Skip to site navigation (Press enter)

[webkit-changes] [140633] trunk/Source

inferno Wed, 23 Jan 2013 18:53:46 -0800

Title: [140633] trunk/Source

Revision: 140633
Author: [email protected]
Date: 2013-01-23 18:55:32 -0800 (Wed, 23 Jan 2013)

Log Message

Add support for ASSERT_WITH_SECURITY_IMPLICATION.
https://bugs.webkit.org/show_bug.cgi?id=107699


Reviewed by Eric Seidel.

Source/WebCore:

* dom/ContainerNode.cpp:
(WebCore::ContainerNode::parserInsertBefore): Use ASSERT_WITH_SECURITY_IMPLICATION
for document confusion ASSERT(document() == newChild->document())
(WebCore::ContainerNode::parserAppendChild): same.

Source/WTF:

* wtf/Assertions.h: Add ASSERT_WITH_SECURITY_IMPLICATION to
indicate possible security vulnerabily and enable it by default
in fuzzing builds.
* wtf/Vector.h: Use ASSERT_WITH_SECURITY_IMPLICATION for
bounds check on [] operator.

Modified Paths

trunk/Source/WTF/ChangeLog
trunk/Source/WTF/wtf/Assertions.h
trunk/Source/WTF/wtf/Vector.h
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/dom/ContainerNode.cpp

Diff

Modified: trunk/Source/WTF/ChangeLog (140632 => 140633)


--- trunk/Source/WTF/ChangeLog	2013-01-24 02:40:59 UTC (rev 140632)
+++ trunk/Source/WTF/ChangeLog	2013-01-24 02:55:32 UTC (rev 140633)
@@ -1,3 +1,16 @@
+2013-01-23  Abhishek Arya  <[email protected]>
+
+        Add support for ASSERT_WITH_SECURITY_IMPLICATION.
+        https://bugs.webkit.org/show_bug.cgi?id=107699
+
+        Reviewed by Eric Seidel.
+
+        * wtf/Assertions.h: Add ASSERT_WITH_SECURITY_IMPLICATION to
+        indicate possible security vulnerabily and enable it by default
+        in fuzzing builds.
+        * wtf/Vector.h: Use ASSERT_WITH_SECURITY_IMPLICATION for
+        bounds check on [] operator.
+
 2013-01-23  Tony Chang  <[email protected]>
 
         Unreviewed, set svn:eol-style to CRLF on Windows .sln files.

Modified: trunk/Source/WTF/wtf/Assertions.h (140632 => 140633)


--- trunk/Source/WTF/wtf/Assertions.h	2013-01-24 02:40:59 UTC (rev 140632)
+++ trunk/Source/WTF/wtf/Assertions.h	2013-01-24 02:55:32 UTC (rev 140633)
@@ -266,6 +266,28 @@
 
 #endif
 
+/* ASSERT_WITH_SECURITY_IMPLICATION
+   
+   Failure of this assertion indicates a possible security vulnerability.
+   Class of vulnerabilities that it tests include bad casts, out of bounds
+   accesses, use-after-frees, etc. Please file a bug using the security
+   template - https://bugs.webkit.org/enter_bug.cgi?product=Security.
+
+*/
+#ifdef ADDRESS_SANITIZER
+
+#define ASSERT_WITH_SECURITY_IMPLICATION(assertion) \
+    (!(assertion) ? \
+        (WTFReportAssertionFailure(__FILE__, __LINE__, WTF_PRETTY_FUNCTION, #assertion), \
+         CRASH()) : \
+        (void)0)
+
+#else
+
+#define ASSERT_WITH_SECURITY_IMPLICATION(assertion) ASSERT(assertion)
+
+#endif
+
 /* ASSERT_WITH_MESSAGE */
 
 #if COMPILER(MSVC7_OR_LOWER)

Modified: trunk/Source/WTF/wtf/Vector.h (140632 => 140633)


--- trunk/Source/WTF/wtf/Vector.h	2013-01-24 02:40:59 UTC (rev 140632)
+++ trunk/Source/WTF/wtf/Vector.h	2013-01-24 02:55:32 UTC (rev 140633)
@@ -547,12 +547,12 @@
 
         T& at(size_t i) 
         { 
-            ASSERT(i < size());
+            ASSERT_WITH_SECURITY_IMPLICATION(i < size());
             return m_buffer.buffer()[i]; 
         }
         const T& at(size_t i) const 
         {
-            ASSERT(i < size());
+            ASSERT_WITH_SECURITY_IMPLICATION(i < size());
             return m_buffer.buffer()[i]; 
         }

Modified: trunk/Source/WebCore/ChangeLog (140632 => 140633)


--- trunk/Source/WebCore/ChangeLog	2013-01-24 02:40:59 UTC (rev 140632)
+++ trunk/Source/WebCore/ChangeLog	2013-01-24 02:55:32 UTC (rev 140633)
@@ -1,3 +1,15 @@
+2013-01-23  Abhishek Arya  <[email protected]>
+
+        Add support for ASSERT_WITH_SECURITY_IMPLICATION.
+        https://bugs.webkit.org/show_bug.cgi?id=107699
+
+        Reviewed by Eric Seidel.
+
+        * dom/ContainerNode.cpp:
+        (WebCore::ContainerNode::parserInsertBefore): Use ASSERT_WITH_SECURITY_IMPLICATION
+        for document confusion ASSERT(document() == newChild->document())
+        (WebCore::ContainerNode::parserAppendChild): same.
+
 2013-01-23  Ian Vollick  <[email protected]>
 
         Unreviewed build fix.

Modified: trunk/Source/WebCore/dom/ContainerNode.cpp (140632 => 140633)


--- trunk/Source/WebCore/dom/ContainerNode.cpp	2013-01-24 02:40:59 UTC (rev 140632)
+++ trunk/Source/WebCore/dom/ContainerNode.cpp	2013-01-24 02:55:32 UTC (rev 140633)
@@ -323,8 +323,8 @@
     ASSERT(newChild);
     ASSERT(nextChild);
     ASSERT(nextChild->parentNode() == this);
-    ASSERT(document() == newChild->document());
     ASSERT(!newChild->isDocumentFragment());
+    ASSERT_WITH_SECURITY_IMPLICATION(document() == newChild->document());
 
     if (nextChild->previousSibling() == newChild || nextChild == newChild) // nothing to do
         return;
@@ -696,7 +696,7 @@
     ASSERT(newChild);
     ASSERT(!newChild->parentNode()); // Use appendChild if you need to handle reparenting (and want DOM mutation events).
     ASSERT(!newChild->isDocumentFragment());
-    ASSERT(document() == newChild->document());
+    ASSERT_WITH_SECURITY_IMPLICATION(document() == newChild->document());
 
     Node* last = m_lastChild;
     {

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes