fix: postMessage crash with invalid transferrable (#46667)

* fix: postMessage crash with invalid transferrable Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com> * chore: address review feedback Co-authored-by: Charles Kerr <charles@charleskerr.com> Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com> --------- Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com> Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
2025-04-17 18:23:23 +02:00 · 2025-04-17 18:23:23 +02:00 · 301f7b4e64
commit 301f7b4e64
parent 7b66361ca8
5 changed files with 82 additions and 31 deletions
--- a/shell/browser/api/message_port.cc
+++ b/shell/browser/api/message_port.cc
@ -17,6 +17,7 @@
 #include "shell/common/gin_helper/dictionary.h"
 #include "shell/common/gin_helper/error_thrower.h"
 #include "shell/common/gin_helper/event_emitter_caller.h"
+#include "shell/common/gin_helper/wrappable.h"
 #include "shell/common/node_includes.h"
 #include "shell/common/v8_util.h"
 #include "third_party/abseil-cpp/absl/container/flat_hash_set.h"
@ -26,25 +27,6 @@

 namespace electron {

-namespace {
-
-bool IsValidWrappable(const v8::Local<v8::Value>& val) {
-  if (!val->IsObject())
-    return false;
-
-  v8::Local<v8::Object> port = val.As<v8::Object>();
-
-  if (port->InternalFieldCount() != gin::kNumberOfInternalFields)
-    return false;
-
-  const auto* info = static_cast<gin::WrapperInfo*>(
-      port->GetAlignedPointerFromInternalField(gin::kWrapperInfoIndex));
-
-  return info && info->embedder == gin::kEmbedderNativeGin;
-}
-
-}  // namespace
-
 gin::WrapperInfo MessagePort::kWrapperInfo = {gin::kEmbedderNativeGin};

 MessagePort::MessagePort() = default;
@ -77,16 +59,14 @@ void MessagePort::PostMessage(gin::Arguments* args) {
  blink::TransferableMessage transferable_message;
  gin_helper::ErrorThrower thrower(args->isolate());

+  // |message| is any value that can be serialized to StructuredClone.
  v8::Local<v8::Value> message_value;
-  if (!args->GetNext(&message_value)) {
-    thrower.ThrowTypeError("Expected at least one argument to postMessage");
-    return;
-  }
-
-  if (!electron::SerializeV8Value(args->isolate(), message_value,
-                                  &transferable_message)) {
-    // SerializeV8Value sets an exception.
-    return;
+  if (args->GetNext(&message_value)) {
+    if (!electron::SerializeV8Value(args->isolate(), message_value,
+                                    &transferable_message)) {
+      // SerializeV8Value sets an exception.
+      return;
+    }
  }

  v8::Local<v8::Value> transferables;
@ -100,7 +80,8 @@ void MessagePort::PostMessage(gin::Arguments* args) {
    }

    for (unsigned i = 0; i < wrapped_port_values.size(); ++i) {
-      if (!IsValidWrappable(wrapped_port_values[i])) {
+      if (!gin_helper::IsValidWrappable(wrapped_port_values[i],
+                                        &MessagePort::kWrapperInfo)) {
        thrower.ThrowTypeError("Port at index " + base::NumberToString(i) +
                               " is not a valid port");
        return;