Add ASSERT_WITH_SECURITY_IMPLICATION to detect out of bounds access
authorinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 4 Feb 2013 22:36:56 +0000 (22:36 +0000)
committerinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 4 Feb 2013 22:36:56 +0000 (22:36 +0000)
commit97e6dfe9718ad14350e6e020e720dea318fa2ed0
treed454e71759206ad36fa2ad0cbbf5b699d9b259a2
parentc54d1bf5bf522e3834a28bc58bc6383b9d30c2e3
Add ASSERT_WITH_SECURITY_IMPLICATION to detect out of bounds access
https://bugs.webkit.org/show_bug.cgi?id=108668

Reviewed by Eric Seidel.

Source/WebCore:

* bindings/v8/SerializedScriptValue.cpp:
* css/CSSCalculationValue.cpp:
(WebCore::CSSCalcExpressionNodeParser::parseCalc):
* css/CSSImageSetValue.cpp:
(WebCore::CSSImageSetValue::fillImageSet):
(WebCore::CSSImageSetValue::customCssText):
* css/CSSParserValues.h:
(WebCore::CSSParserString::operator[]):
* css/CSSValueList.h:
(WebCore::CSSValueListInspector::item):
* css/StyleSheetContents.cpp:
(WebCore::StyleSheetContents::ruleAt):
(WebCore::StyleSheetContents::wrapperInsertRule):
(WebCore::StyleSheetContents::wrapperDeleteRule):
* dom/Document.cpp:
(WebCore::Document::processArguments):
* dom/Element.cpp:
(WebCore::Element::removeAttributeInternal):
* dom/ElementAttributeData.cpp:
(WebCore::ElementAttributeData::removeAttribute):
* dom/ElementAttributeData.h:
(WebCore::ElementAttributeData::attributeItem):
* dom/SpaceSplitString.h:
(WebCore::SpaceSplitStringData::operator[]):
(WebCore::SpaceSplitString::operator[]):
* editing/TextIterator.cpp:
(WebCore::TextIterator::characterAt):
* html/HTMLFormElement.cpp:
(WebCore::HTMLFormElement::removeFormElement):
* html/HTMLSelectElementWin.cpp:
(WebCore::HTMLSelectElement::platformHandleKeydownEvent):
* html/canvas/WebGLRenderingContext.cpp:
(WebCore):
* html/parser/HTMLFormattingElementList.cpp:
(WebCore::HTMLFormattingElementList::swapTo):
* inspector/InspectorStyleSheet.cpp:
(WebCore::InspectorStyleSheet::styleSheetTextWithChangedStyle):
* inspector/InspectorStyleTextEditor.cpp:
(WebCore::InspectorStyleTextEditor::replaceProperty):
* inspector/InspectorValues.cpp:
(WebCore::InspectorArrayBase::get):
* page/WindowFeatures.cpp:
(WebCore::WindowFeatures::WindowFeatures):
* platform/audio/AudioArray.h:
(WebCore::AudioArray::at):
* platform/audio/AudioFIFO.cpp:
(WebCore::AudioFIFO::findWrapLengths):
* platform/graphics/GlyphPage.h:
(WebCore::GlyphPage::glyphDataForIndex):
(WebCore::GlyphPage::glyphAt):
(WebCore::GlyphPage::setGlyphDataForIndex):
* platform/graphics/TextRun.h:
(WebCore::TextRun::operator[]):
(WebCore::TextRun::data8):
(WebCore::TextRun::data16):
* platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
(WebCore::HarfBuzzShaper::setDrawRange):
* platform/graphics/openvg/TiledImageOpenVG.cpp:
(WebCore::TiledImageOpenVG::setTile):
(WebCore::TiledImageOpenVG::tile):
* platform/image-decoders/ico/ICOImageDecoder.cpp:
(WebCore::ICOImageDecoder::decodeAtIndex):
(WebCore::ICOImageDecoder::imageTypeAtIndex):
* platform/text/QuotedPrintable.cpp:
(WebCore::lengthOfLineEndingAtIndex):
* platform/text/SegmentedString.cpp:
(WebCore::SegmentedString::advance):
* platform/win/WebCoreTextRenderer.cpp:
(WebCore::doDrawTextAtPoint):
* rendering/InlineTextBox.cpp:
(WebCore::InlineTextBox::paint):
(WebCore::InlineTextBox::paintSelection):

Source/WebKit/chromium:

* src/ContextFeaturesClientImpl.cpp:
(WebKit::ContextFeaturesCache::entryFor):
* src/WebFrameImpl.cpp:
(WebKit::WebFrameImpl::selectFindMatch):

Source/WebKit2:

* Shared/mac/SandboxExtensionMac.mm:
(WebKit::SandboxExtension::HandleArray::operator[]):

Source/WTF:

* wtf/AVLTree.h:
(WTF::AVLTreeDefaultBSet::operator[]):
* wtf/BitArray.h:
(WTF::BitArray::set):
(WTF::BitArray::get):
* wtf/FastBitVector.h:
(WTF::FastBitVector::set):
(WTF::FastBitVector::clear):
(WTF::FastBitVector::get):
* wtf/FixedArray.h:
(WTF::FixedArray::operator[]):
* wtf/RefCountedArray.h:
(WTF::RefCountedArray::at):
* wtf/TypedArrayBase.h:
(WTF::TypedArrayBase::item):
* wtf/text/StringBuffer.h:
(WTF::StringBuffer::operator[]):
* wtf/text/StringBuilder.h:
(WTF::StringBuilder::operator[]):
* wtf/text/StringImpl.h:
(WTF::StringImpl::operator[]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@141816 268f45cc-cd09-0410-ab3c-d52691b4dbfc
47 files changed:
Source/WTF/ChangeLog
Source/WTF/wtf/AVLTree.h
Source/WTF/wtf/BitArray.h
Source/WTF/wtf/FastBitVector.h
Source/WTF/wtf/FixedArray.h
Source/WTF/wtf/RefCountedArray.h
Source/WTF/wtf/TypedArrayBase.h
Source/WTF/wtf/text/StringBuffer.h
Source/WTF/wtf/text/StringBuilder.h
Source/WTF/wtf/text/StringImpl.h
Source/WebCore/ChangeLog
Source/WebCore/bindings/v8/SerializedScriptValue.cpp
Source/WebCore/css/CSSCalculationValue.cpp
Source/WebCore/css/CSSImageSetValue.cpp
Source/WebCore/css/CSSParserValues.h
Source/WebCore/css/CSSValueList.h
Source/WebCore/css/StyleSheetContents.cpp
Source/WebCore/dom/Document.cpp
Source/WebCore/dom/Element.cpp
Source/WebCore/dom/ElementAttributeData.cpp
Source/WebCore/dom/ElementAttributeData.h
Source/WebCore/dom/SpaceSplitString.h
Source/WebCore/editing/TextIterator.cpp
Source/WebCore/html/HTMLFormElement.cpp
Source/WebCore/html/HTMLSelectElementWin.cpp
Source/WebCore/html/canvas/WebGLRenderingContext.cpp
Source/WebCore/html/parser/HTMLFormattingElementList.cpp
Source/WebCore/inspector/InspectorStyleSheet.cpp
Source/WebCore/inspector/InspectorStyleTextEditor.cpp
Source/WebCore/inspector/InspectorValues.cpp
Source/WebCore/page/WindowFeatures.cpp
Source/WebCore/platform/audio/AudioArray.h
Source/WebCore/platform/audio/AudioFIFO.cpp
Source/WebCore/platform/graphics/GlyphPage.h
Source/WebCore/platform/graphics/TextRun.h
Source/WebCore/platform/graphics/harfbuzz/HarfBuzzShaper.cpp
Source/WebCore/platform/graphics/openvg/TiledImageOpenVG.cpp
Source/WebCore/platform/image-decoders/ico/ICOImageDecoder.cpp
Source/WebCore/platform/text/QuotedPrintable.cpp
Source/WebCore/platform/text/SegmentedString.cpp
Source/WebCore/platform/win/WebCoreTextRenderer.cpp
Source/WebCore/rendering/InlineTextBox.cpp
Source/WebKit/chromium/ChangeLog
Source/WebKit/chromium/src/ContextFeaturesClientImpl.cpp
Source/WebKit/chromium/src/WebFrameImpl.cpp
Source/WebKit2/ChangeLog
Source/WebKit2/Shared/mac/SandboxExtensionMac.mm