Changeset 141516 in webkit

Timestamp:

Jan 31, 2013 5:39:31 PM (11 years ago)

Author:

inferno@chromium.org

Message:

Use ASSERT_WITH_SECURITY_IMPLICATION to catch bad casts in DOM
​https://bugs.webkit.org/show_bug.cgi?id=108490

Reviewed by Eric Seidel.

• dom/ContainerNode.h:

(WebCore::toContainerNode):

• dom/Element.h:

(WebCore::toElement):

• dom/ShadowRoot.h:

(WebCore::toShadowRoot):

• dom/Text.h:

(WebCore::toText):

• html/HTMLElement.h:

(HTMLElement):
(WebCore::toHTMLElement):

• html/HTMLFrameOwnerElement.h:

(WebCore::toFrameOwnerElement):

• html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::hasMediaControls):

• html/HTMLTemplateElement.cpp:

(WebCore::toHTMLTemplateElement):

• html/HTMLUnknownElement.h:

(WebCore::toHTMLUnknownElement):

• html/shadow/InsertionPoint.h:

(WebCore::toInsertionPoint):

• html/shadow/MediaControlElementTypes.cpp:

(WebCore::mediaControlElementType):

• html/shadow/MediaControls.h:

(WebCore::toMediaControls):

• html/shadow/SliderThumbElement.h:

(WebCore::toSliderThumbElement):

• html/shadow/TextControlInnerElements.h:

(WebCore::toInputFieldSpeechButtonElement):

• html/shadow/TextFieldDecorationElement.h:

(WebCore::toTextFieldDecorationElement):

• html/track/WebVTTElement.h:

(WebCore::toWebVTTElement):

• mathml/MathMLElement.h:

(WebCore::toMathMLElement):

• page/scrolling/ScrollingStateFixedNode.h:

(WebCore::toScrollingStateFixedNode):

• page/scrolling/ScrollingStateScrollingNode.h:

(WebCore::toScrollingStateScrollingNode):

• page/scrolling/ScrollingStateStickyNode.h:

(WebCore::toScrollingStateStickyNode):

• rendering/RenderLayer.cpp:

(WebCore::RenderLayer::resize):

• rendering/svg/SVGResources.cpp:

(WebCore::registerPendingResource):
(WebCore::SVGResources::buildCachedResources):

• svg/SVGElement.h:

(WebCore::toSVGElement):

• svg/SVGStyledElement.h:

(WebCore::toSVGStyledElement):

