Add ASSERT_WITH_SECURITY_IMPLICATION to catch bad casts.
authorinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 11 Mar 2013 20:57:44 +0000 (20:57 +0000)
committerinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 11 Mar 2013 20:57:44 +0000 (20:57 +0000)
https://bugs.webkit.org/show_bug.cgi?id=112060

Reviewed by Eric Seidel.

Source/WebCore:

* Modules/geolocation/Geolocation.cpp:
(WebCore::Geolocation::document):
* accessibility/AccessibilityMenuList.h:
(WebCore::toAccessibilityMenuList):
* accessibility/AccessibilityNodeObject.h:
(WebCore::toAccessibilityNodeObject):
* accessibility/AccessibilityRenderObject.h:
(WebCore::toAccessibilityRenderObject):
* accessibility/AccessibilitySVGRoot.h:
(WebCore::toAccessibilitySVGRoot):
* accessibility/AccessibilitySpinButton.h:
(WebCore::toAccessibilitySpinButton):
(WebCore::toAccessibilitySpinButtonPart):
* accessibility/AccessibilityTable.h:
(WebCore::toAccessibilityTable):
* css/StyleRule.h:
(WebCore::toStyleRuleMedia):
(WebCore::toStyleRuleSupports):
(WebCore::toStyleRuleRegion):
* dom/EventContext.h:
(WebCore::toTouchEventContext):
* fileapi/File.h:
(WebCore::toFile):
* html/HTMLElement.cpp:
(WebCore::HTMLElement::insertAdjacentElement):
(WebCore::contextElementForInsertion):
* html/HTMLMediaElement.h:
(WebCore::toMediaElement):
* html/HTMLMeterElement.h:
(WebCore::toHTMLMeterElement):
* html/HTMLOptionElement.cpp:
(WebCore::toHTMLOptionElement):
* html/HTMLProgressElement.cpp:
(WebCore::HTMLProgressElement::renderProgress):
* html/HTMLProgressElement.h:
(WebCore::toHTMLProgressElement):
* html/HTMLSelectElement.h:
(WebCore::toHTMLSelectElement):
* html/HTMLTableCellElement.cpp:
(WebCore::toHTMLTableCellElement):
* html/HTMLTextFormControlElement.h:
(WebCore::toHTMLTextFormControlElement):
* html/PluginDocument.h:
(WebCore::toPluginDocument):
* html/shadow/DetailsMarkerControl.cpp:
(WebCore::DetailsMarkerControl::summaryElement):
* html/shadow/HTMLContentElement.h:
(WebCore::toHTMLContentElement):
* html/shadow/HTMLShadowElement.h:
(WebCore::toHTMLShadowElement):
* html/shadow/TextFieldDecorationElement.cpp:
(WebCore::TextFieldDecorationElement::hostInput):
* page/DOMWindow.cpp:
(WebCore::DOMWindow::document):
* rendering/InlineTextBox.h:
(WebCore::toInlineTextBox):
* rendering/RenderHTMLCanvas.h:
(WebCore::toRenderHTMLCanvas):
* rendering/RenderScrollbar.h:
(WebCore::toRenderScrollbar):
* rendering/RenderTextFragment.h:
(WebCore::toRenderTextFragment):
* rendering/mathml/RenderMathMLOperator.h:
(WebCore::toRenderMathMLOperator):
* rendering/svg/RenderSVGTextPath.h:
(WebCore::toRenderSVGTextPath):
* rendering/svg/RenderSVGViewportContainer.h:
(WebCore::toRenderSVGViewportContainer):
* svg/graphics/SVGImageChromeClient.h:
(WebCore::toSVGImageChromeClient):

Source/WebKit/chromium:

* src/FrameLoaderClientImpl.cpp:
(WebKit::FrameLoaderClientImpl::redirectDataToPlugin):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@145399 268f45cc-cd09-0410-ab3c-d52691b4dbfc

