Changeset 141783 in webkit for trunk/Source/WebCore/css/CSSImageSetValue.cpp

Timestamp:

Feb 4, 2013, 10:43:03 AM (12 years ago)

Author:

[email protected]

Message:

Add ASSERT_WITH_SECURITY_IMPLICATION to detect bad cast in DOM, CSS, etc.
​https://bugs.webkit.org/show_bug.cgi?id=108688

Reviewed by Eric Seidel.

Source/WebCore:

• Modules/notifications/Notification.cpp:

(WebCore::Notification::Notification):
(WebCore::Notification::permission):
(WebCore::Notification::requestPermission):

• Modules/speech/SpeechGrammar.cpp:

(WebCore::SpeechGrammar::setSrc):

• Modules/speech/SpeechGrammarList.cpp:

(WebCore::SpeechGrammarList::addFromUri):

• Modules/websockets/ThreadableWebSocketChannel.cpp:

(WebCore::ThreadableWebSocketChannel::create):

• accessibility/AccessibilityMenuListPopup.cpp:

(WebCore::AccessibilityMenuListPopup::menuListOptionAccessibilityObject):

• accessibility/AccessibilityTable.cpp:

(WebCore::AccessibilityTable::cellForColumnAndRow):

• css/CSSFontFaceRule.cpp:

(WebCore::CSSFontFaceRule::reattach):

• css/CSSImageSetValue.cpp:

(WebCore::CSSImageSetValue::fillImageSet):

• css/CSSPageRule.cpp:

(WebCore::CSSPageRule::reattach):

• css/CSSStyleRule.cpp:

(WebCore::CSSStyleRule::reattach):

• css/StyleBuilder.cpp:

(WebCore::ApplyPropertyFontVariantLigatures::applyValue):
(WebCore::ApplyPropertyTextDecoration::applyValue):
(WebCore::ApplyPropertyZoom::applyValue):

• css/StyleResolver.cpp:

(WebCore::createGridPosition):
(WebCore::StyleResolver::applyProperty):
(WebCore::StyleResolver::createCustomFilterOperationWithInlineSyntax):

• css/WebKitCSSFilterRule.cpp:

(WebCore::WebKitCSSFilterRule::reattach):

• css/WebKitCSSKeyframesRule.cpp:

(WebCore::WebKitCSSKeyframesRule::reattach):

• css/WebKitCSSViewportRule.cpp:

(WebCore::WebKitCSSViewportRule::reattach):

• editing/EditCommand.h:

(WebCore::toSimpleEditCommand):

• editing/visible_units.cpp:

(WebCore::startOfParagraph):
(WebCore::endOfParagraph):

• html/HTMLCollection.cpp:

(WebCore::LiveNodeListBase::setItemCache):

• loader/ThreadableLoader.cpp:

(WebCore::ThreadableLoader::create):
(WebCore::ThreadableLoader::loadResourceSynchronously):

• loader/WorkerThreadableLoader.cpp:

(WebCore::WorkerThreadableLoader::MainThreadBridge::mainThreadCreateLoader):

• page/Frame.cpp:

(WebCore::Frame::frameForWidget):

• platform/RefCountedSupplement.h:

(WebCore::RefCountedSupplement::from):

• rendering/RenderBlock.cpp:

(WebCore::RenderBlock::splitBlocks):
(WebCore::RenderBlock::firstLineBlock):

• rendering/RenderBlockLineLayout.cpp:

(WebCore::RenderBlock::createLineBoxes):

• rendering/RenderBox.cpp:

(WebCore::RenderBox::computeReplacedLogicalHeightUsing):

• rendering/svg/RenderSVGText.cpp:

(WebCore::RenderSVGText::positionForPoint):

• rendering/svg/SVGRootInlineBox.cpp:

(WebCore::SVGRootInlineBox::layoutCharactersInTextBoxes):
(WebCore::SVGRootInlineBox::layoutChildBoxes):

• testing/js/WebCoreTestSupport.cpp:

(WebCoreTestSupport::resetInternalsObject):

• testing/v8/WebCoreTestSupport.cpp:

(WebCoreTestSupport::resetInternalsObject):

• workers/DefaultSharedWorkerRepository.cpp:

(WebCore::SharedWorkerProxy::addToWorkerDocuments):
(WebCore::SharedWorkerConnectTask::performTask):

• workers/SharedWorker.cpp:

(WebCore::SharedWorker::create):

• workers/WorkerContext.cpp:

(WebCore::CloseWorkerContextTask::performTask):

• workers/WorkerMessagingProxy.cpp:

(WebCore::MessageWorkerContextTask::performTask):
(WebCore::connectToWorkerContextInspectorTask):
(WebCore::disconnectFromWorkerContextInspectorTask):
(WebCore::dispatchOnInspectorBackendTask):

• workers/WorkerScriptLoader.cpp:

(WebCore::WorkerScriptLoader::loadSynchronously):

• workers/WorkerThread.cpp:

(WebCore::WorkerThreadShutdownFinishTask::performTask):
(WebCore::WorkerThreadShutdownStartTask::performTask):

Source/WebKit/blackberry:

• Api/WebPage.cpp:

(BlackBerry::WebKit::WebPagePrivate::handleMouseEvent):

• WebKitSupport/FatFingers.cpp:

(BlackBerry::WebKit::FatFingers::setSuccessfulFatFingersResult):

Source/WebKit/chromium:

• src/IDBFactoryBackendProxy.cpp:

(WebKit::IDBFactoryBackendProxy::allowIndexedDB):
(WebKit::getWebFrame):

• src/LocalFileSystemChromium.cpp:

(WebCore::LocalFileSystem::deleteFileSystem):

• src/WebSharedWorkerImpl.cpp:

(WebKit::WebSharedWorkerImpl::connectTask):
(WebKit::resumeWorkerContextTask):
(WebKit::connectToWorkerContextInspectorTask):
(WebKit::reconnectToWorkerContextInspectorTask):
(WebKit::disconnectFromWorkerContextInspectorTask):
(WebKit::dispatchOnInspectorBackendTask):

Source/WebKit/qt:

• WebCoreSupport/FrameLoaderClientQt.cpp:

File:

• trunk/Source/WebCore/css/CSSImageSetValue.cpp (modified) (2 diffs)

trunk/Source/WebCore/css/CSSImageSetValue.cpp

@@ -63 +63 @@
     while (i < length) {
         CSSValue* imageValue = item(i);
-        ASSERT(imageValue->isImageValue());
+        ASSERT_WITH_SECURITY_IMPLICATION(imageValue->isImageValue());
         String imageURL = static_cast<CSSImageValue*>(imageValue)->url();
 
@@ -69 +69 @@
         ASSERT(i < length);
         CSSValue* scaleFactorValue = item(i);
-        ASSERT(scaleFactorValue->isPrimitiveValue());
+        ASSERT_WITH_SECURITY_IMPLICATION(scaleFactorValue->isPrimitiveValue());
         float scaleFactor = static_cast<CSSPrimitiveValue*>(scaleFactorValue)->getFloatValue();