b33b2b
commit cbaaf6a34e
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/renderer/api/ipc-renderer.js
View File

@@ -13,7 +13,11 @@ if (!ipcRenderer.send) {
};
ipcRenderer.sendSync = function (channel, ...args) {
return ipc.sendSync(internal, channel, args)[0];
const result = ipc.sendSync(internal, channel, args);
if (!Array.isArray(result) || result.length !== 1) {
throw new Error(`Unexpected return value from ipcRenderer.sendSync: ${result}`);
}
return result[0];
};
ipcRenderer.sendToHost = function (channel, ...args) {

4
shell/renderer/api/atom_api_renderer_ipc.cc
View File

@@ -102,6 +102,10 @@ class IPCRenderer : public mate::Wrappable<IPCRenderer> {
electron_browser_ptr_->MessageSync(internal, channel, std::move(arguments),
&result);
if (!result.is_list() || result.GetList().empty())
return base::Value{};
return std::move(result.GetList().at(0));
}