36 files changed:
Source/WebCore/ChangeLog
Source/WebCore/Modules/geolocation/Geolocation.cpp
Source/WebCore/accessibility/AccessibilityMenuList.h
Source/WebCore/accessibility/AccessibilityNodeObject.h
Source/WebCore/accessibility/AccessibilityRenderObject.h
Source/WebCore/accessibility/AccessibilitySVGRoot.h
Source/WebCore/accessibility/AccessibilitySpinButton.h
Source/WebCore/accessibility/AccessibilityTable.h
Source/WebCore/css/StyleRule.h
Source/WebCore/dom/EventContext.h
Source/WebCore/fileapi/File.h
Source/WebCore/html/HTMLElement.cpp
Source/WebCore/html/HTMLMediaElement.h
Source/WebCore/html/HTMLMeterElement.h
Source/WebCore/html/HTMLOptionElement.cpp
Source/WebCore/html/HTMLProgressElement.cpp
Source/WebCore/html/HTMLProgressElement.h
Source/WebCore/html/HTMLSelectElement.h
Source/WebCore/html/HTMLTableCellElement.cpp
Source/WebCore/html/HTMLTextFormControlElement.h
Source/WebCore/html/PluginDocument.h
Source/WebCore/html/shadow/DetailsMarkerControl.cpp
Source/WebCore/html/shadow/HTMLContentElement.h
Source/WebCore/html/shadow/HTMLShadowElement.h
Source/WebCore/html/shadow/TextFieldDecorationElement.cpp
Source/WebCore/page/DOMWindow.cpp
Source/WebCore/rendering/InlineTextBox.h
Source/WebCore/rendering/RenderHTMLCanvas.h
Source/WebCore/rendering/RenderScrollbar.h
Source/WebCore/rendering/RenderTextFragment.h
Source/WebCore/rendering/mathml/RenderMathMLOperator.h
Source/WebCore/rendering/svg/RenderSVGTextPath.h
Source/WebCore/rendering/svg/RenderSVGViewportContainer.h
Source/WebCore/svg/graphics/SVGImageChromeClient.h
Source/WebKit/chromium/ChangeLog
Source/WebKit/chromium/src/FrameLoaderClientImpl.cpp

index a367a71..302ec3b 100644 (file)
@@ -1,3 +1,81 @@
+2013-03-11  Abhishek Arya  <inferno@chromium.org>
+
+        Add ASSERT_WITH_SECURITY_IMPLICATION to catch bad casts.
+        https://bugs.webkit.org/show_bug.cgi?id=112060
+
+        Reviewed by Eric Seidel.
+
+        * Modules/geolocation/Geolocation.cpp:
+        (WebCore::Geolocation::document):
+        * accessibility/AccessibilityMenuList.h:
+        (WebCore::toAccessibilityMenuList):
+        * accessibility/AccessibilityNodeObject.h:
+        (WebCore::toAccessibilityNodeObject):
+        * accessibility/AccessibilityRenderObject.h:
+        (WebCore::toAccessibilityRenderObject):
+        * accessibility/AccessibilitySVGRoot.h:
+        (WebCore::toAccessibilitySVGRoot):
+        * accessibility/AccessibilitySpinButton.h:
+        (WebCore::toAccessibilitySpinButton):
+        (WebCore::toAccessibilitySpinButtonPart):
+        * accessibility/AccessibilityTable.h:
+        (WebCore::toAccessibilityTable):
+        * css/StyleRule.h:
+        (WebCore::toStyleRuleMedia):
+        (WebCore::toStyleRuleSupports):
+        (WebCore::toStyleRuleRegion):
+        * dom/EventContext.h:
+        (WebCore::toTouchEventContext):
+        * fileapi/File.h:
+        (WebCore::toFile):
+        * html/HTMLElement.cpp:
+        (WebCore::HTMLElement::insertAdjacentElement):
+        (WebCore::contextElementForInsertion):
+        * html/HTMLMediaElement.h:
+        (WebCore::toMediaElement):
+        * html/HTMLMeterElement.h:
+        (WebCore::toHTMLMeterElement):
+        * html/HTMLOptionElement.cpp:
+        (WebCore::toHTMLOptionElement):
+        * html/HTMLProgressElement.cpp:
+        (WebCore::HTMLProgressElement::renderProgress):
+        * html/HTMLProgressElement.h:
+        (WebCore::toHTMLProgressElement):
+        * html/HTMLSelectElement.h:
+        (WebCore::toHTMLSelectElement):
+        * html/HTMLTableCellElement.cpp:
+        (WebCore::toHTMLTableCellElement):
+        * html/HTMLTextFormControlElement.h:
+        (WebCore::toHTMLTextFormControlElement):
+        * html/PluginDocument.h:
+        (WebCore::toPluginDocument):
+        * html/shadow/DetailsMarkerControl.cpp:
+        (WebCore::DetailsMarkerControl::summaryElement):
+        * html/shadow/HTMLContentElement.h:
+        (WebCore::toHTMLContentElement):
+        * html/shadow/HTMLShadowElement.h:
+        (WebCore::toHTMLShadowElement):
+        * html/shadow/TextFieldDecorationElement.cpp:
+        (WebCore::TextFieldDecorationElement::hostInput):
+        * page/DOMWindow.cpp:
+        (WebCore::DOMWindow::document):
+        * rendering/InlineTextBox.h:
+        (WebCore::toInlineTextBox):
+        * rendering/RenderHTMLCanvas.h:
+        (WebCore::toRenderHTMLCanvas):
+        * rendering/RenderScrollbar.h:
+        (WebCore::toRenderScrollbar):
+        * rendering/RenderTextFragment.h:
+        (WebCore::toRenderTextFragment):
+        * rendering/mathml/RenderMathMLOperator.h:
+        (WebCore::toRenderMathMLOperator):
+        * rendering/svg/RenderSVGTextPath.h:
+        (WebCore::toRenderSVGTextPath):
+        * rendering/svg/RenderSVGViewportContainer.h:
+        (WebCore::toRenderSVGViewportContainer):
+        * svg/graphics/SVGImageChromeClient.h:
+        (WebCore::toSVGImageChromeClient):
+
 2013-03-11  Adam Barth  <abarth@webkit.org>
 
         Factor HTMLTreeBuilderSimulator out of BackgroundHTMLParser
index 15c4697..f987d0f 100644 (file)
@@ -253,7 +253,7 @@ Geolocation::~Geolocation()
 
 Document* Geolocation::document() const
 {
-    ASSERT(!scriptExecutionContext() || scriptExecutionContext()->isDocument());
+    ASSERT_WITH_SECURITY_IMPLICATION(!scriptExecutionContext() || scriptExecutionContext()->isDocument());
     return static_cast<Document*>(scriptExecutionContext());
 }
 
index a01c3d8..d437604 100644 (file)
@@ -58,7 +58,7 @@ private:
 
 inline AccessibilityMenuList* toAccessibilityMenuList(AccessibilityObject* object)
 {
-    ASSERT(!object || object->isMenuList());
+    ASSERT_WITH_SECURITY_IMPLICATION(!object || object->isMenuList());
     return static_cast<AccessibilityMenuList*>(object);
 }
 
index e5f5654..8f2a16f 100644 (file)
@@ -202,13 +202,13 @@ private:
 
 inline AccessibilityNodeObject* toAccessibilityNodeObject(AccessibilityObject* object)
 {
-    ASSERT(!object || object->isAccessibilityNodeObject());
+    ASSERT_WITH_SECURITY_IMPLICATION(!object || object->isAccessibilityNodeObject());
     return static_cast<AccessibilityNodeObject*>(object);
 }
 
 inline const AccessibilityNodeObject* toAccessibilityNodeObject(const AccessibilityObject* object)
 {
-    ASSERT(!object || object->isAccessibilityNodeObject());
+    ASSERT_WITH_SECURITY_IMPLICATION(!object || object->isAccessibilityNodeObject());
     return static_cast<const AccessibilityNodeObject*>(object);
 }
 
index 1c78807..ebb44bb 100644 (file)
@@ -328,13 +328,13 @@ private:
 
 inline AccessibilityRenderObject* toAccessibilityRenderObject(AccessibilityObject* object)
 {
-    ASSERT(!object || object->isAccessibilityRenderObject());
+    ASSERT_WITH_SECURITY_IMPLICATION(!object || object->isAccessibilityRenderObject());
     return static_cast<AccessibilityRenderObject*>(object);
 }
 
 inline const AccessibilityRenderObject* toAccessibilityRenderObject(const AccessibilityObject* object)
 {
-    ASSERT(!object || object->isAccessibilityRenderObject());
+    ASSERT_WITH_SECURITY_IMPLICATION(!object || object->isAccessibilityRenderObject());
     return static_cast<const AccessibilityRenderObject*>(object);
 }
 
index 3d92130..519229d 100644 (file)
@@ -52,7 +52,7 @@ private:
 
 inline AccessibilitySVGRoot* toAccessibilitySVGRoot(AccessibilityObject* object)
 {
-    ASSERT(!object || object->isAccessibilitySVGRoot());
+    ASSERT_WITH_SECURITY_IMPLICATION(!object || object->isAccessibilitySVGRoot());
     return static_cast<AccessibilitySVGRoot*>(object);
 }
     
index 8d025f7..cdc32e0 100644 (file)
@@ -77,13 +77,13 @@ private:
     
 inline AccessibilitySpinButton* toAccessibilitySpinButton(AccessibilityObject* object)
 {
-    ASSERT(!object || object->isSpinButton());
+    ASSERT_WITH_SECURITY_IMPLICATION(!object || object->isSpinButton());
     return static_cast<AccessibilitySpinButton*>(object);
 }
     