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• dom/ContainerNode.h (modified) (2 diffs)
• dom/Element.h (modified) (2 diffs)
• dom/ShadowRoot.h (modified) (1 diff)
• dom/Text.h (modified) (1 diff)
• html/HTMLElement.h (modified) (3 diffs)
• html/HTMLFrameOwnerElement.h (modified) (1 diff)
• html/HTMLMediaElement.cpp (modified) (1 diff)
• html/HTMLTemplateElement.cpp (modified) (1 diff)
• html/HTMLUnknownElement.h (modified) (2 diffs)
• html/shadow/InsertionPoint.h (modified) (2 diffs)
• html/shadow/MediaControlElementTypes.cpp (modified) (1 diff)
• html/shadow/MediaControls.h (modified) (1 diff)
• html/shadow/SliderThumbElement.h (modified) (1 diff)
• html/shadow/TextControlInnerElements.h (modified) (1 diff)
• html/shadow/TextFieldDecorationElement.h (modified) (1 diff)
• html/track/WebVTTElement.h (modified) (1 diff)
• mathml/MathMLElement.h (modified) (1 diff)
• page/scrolling/ScrollingStateFixedNode.h (modified) (1 diff)
• page/scrolling/ScrollingStateScrollingNode.h (modified) (1 diff)
• page/scrolling/ScrollingStateStickyNode.h (modified) (1 diff)
• rendering/RenderLayer.cpp (modified) (1 diff)
• rendering/svg/SVGResources.cpp (modified) (2 diffs)
• svg/SVGElement.h (modified) (1 diff)
• svg/SVGStyledElement.h (modified) (1 diff)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2013-01-31  Abhishek Arya  <inferno@chromium.org>
+
+        Use ASSERT_WITH_SECURITY_IMPLICATION to catch bad casts in DOM
+        https://bugs.webkit.org/show_bug.cgi?id=108490
+ 
+        Reviewed by Eric Seidel.
+
+        * dom/ContainerNode.h:
+        (WebCore::toContainerNode):
+        * dom/Element.h:
+        (WebCore::toElement):
+        * dom/ShadowRoot.h:
+        (WebCore::toShadowRoot):
+        * dom/Text.h:
+        (WebCore::toText):
+        * html/HTMLElement.h:
+        (HTMLElement):
+        (WebCore::toHTMLElement):
+        * html/HTMLFrameOwnerElement.h:
+        (WebCore::toFrameOwnerElement):
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::hasMediaControls):
+        * html/HTMLTemplateElement.cpp:
+        (WebCore::toHTMLTemplateElement):
+        * html/HTMLUnknownElement.h:
+        (WebCore::toHTMLUnknownElement):
+        * html/shadow/InsertionPoint.h:
+        (WebCore::toInsertionPoint):
+        * html/shadow/MediaControlElementTypes.cpp:
+        (WebCore::mediaControlElementType):
+        * html/shadow/MediaControls.h:
+        (WebCore::toMediaControls):
+        * html/shadow/SliderThumbElement.h:
+        (WebCore::toSliderThumbElement):
+        * html/shadow/TextControlInnerElements.h:
+        (WebCore::toInputFieldSpeechButtonElement):
+        * html/shadow/TextFieldDecorationElement.h:
+        (WebCore::toTextFieldDecorationElement):
+        * html/track/WebVTTElement.h:
+        (WebCore::toWebVTTElement):
+        * mathml/MathMLElement.h:
+        (WebCore::toMathMLElement):
+        * page/scrolling/ScrollingStateFixedNode.h:
+        (WebCore::toScrollingStateFixedNode):
+        * page/scrolling/ScrollingStateScrollingNode.h:
+        (WebCore::toScrollingStateScrollingNode):
+        * page/scrolling/ScrollingStateStickyNode.h:
+        (WebCore::toScrollingStateStickyNode):
+        * rendering/RenderLayer.cpp:
+        (WebCore::RenderLayer::resize):
+        * rendering/svg/SVGResources.cpp:
+        (WebCore::registerPendingResource):
+        (WebCore::SVGResources::buildCachedResources):
+        * svg/SVGElement.h:
+        (WebCore::toSVGElement):
+        * svg/SVGStyledElement.h:
+        (WebCore::toSVGStyledElement):
+
 2013-01-31  Christopher Cameron  <ccameron@chromium.org>
 

trunk/Source/WebCore/dom/ContainerNode.h

@@ -176 +176 @@
 inline ContainerNode* toContainerNode(Node* node)
 {
-    ASSERT(!node || node->isContainerNode());
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isContainerNode());
     return static_cast<ContainerNode*>(node);
 }
@@ -182 +182 @@
 inline const ContainerNode* toContainerNode(const Node* node)
 {
-    ASSERT(!node || node->isContainerNode());
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isContainerNode());
     return static_cast<const ContainerNode*>(node);
 }

trunk/Source/WebCore/dom/Element.h

@@ -618 +618 @@
 inline Element* toElement(Node* node)
 {
-    ASSERT(!node || node->isElementNode());
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isElementNode());
     return static_cast<Element*>(node);
 }
@@ -624 +624 @@
 inline const Element* toElement(const Node* node)
 {
-    ASSERT(!node || node->isElementNode());
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isElementNode());
     return static_cast<const Element*>(node);
 }

trunk/Source/WebCore/dom/ShadowRoot.h

@@ -129 +129 @@
 inline const ShadowRoot* toShadowRoot(const Node* node)
 {
-    ASSERT(!node || node->isShadowRoot());
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isShadowRoot());
     return static_cast<const ShadowRoot*>(node);
 }

trunk/Source/WebCore/dom/Text.h

@@ -76 +76 @@
 inline Text* toText(Node* node)
 {
-    ASSERT(!node || node->isTextNode());
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isTextNode());
     return static_cast<Text*>(node);
 }

trunk/Source/WebCore/html/HTMLElement.h

@@ -103 +103 @@
 #endif
 
-#ifndef NDEBUG
     virtual bool isHTMLUnknownElement() const { return false; }
-#endif
 
