Diff
Modified: trunk/Source/WebCore/ChangeLog (141515 => 141516)
--- trunk/Source/WebCore/ChangeLog 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/ChangeLog 2013-02-01 01:39:31 UTC (rev 141516)
@@ -1,3 +1,61 @@
+2013-01-31 Abhishek Arya <infe...@chromium.org>
+
+ Use ASSERT_WITH_SECURITY_IMPLICATION to catch bad casts in DOM
+ https://bugs.webkit.org/show_bug.cgi?id=108490
+
+ Reviewed by Eric Seidel.
+
+ * dom/ContainerNode.h:
+ (WebCore::toContainerNode):
+ * dom/Element.h:
+ (WebCore::toElement):
+ * dom/ShadowRoot.h:
+ (WebCore::toShadowRoot):
+ * dom/Text.h:
+ (WebCore::toText):
+ * html/HTMLElement.h:
+ (HTMLElement):
+ (WebCore::toHTMLElement):
+ * html/HTMLFrameOwnerElement.h:
+ (WebCore::toFrameOwnerElement):
+ * html/HTMLMediaElement.cpp:
+ (WebCore::HTMLMediaElement::hasMediaControls):
+ * html/HTMLTemplateElement.cpp:
+ (WebCore::toHTMLTemplateElement):
+ * html/HTMLUnknownElement.h:
+ (WebCore::toHTMLUnknownElement):
+ * html/shadow/InsertionPoint.h:
+ (WebCore::toInsertionPoint):
+ * html/shadow/MediaControlElementTypes.cpp:
+ (WebCore::mediaControlElementType):
+ * html/shadow/MediaControls.h:
+ (WebCore::toMediaControls):
+ * html/shadow/SliderThumbElement.h:
+ (WebCore::toSliderThumbElement):
+ * html/shadow/TextControlInnerElements.h:
+ (WebCore::toInputFieldSpeechButtonElement):
+ * html/shadow/TextFieldDecorationElement.h:
+ (WebCore::toTextFieldDecorationElement):
+ * html/track/WebVTTElement.h:
+ (WebCore::toWebVTTElement):
+ * mathml/MathMLElement.h:
+ (WebCore::toMathMLElement):
+ * page/scrolling/ScrollingStateFixedNode.h:
+ (WebCore::toScrollingStateFixedNode):
+ * page/scrolling/ScrollingStateScrollingNode.h:
+ (WebCore::toScrollingStateScrollingNode):
+ * page/scrolling/ScrollingStateStickyNode.h:
+ (WebCore::toScrollingStateStickyNode):
+ * rendering/RenderLayer.cpp:
+ (WebCore::RenderLayer::resize):
+ * rendering/svg/SVGResources.cpp:
+ (WebCore::registerPendingResource):
+ (WebCore::SVGResources::buildCachedResources):
+ * svg/SVGElement.h:
+ (WebCore::toSVGElement):
+ * svg/SVGStyledElement.h:
+ (WebCore::toSVGStyledElement):
+
2013-01-31 Christopher Cameron <ccame...@chromium.org>
Fix rubber-band effect on non-scrollable pages
Modified: trunk/Source/WebCore/dom/ContainerNode.h (141515 => 141516)
--- trunk/Source/WebCore/dom/ContainerNode.h 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/dom/ContainerNode.h 2013-02-01 01:39:31 UTC (rev 141516)
@@ -175,13 +175,13 @@
inline ContainerNode* toContainerNode(Node* node)
{
- ASSERT(!node || node->isContainerNode());
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isContainerNode());
return static_cast<ContainerNode*>(node);
}
inline const ContainerNode* toContainerNode(const Node* node)
{
- ASSERT(!node || node->isContainerNode());
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isContainerNode());
return static_cast<const ContainerNode*>(node);
}
Modified: trunk/Source/WebCore/dom/Element.h (141515 => 141516)
--- trunk/Source/WebCore/dom/Element.h 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/dom/Element.h 2013-02-01 01:39:31 UTC (rev 141516)
@@ -617,13 +617,13 @@
inline Element* toElement(Node* node)
{
- ASSERT(!node || node->isElementNode());
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isElementNode());
return static_cast<Element*>(node);
}
inline const Element* toElement(const Node* node)
{
- ASSERT(!node || node->isElementNode());
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isElementNode());
return static_cast<const Element*>(node);
}
Modified: trunk/Source/WebCore/dom/ShadowRoot.h (141515 => 141516)
--- trunk/Source/WebCore/dom/ShadowRoot.h 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/dom/ShadowRoot.h 2013-02-01 01:39:31 UTC (rev 141516)
@@ -128,7 +128,7 @@
inline const ShadowRoot* toShadowRoot(const Node* node)
{
- ASSERT(!node || node->isShadowRoot());
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isShadowRoot());
return static_cast<const ShadowRoot*>(node);
}
Modified: trunk/Source/WebCore/dom/Text.h (141515 => 141516)
--- trunk/Source/WebCore/dom/Text.h 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/dom/Text.h 2013-02-01 01:39:31 UTC (rev 141516)
