Changeset 174122 in webkit


Ignore:
Timestamp:
Sep 30, 2014, 2:05:08 PM (11 years ago)
Author:
mark.lam@apple.com
Message:

Label some asserts as having security implications.
<https://webkit.org/b/137260>

Reviewed by Filip Pizlo.

  • dfg/DFGGraph.cpp:

(JSC::DFG::Graph::handleAssertionFailure):

  • runtime/JSCell.h:

(JSC::jsCast):

  • runtime/StructureIDTable.h:

(JSC::StructureIDTable::get):

Location:
trunk/Source/JavaScriptCore
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r174121 r174122  
     12014-09-30  Mark Lam  <mark.lam@apple.com>
     2
     3        Label some asserts as having security implications.
     4        <https://webkit.org/b/137260>
     5
     6        Reviewed by Filip Pizlo.
     7
     8        * dfg/DFGGraph.cpp:
     9        (JSC::DFG::Graph::handleAssertionFailure):
     10        * runtime/JSCell.h:
     11        (JSC::jsCast):
     12        * runtime/StructureIDTable.h:
     13        (JSC::StructureIDTable::get):
     14
    1152014-09-30  Filip Pizlo  <fpizlo@apple.com>
    216

  • trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp

    r173993 r174122  
    12291229    dataLog("DFG ASSERTION FAILED: ", assertion, "\n");
    12301230    dataLog(file, "(", line, ") : ", function, "\n");
    1231     CRASH();
     1231    CRASH_WITH_SECURITY_IMPLICATION();
    12321232}
    12331233

  • trunk/Source/JavaScriptCore/runtime/JSCell.h

    r173706 r174122  
    235235inline To jsCast(From* from)
    236236{
    237     ASSERT(!from || from->JSCell::inherits(std::remove_pointer<To>::type::info()));
     237    ASSERT_WITH_SECURITY_IMPLICATION(!from || from->JSCell::inherits(std::remove_pointer<To>::type::info()));
    238238    return static_cast<To>(from);
    239239}
     
    242242inline To jsCast(JSValue from)
    243243{
    244     ASSERT(from.isCell() && from.asCell()->JSCell::inherits(std::remove_pointer<To>::type::info()));
     244    ASSERT_WITH_SECURITY_IMPLICATION(from.isCell() && from.asCell()->JSCell::inherits(std::remove_pointer<To>::type::info()));
    245245    return static_cast<To>(from.asCell());
    246246}

  • trunk/Source/JavaScriptCore/runtime/StructureIDTable.h

    r171953 r174122  
    8484{
    8585#if USE(JSVALUE64)
    86     ASSERT(structureID && structureID < m_capacity);
     86    ASSERT_WITH_SECURITY_IMPLICATION(structureID && structureID < m_capacity);
    8787    return table()[structureID].structure;
    8888#else
Note: See TracChangeset for help on using the changeset viewer.