     virtual bool isLabelable() const { return false; }
@@ -154 +152 @@
 inline HTMLElement* toHTMLElement(Node* node)
 {
-    ASSERT(!node || node->isHTMLElement());
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isHTMLElement());
     return static_cast<HTMLElement*>(node);
 }
@@ -160 +158 @@
 inline const HTMLElement* toHTMLElement(const Node* node)
 {
-    ASSERT(!node || node->isHTMLElement());
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isHTMLElement());
     return static_cast<const HTMLElement*>(node);
 }

trunk/Source/WebCore/html/HTMLFrameOwnerElement.h

@@ -75 +75 @@
 inline HTMLFrameOwnerElement* toFrameOwnerElement(Node* node)
 {
-    ASSERT(!node || node->isFrameOwnerElement());
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isFrameOwnerElement());
     return static_cast<HTMLFrameOwnerElement*>(node);
 }

trunk/Source/WebCore/html/HTMLMediaElement.cpp

@@ -4275 +4275 @@
     if (ShadowRoot* userAgent = userAgentShadowRoot()) {
         Node* node = userAgent->firstChild();
-        ASSERT(!node || node->isMediaControls());
+        ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isMediaControls());
         return node;
     }

trunk/Source/WebCore/html/HTMLTemplateElement.cpp

@@ -89 +89 @@
 const HTMLTemplateElement* toHTMLTemplateElement(const Node* node)
 {
-    ASSERT(!node || (node->isHTMLElement() && node->hasTagName(templateTag)));
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || (node->isHTMLElement() && node->hasTagName(templateTag)));
     return static_cast<const HTMLTemplateElement*>(node);
 }

trunk/Source/WebCore/html/HTMLUnknownElement.h

@@ -42 +42 @@
     }
 
-#ifndef NDEBUG
     virtual bool isHTMLUnknownElement() const OVERRIDE { return true; }
-#endif
 
 private:
@@ -55 +53 @@
 inline HTMLUnknownElement* toHTMLUnknownElement(HTMLElement* element)
 {
-    ASSERT(!element || element->isHTMLUnknownElement());
+    ASSERT_WITH_SECURITY_IMPLICATION(!element || element->isHTMLUnknownElement());
     return static_cast<HTMLUnknownElement*>(element);
 }

trunk/Source/WebCore/html/shadow/InsertionPoint.h

@@ -106 +106 @@
 inline InsertionPoint* toInsertionPoint(Node* node)
 {
-    ASSERT(!node || node->isInsertionPoint());
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isInsertionPoint());
     return static_cast<InsertionPoint*>(node);
 }
@@ -112 +112 @@
 inline const InsertionPoint* toInsertionPoint(const Node* node)
 {
-    ASSERT(!node || node->isInsertionPoint());
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isInsertionPoint());
     return static_cast<const InsertionPoint*>(node);
 }

trunk/Source/WebCore/html/shadow/MediaControlElementTypes.cpp

@@ -67 +67 @@
 MediaControlElementType mediaControlElementType(Node* node)
 {
-    ASSERT(node->isMediaControlElement());
+    ASSERT_WITH_SECURITY_IMPLICATION(node->isMediaControlElement());
     HTMLElement* element = toHTMLElement(node);
     if (element->hasTagName(inputTag))

trunk/Source/WebCore/html/shadow/MediaControls.h

@@ -146 +146 @@
 inline MediaControls* toMediaControls(Node* node)
 {
-    ASSERT(!node || node->isMediaControls());
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isMediaControls());
     return static_cast<MediaControls*>(node);
 }

trunk/Source/WebCore/html/shadow/SliderThumbElement.h

@@ -94 +94 @@
 inline SliderThumbElement* toSliderThumbElement(Node* node)
 {
-    ASSERT(!node || node->isHTMLElement());
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isHTMLElement());
     return static_cast<SliderThumbElement*>(node);
 }

trunk/Source/WebCore/html/shadow/TextControlInnerElements.h

@@ -134 +134 @@
 inline InputFieldSpeechButtonElement* toInputFieldSpeechButtonElement(Element* element)
 {
-    ASSERT(!element || element->isInputFieldSpeechButtonElement());
+    ASSERT_WITH_SECURITY_IMPLICATION(!element || element->isInputFieldSpeechButtonElement());
     return static_cast<InputFieldSpeechButtonElement*>(element);
 }