@@ -75,7 +75,7 @@
inline Text* toText(Node* node)
{
- ASSERT(!node || node->isTextNode());
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isTextNode());
return static_cast<Text*>(node);
}
Modified: trunk/Source/WebCore/html/HTMLElement.h (141515 => 141516)
--- trunk/Source/WebCore/html/HTMLElement.h 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/html/HTMLElement.h 2013-02-01 01:39:31 UTC (rev 141516)
@@ -102,9 +102,7 @@
void getItemRefElements(Vector<HTMLElement*>&);
#endif
-#ifndef NDEBUG
virtual bool isHTMLUnknownElement() const { return false; }
-#endif
virtual bool isLabelable() const { return false; }
virtual bool isFocusableByClickOnLabel() const;
@@ -153,13 +151,13 @@
inline HTMLElement* toHTMLElement(Node* node)
{
- ASSERT(!node || node->isHTMLElement());
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isHTMLElement());
return static_cast<HTMLElement*>(node);
}
inline const HTMLElement* toHTMLElement(const Node* node)
{
- ASSERT(!node || node->isHTMLElement());
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isHTMLElement());
return static_cast<const HTMLElement*>(node);
}
Modified: trunk/Source/WebCore/html/HTMLFrameOwnerElement.h (141515 => 141516)
--- trunk/Source/WebCore/html/HTMLFrameOwnerElement.h 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/html/HTMLFrameOwnerElement.h 2013-02-01 01:39:31 UTC (rev 141516)
@@ -74,7 +74,7 @@
inline HTMLFrameOwnerElement* toFrameOwnerElement(Node* node)
{
- ASSERT(!node || node->isFrameOwnerElement());
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isFrameOwnerElement());
return static_cast<HTMLFrameOwnerElement*>(node);
}
Modified: trunk/Source/WebCore/html/HTMLMediaElement.cpp (141515 => 141516)
--- trunk/Source/WebCore/html/HTMLMediaElement.cpp 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/html/HTMLMediaElement.cpp 2013-02-01 01:39:31 UTC (rev 141516)
@@ -4274,7 +4274,7 @@
{
if (ShadowRoot* userAgent = userAgentShadowRoot()) {
Node* node = userAgent->firstChild();
- ASSERT(!node || node->isMediaControls());
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isMediaControls());
return node;
}
Modified: trunk/Source/WebCore/html/HTMLTemplateElement.cpp (141515 => 141516)
--- trunk/Source/WebCore/html/HTMLTemplateElement.cpp 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/html/HTMLTemplateElement.cpp 2013-02-01 01:39:31 UTC (rev 141516)
@@ -88,7 +88,7 @@
#ifndef NDEBUG
const HTMLTemplateElement* toHTMLTemplateElement(const Node* node)
{
- ASSERT(!node || (node->isHTMLElement() && node->hasTagName(templateTag)));
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || (node->isHTMLElement() && node->hasTagName(templateTag)));
return static_cast<const HTMLTemplateElement*>(node);
}
#endif
Modified: trunk/Source/WebCore/html/HTMLUnknownElement.h (141515 => 141516)
--- trunk/Source/WebCore/html/HTMLUnknownElement.h 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/html/HTMLUnknownElement.h 2013-02-01 01:39:31 UTC (rev 141516)
@@ -41,9 +41,7 @@
return adoptRef(new HTMLUnknownElement(tagName, document));
}
-#ifndef NDEBUG
virtual bool isHTMLUnknownElement() const OVERRIDE { return true; }
-#endif
private:
HTMLUnknownElement(const QualifiedName& tagName, Document* document)
@@ -54,7 +52,7 @@
inline HTMLUnknownElement* toHTMLUnknownElement(HTMLElement* element)
{
- ASSERT(!element || element->isHTMLUnknownElement());
+ ASSERT_WITH_SECURITY_IMPLICATION(!element || element->isHTMLUnknownElement());
return static_cast<HTMLUnknownElement*>(element);
}
Modified: trunk/Source/WebCore/html/shadow/InsertionPoint.h (141515 => 141516)
--- trunk/Source/WebCore/html/shadow/InsertionPoint.h 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/html/shadow/InsertionPoint.h 2013-02-01 01:39:31 UTC (rev 141516)
@@ -105,13 +105,13 @@
inline InsertionPoint* toInsertionPoint(Node* node)
{
- ASSERT(!node || node->isInsertionPoint());
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isInsertionPoint());
return static_cast<InsertionPoint*>(node);
}
inline const InsertionPoint* toInsertionPoint(const Node* node)
{
