Changeset 140633 in webkit
- Timestamp:
- Jan 23, 2013 6:55:32 PM (11 years ago)
- Location:
- trunk/Source
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WTF/ChangeLog
r140590 r140633 1 2013-01-23 Abhishek Arya <inferno@chromium.org> 2 3 Add support for ASSERT_WITH_SECURITY_IMPLICATION. 4 https://bugs.webkit.org/show_bug.cgi?id=107699 5 6 Reviewed by Eric Seidel. 7 8 * wtf/Assertions.h: Add ASSERT_WITH_SECURITY_IMPLICATION to 9 indicate possible security vulnerabily and enable it by default 10 in fuzzing builds. 11 * wtf/Vector.h: Use ASSERT_WITH_SECURITY_IMPLICATION for 12 bounds check on [] operator. 13 1 14 2013-01-23 Tony Chang <tony@chromium.org> 2 15 -
trunk/Source/WTF/wtf/Assertions.h
r140577 r140633 267 267 #endif 268 268 269 /* ASSERT_WITH_SECURITY_IMPLICATION 270 271 Failure of this assertion indicates a possible security vulnerability. 272 Class of vulnerabilities that it tests include bad casts, out of bounds 273 accesses, use-after-frees, etc. Please file a bug using the security 274 template - https://bugs.webkit.org/enter_bug.cgi?product=Security. 275 276 */ 277 #ifdef ADDRESS_SANITIZER 278 279 #define ASSERT_WITH_SECURITY_IMPLICATION(assertion) \ 280 (!(assertion) ? \ 281 (WTFReportAssertionFailure(__FILE__, __LINE__, WTF_PRETTY_FUNCTION, #assertion), \ 282 CRASH()) : \ 283 (void)0) 284 285 #else 286 287 #define ASSERT_WITH_SECURITY_IMPLICATION(assertion) ASSERT(assertion) 288 289 #endif 290 269 291 /* ASSERT_WITH_MESSAGE */ 270 292 -
trunk/Source/WTF/wtf/Vector.h
r131659 r140633 548 548 T& at(size_t i) 549 549 { 550 ASSERT (i < size());550 ASSERT_WITH_SECURITY_IMPLICATION(i < size()); 551 551 return m_buffer.buffer()[i]; 552 552 } 553 553 const T& at(size_t i) const 554 554 { 555 ASSERT (i < size());555 ASSERT_WITH_SECURITY_IMPLICATION(i < size()); 556 556 return m_buffer.buffer()[i]; 557 557 } -
trunk/Source/WebCore/ChangeLog
r140632 r140633 1 2013-01-23 Abhishek Arya <inferno@chromium.org> 2 3 Add support for ASSERT_WITH_SECURITY_IMPLICATION. 4 https://bugs.webkit.org/show_bug.cgi?id=107699 5 6 Reviewed by Eric Seidel. 7 8 * dom/ContainerNode.cpp: 9 (WebCore::ContainerNode::parserInsertBefore): Use ASSERT_WITH_SECURITY_IMPLICATION 10 for document confusion ASSERT(document() == newChild->document()) 11 (WebCore::ContainerNode::parserAppendChild): same. 12 1 13 2013-01-23 Ian Vollick <vollick@chromium.org> 2 14 -
trunk/Source/WebCore/dom/ContainerNode.cpp
r140090 r140633 324 324 ASSERT(nextChild); 325 325 ASSERT(nextChild->parentNode() == this); 326 ASSERT(document() == newChild->document());327 326 ASSERT(!newChild->isDocumentFragment()); 327 ASSERT_WITH_SECURITY_IMPLICATION(document() == newChild->document()); 328 328 329 329 if (nextChild->previousSibling() == newChild || nextChild == newChild) // nothing to do … … 697 697 ASSERT(!newChild->parentNode()); // Use appendChild if you need to handle reparenting (and want DOM mutation events). 698 698 ASSERT(!newChild->isDocumentFragment()); 699 ASSERT (document() == newChild->document());699 ASSERT_WITH_SECURITY_IMPLICATION(document() == newChild->document()); 700 700 701 701 Node* last = m_lastChild;
Note: See TracChangeset
for help on using the changeset viewer.