State Restoration With NSSecureCoding on Sonoma

Milen Dzhumerov:

AppKit state restoration behaviour changed on macOS 14 Sonoma in a subtle way that can lead to apps not restoring their state correctly. The change can lead to silent breakages which can be hard to debug.

[…]

Violations can now arise in any -restoreStateWithCoder: implementations, so they need to be audited.

• Check for any usages of -[NSCoder decodeObjectForKey:].
  • Replace with the appropriate secure variants.
• At the end of -restoreStateWithCoder:, check the value of NSCoder.error property.
  • If it’s non-nil, an error must have occurred earlier.

This is necessary because AppKit uses NSDecodingFailurePolicySetErrorAndReturn, rather than raising an exception that couldn’t be caught with Swift.

I was already opting into using secure coding but have sometimes seen this error logged even though I was implementing that method:

WARNING: Secure coding is not enabled for restorable state! Enable secure coding by implementing NSApplicationDelegate.applicationSupportsSecureRestorableState: and returning YES.

See also: Jordan Morgan.

Previously:

• The Java Deserialization Bug and NSSecureCoding

Cocoa Mac macOS 14 Sonoma Programming

Comments RSS · Twitter · Mastodon

Leave a Comment

Name

E-mail (will not be published)

Web site

Δ