- ASSERT(!node || node->isInsertionPoint());
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isInsertionPoint());
return static_cast<const InsertionPoint*>(node);
}
Modified: trunk/Source/WebCore/html/shadow/MediaControlElementTypes.cpp (141515 => 141516)
--- trunk/Source/WebCore/html/shadow/MediaControlElementTypes.cpp 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/html/shadow/MediaControlElementTypes.cpp 2013-02-01 01:39:31 UTC (rev 141516)
@@ -66,7 +66,7 @@
MediaControlElementType mediaControlElementType(Node* node)
{
- ASSERT(node->isMediaControlElement());
+ ASSERT_WITH_SECURITY_IMPLICATION(node->isMediaControlElement());
HTMLElement* element = toHTMLElement(node);
if (element->hasTagName(inputTag))
return static_cast<MediaControlInputElement*>(element)->displayType();
Modified: trunk/Source/WebCore/html/shadow/MediaControls.h (141515 => 141516)
--- trunk/Source/WebCore/html/shadow/MediaControls.h 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/html/shadow/MediaControls.h 2013-02-01 01:39:31 UTC (rev 141516)
@@ -145,7 +145,7 @@
inline MediaControls* toMediaControls(Node* node)
{
- ASSERT(!node || node->isMediaControls());
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isMediaControls());
return static_cast<MediaControls*>(node);
}
Modified: trunk/Source/WebCore/html/shadow/SliderThumbElement.h (141515 => 141516)
--- trunk/Source/WebCore/html/shadow/SliderThumbElement.h 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/html/shadow/SliderThumbElement.h 2013-02-01 01:39:31 UTC (rev 141516)
@@ -93,7 +93,7 @@
inline SliderThumbElement* toSliderThumbElement(Node* node)
{
- ASSERT(!node || node->isHTMLElement());
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isHTMLElement());
return static_cast<SliderThumbElement*>(node);
}
Modified: trunk/Source/WebCore/html/shadow/TextControlInnerElements.h (141515 => 141516)
--- trunk/Source/WebCore/html/shadow/TextControlInnerElements.h 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/html/shadow/TextControlInnerElements.h 2013-02-01 01:39:31 UTC (rev 141516)
@@ -133,7 +133,7 @@
inline InputFieldSpeechButtonElement* toInputFieldSpeechButtonElement(Element* element)
{
- ASSERT(!element || element->isInputFieldSpeechButtonElement());
+ ASSERT_WITH_SECURITY_IMPLICATION(!element || element->isInputFieldSpeechButtonElement());
return static_cast<InputFieldSpeechButtonElement*>(element);
}
Modified: trunk/Source/WebCore/html/shadow/TextFieldDecorationElement.h (141515 => 141516)
--- trunk/Source/WebCore/html/shadow/TextFieldDecorationElement.h 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/html/shadow/TextFieldDecorationElement.h 2013-02-01 01:39:31 UTC (rev 141516)
@@ -95,8 +95,8 @@
inline TextFieldDecorationElement* toTextFieldDecorationElement(Node* node)
{
ASSERT(node);
- ASSERT(node->isElementNode());
- ASSERT(static_cast<Element*>(node)->isTextFieldDecoration());
+ ASSERT_WITH_SECURITY_IMPLICATION(node->isElementNode());
+ ASSERT_WITH_SECURITY_IMPLICATION(static_cast<Element*>(node)->isTextFieldDecoration());
return static_cast<TextFieldDecorationElement*>(node);
}
Modified: trunk/Source/WebCore/html/track/WebVTTElement.h (141515 => 141516)
--- trunk/Source/WebCore/html/track/WebVTTElement.h 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/html/track/WebVTTElement.h 2013-02-01 01:39:31 UTC (rev 141516)
@@ -51,7 +51,7 @@
inline WebVTTElement* toWebVTTElement(Node* node)
{
- ASSERT(!node || node->isWebVTTElement());
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isWebVTTElement());
return static_cast<WebVTTElement*>(node);
}
Modified: trunk/Source/WebCore/mathml/MathMLElement.h (141515 => 141516)
--- trunk/Source/WebCore/mathml/MathMLElement.h 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/mathml/MathMLElement.h 2013-02-01 01:39:31 UTC (rev 141516)
@@ -54,7 +54,7 @@
inline MathMLElement* toMathMLElement(Node* node)
{
- ASSERT(!node || (node->isElementNode() && static_cast<Element*>(node)->isMathMLElement()));
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || (node->isElementNode() && static_cast<Element*>(node)->isMathMLElement()));
return static_cast<MathMLElement*>(node);
