Fix unsafe buffer usage in native_widget_mac_nswindow.mm

Commit: 1334f236 | 2025-08-04 16:07:50+00:00

โ† Back to List

Fix unsafe buffer usage in native_widget_mac_nswindow.mm

Minor
Commit Hash: 1334f2366c0eb9108d6099404ef160cce90a3a7d
Commit Time: 2025-08-04 16:07:50+00:00
Impact Level: Minor
Generated By: webview2-upstream-sentry
Upstream Review: View Upstream Review ๐Ÿ”—

๐Ÿ“‹ Summary

This submission fixes unsafe buffer usage issues in the native_widget_mac_nswindow.mm file. The main changes include: 1) removing the UNSAFE_BUFFERS_BUILD preprocessor directive and #pragma allow_unsafe_buffers at the beginning of the file; 2) in the reallySaveRestorableState method, replacing the unsafe std::vector constructor that uses pointer arithmetic with the safer base::apple::NSDataToSpan() and base::span::copy_from() methods to copy data from the NSData object. This change is intended to improve the memory safety of the code and prevent potential buffer overflow or out-of-bounds access issues.

๐ŸŽฏ Impact Analysis

This change has a positive impact on WebView2Mac. Although the core of the change is to improve memory safety, it does not alter the external interface or core functionality of the NativeWidgetMacNSWindow class. Since WebView2Mac inherits from remote_cocoa::NativeWidgetNSWindowBridge via HostingNSWindowBridge and relies on NativeWidgetMacNSWindow for window management, this security fix will enhance the stability and safety of WebView2Mac when handling window state restoration data. The reallySaveRestorableState method is responsible for saving the windowโ€™s restorable state data, which is important for WebView2Macโ€™s window lifecycle management. Safer buffer operations can reduce the risk of crashes caused by memory errors and improve overall stability. This change does not affect the functional features or performance of WebView2Mac.

Impacted Classes:

NativeWidgetMacNSWindow remote_cocoa::NativeWidgetNSWindowBridge