trunk/Source/WebCore/html/shadow/TextFieldDecorationElement.h

@@ -96 +96 @@
 {
     ASSERT(node);
-    ASSERT(node->isElementNode());
-    ASSERT(static_cast<Element*>(node)->isTextFieldDecoration());
+    ASSERT_WITH_SECURITY_IMPLICATION(node->isElementNode());
+    ASSERT_WITH_SECURITY_IMPLICATION(static_cast<Element*>(node)->isTextFieldDecoration());
     return static_cast<TextFieldDecorationElement*>(node);
 }

trunk/Source/WebCore/html/track/WebVTTElement.h

@@ -52 +52 @@
 inline WebVTTElement* toWebVTTElement(Node* node)
 {
-    ASSERT(!node || node->isWebVTTElement());
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isWebVTTElement());
     return static_cast<WebVTTElement*>(node);
 }

trunk/Source/WebCore/mathml/MathMLElement.h

@@ -55 +55 @@
 inline MathMLElement* toMathMLElement(Node* node)
 {
-    ASSERT(!node || (node->isElementNode() && static_cast<Element*>(node)->isMathMLElement()));
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || (node->isElementNode() && static_cast<Element*>(node)->isMathMLElement()));
     return static_cast<MathMLElement*>(node);
 }

trunk/Source/WebCore/page/scrolling/ScrollingStateFixedNode.h

@@ -73 +73 @@
 inline ScrollingStateFixedNode* toScrollingStateFixedNode(ScrollingStateNode* node)
 {
-    ASSERT(!node || node->isFixedNode());
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isFixedNode());
     return static_cast<ScrollingStateFixedNode*>(node);
 }

trunk/Source/WebCore/page/scrolling/ScrollingStateScrollingNode.h

@@ -162 +162 @@
 inline ScrollingStateScrollingNode* toScrollingStateScrollingNode(ScrollingStateNode* node)
 {
-    ASSERT(!node || node->isScrollingNode());
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isScrollingNode());
     return static_cast<ScrollingStateScrollingNode*>(node);
 }

trunk/Source/WebCore/page/scrolling/ScrollingStateStickyNode.h

@@ -73 +73 @@
 inline ScrollingStateStickyNode* toScrollingStateStickyNode(ScrollingStateNode* node)
 {
-    ASSERT(!node || node->isStickyNode());
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isStickyNode());
     return static_cast<ScrollingStateStickyNode*>(node);
 }

trunk/Source/WebCore/rendering/RenderLayer.cpp

@@ -2387 +2387 @@
     LayoutSize difference = (currentSize + newOffset - adjustedOldOffset).expandedTo(minimumSize) - currentSize;
 
-    ASSERT(element->isStyledElement());
+    ASSERT_WITH_SECURITY_IMPLICATION(element->isStyledElement());
     StyledElement* styledElement = static_cast<StyledElement*>(element);
     bool isBoxSizingBorder = renderer->style()->boxSizing() == BORDER_BOX;

trunk/Source/WebCore/rendering/svg/SVGResources.cpp

@@ -180 +180 @@
 {
     ASSERT(element);
-    ASSERT(element->isStyled());
+    ASSERT_WITH_SECURITY_IMPLICATION(element->isStyled());
     extensions->addPendingResource(id, static_cast<SVGStyledElement*>(element));
 }
@@ -191 +191 @@
     Node* node = object->node();
     ASSERT(node);
-    ASSERT(node->isSVGElement());
+    ASSERT_WITH_SECURITY_IMPLICATION(node->isSVGElement());
 
     SVGElement* element = static_cast<SVGElement*>(node);

trunk/Source/WebCore/svg/SVGElement.h

@@ -171 +171 @@
 inline SVGElement* toSVGElement(Element* element)
 {
-    ASSERT(!element || element->isSVGElement());
+    ASSERT_WITH_SECURITY_IMPLICATION(!element || element->isSVGElement());
     return static_cast<SVGElement*>(element);
 }

trunk/Source/WebCore/svg/SVGStyledElement.h

@@ -96 +96 @@
 inline SVGStyledElement* toSVGStyledElement(Node* node)
 {
-    ASSERT(!node || (node->isStyledElement() && node->isSVGElement()));
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || (node->isStyledElement() && node->isSVGElement()));
     return static_cast<SVGStyledElement*>(node);
 }