}
Modified: trunk/Source/WebCore/page/scrolling/ScrollingStateFixedNode.h (141515 => 141516)
--- trunk/Source/WebCore/page/scrolling/ScrollingStateFixedNode.h 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/page/scrolling/ScrollingStateFixedNode.h 2013-02-01 01:39:31 UTC (rev 141516)
@@ -72,7 +72,7 @@
inline ScrollingStateFixedNode* toScrollingStateFixedNode(ScrollingStateNode* node)
{
- ASSERT(!node || node->isFixedNode());
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isFixedNode());
return static_cast<ScrollingStateFixedNode*>(node);
}
Modified: trunk/Source/WebCore/page/scrolling/ScrollingStateScrollingNode.h (141515 => 141516)
--- trunk/Source/WebCore/page/scrolling/ScrollingStateScrollingNode.h 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/page/scrolling/ScrollingStateScrollingNode.h 2013-02-01 01:39:31 UTC (rev 141516)
@@ -161,7 +161,7 @@
inline ScrollingStateScrollingNode* toScrollingStateScrollingNode(ScrollingStateNode* node)
{
- ASSERT(!node || node->isScrollingNode());
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isScrollingNode());
return static_cast<ScrollingStateScrollingNode*>(node);
}
Modified: trunk/Source/WebCore/page/scrolling/ScrollingStateStickyNode.h (141515 => 141516)
--- trunk/Source/WebCore/page/scrolling/ScrollingStateStickyNode.h 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/page/scrolling/ScrollingStateStickyNode.h 2013-02-01 01:39:31 UTC (rev 141516)
@@ -72,7 +72,7 @@
inline ScrollingStateStickyNode* toScrollingStateStickyNode(ScrollingStateNode* node)
{
- ASSERT(!node || node->isStickyNode());
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isStickyNode());
return static_cast<ScrollingStateStickyNode*>(node);
}
Modified: trunk/Source/WebCore/rendering/RenderLayer.cpp (141515 => 141516)
--- trunk/Source/WebCore/rendering/RenderLayer.cpp 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/rendering/RenderLayer.cpp 2013-02-01 01:39:31 UTC (rev 141516)
@@ -2386,7 +2386,7 @@
LayoutSize difference = (currentSize + newOffset - adjustedOldOffset).expandedTo(minimumSize) - currentSize;
- ASSERT(element->isStyledElement());
+ ASSERT_WITH_SECURITY_IMPLICATION(element->isStyledElement());
StyledElement* styledElement = static_cast<StyledElement*>(element);
bool isBoxSizingBorder = renderer->style()->boxSizing() == BORDER_BOX;
Modified: trunk/Source/WebCore/rendering/svg/SVGResources.cpp (141515 => 141516)
--- trunk/Source/WebCore/rendering/svg/SVGResources.cpp 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/rendering/svg/SVGResources.cpp 2013-02-01 01:39:31 UTC (rev 141516)
@@ -179,7 +179,7 @@
static inline void registerPendingResource(SVGDocumentExtensions* extensions, const AtomicString& id, SVGElement* element)
{
ASSERT(element);
- ASSERT(element->isStyled());
+ ASSERT_WITH_SECURITY_IMPLICATION(element->isStyled());
extensions->addPendingResource(id, static_cast<SVGStyledElement*>(element));
}
@@ -190,7 +190,7 @@
Node* node = object->node();
ASSERT(node);
- ASSERT(node->isSVGElement());
+ ASSERT_WITH_SECURITY_IMPLICATION(node->isSVGElement());
SVGElement* element = static_cast<SVGElement*>(node);
if (!element)
Modified: trunk/Source/WebCore/svg/SVGElement.h (141515 => 141516)
--- trunk/Source/WebCore/svg/SVGElement.h 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/svg/SVGElement.h 2013-02-01 01:39:31 UTC (rev 141516)
@@ -170,7 +170,7 @@
inline SVGElement* toSVGElement(Element* element)
{
- ASSERT(!element || element->isSVGElement());
+ ASSERT_WITH_SECURITY_IMPLICATION(!element || element->isSVGElement());
return static_cast<SVGElement*>(element);
}
Modified: trunk/Source/WebCore/svg/SVGStyledElement.h (141515 => 141516)
--- trunk/Source/WebCore/svg/SVGStyledElement.h 2013-02-01 01:34:04 UTC (rev 141515)
+++ trunk/Source/WebCore/svg/SVGStyledElement.h 2013-02-01 01:39:31 UTC (rev 141516)
@@ -95,7 +95,7 @@
inline SVGStyledElement* toSVGStyledElement(Node* node)
{
- ASSERT(!node || (node->isStyledElement() && node->isSVGElement()));
+ ASSERT_WITH_SECURITY_IMPLICATION(!node || (node->isStyledElement() && node->isSVGElement()));
return static_cast<SVGStyledElement*>(node);
}