 inline AccessibilitySpinButtonPart* toAccessibilitySpinButtonPart(AccessibilityObject* object)
 {
-    ASSERT(!object || object->isSpinButtonPart());
+    ASSERT_WITH_SECURITY_IMPLICATION(!object || object->isSpinButtonPart());
     return static_cast<AccessibilitySpinButtonPart*>(object);
 }
     
index 320a925..e65fccb 100644 (file)
@@ -90,7 +90,7 @@ protected:
     
 inline AccessibilityTable* toAccessibilityTable(AccessibilityObject* object)
 {
-    ASSERT(!object || object->isAccessibilityTable());
+    ASSERT_WITH_SECURITY_IMPLICATION(!object || object->isAccessibilityTable());
     return static_cast<AccessibilityTable*>(object);
 }
     
index 4be1d02..09e1ef1 100644 (file)
@@ -311,21 +311,21 @@ private:
 
 inline const StyleRuleMedia* toStyleRuleMedia(const StyleRuleGroup* rule)
 {
-    ASSERT(!rule || rule->isMediaRule());
+    ASSERT_WITH_SECURITY_IMPLICATION(!rule || rule->isMediaRule());
     return static_cast<const StyleRuleMedia*>(rule);
 }
 
 #if ENABLE(CSS3_CONDITIONAL_RULES)
 inline const StyleRuleSupports* toStyleRuleSupports(const StyleRuleGroup* rule)
 {
-    ASSERT(!rule || rule->isSupportsRule());
+    ASSERT_WITH_SECURITY_IMPLICATION(!rule || rule->isSupportsRule());
     return static_cast<const StyleRuleSupports*>(rule);
 }
 #endif
 
 inline const StyleRuleRegion* toStyleRuleRegion(const StyleRuleGroup* rule)
 {
-    ASSERT(!rule || rule->isRegionRule());
+    ASSERT_WITH_SECURITY_IMPLICATION(!rule || rule->isRegionRule());
     return static_cast<const StyleRuleRegion*>(rule);
 }
 
index c9a447c..6e3a09a 100644 (file)
@@ -102,7 +102,7 @@ private:
 
 inline TouchEventContext* toTouchEventContext(EventContext* eventContext)
 {
-    ASSERT(!eventContext || eventContext->isTouchEventContext());
+    ASSERT_WITH_SECURITY_IMPLICATION(!eventContext || eventContext->isTouchEventContext());
     return static_cast<TouchEventContext*>(eventContext);
 }
 #endif // ENABLE(TOUCH_EVENTS)
index 53302db..1242b85 100644 (file)
@@ -136,13 +136,13 @@ private:
 
 inline File* toFile(Blob* blob)
 {
-    ASSERT(!blob || blob->isFile());
+    ASSERT_WITH_SECURITY_IMPLICATION(!blob || blob->isFile());
     return static_cast<File*>(blob);
 }
 
 inline const File* toFile(const Blob* blob)
 {
-    ASSERT(!blob || blob->isFile());
+    ASSERT_WITH_SECURITY_IMPLICATION(!blob || blob->isFile());
     return static_cast<const File*>(blob);
 }
 
index 6539116..da7ac43 100644 (file)
@@ -562,7 +562,7 @@ Element* HTMLElement::insertAdjacentElement(const String& where, Element* newChi
     }
 
     Node* returnValue = insertAdjacent(where, newChild, ec);
-    ASSERT(!returnValue || returnValue->isElementNode());
+    ASSERT_WITH_SECURITY_IMPLICATION(!returnValue || returnValue->isElementNode());
     return static_cast<Element*>(returnValue); 
 }
 
@@ -575,7 +575,7 @@ static Element* contextElementForInsertion(const String& where, Element* element
             ec = NO_MODIFICATION_ALLOWED_ERR;
             return 0;
         }
-        ASSERT(!parent || parent->isElementNode());
+        ASSERT_WITH_SECURITY_IMPLICATION(!parent || parent->isElementNode());
         return static_cast<Element*>(parent);
     }
     if (equalIgnoringCase(where, "afterBegin") || equalIgnoringCase(where, "beforeEnd"))
index 61504f7..5827f19 100644 (file)
@@ -765,7 +765,7 @@ inline bool isMediaElement(Node* node)
 
 inline HTMLMediaElement* toMediaElement(Node* node)
 {
-    ASSERT(!node || isMediaElement(node));
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || isMediaElement(node));
     return static_cast<HTMLMediaElement*>(node);
 }
 
index 0b81c08..694f900 100644 (file)
@@ -91,7 +91,7 @@ inline bool isHTMLMeterElement(Node* node)
 
 inline HTMLMeterElement* toHTMLMeterElement(Node* node)
 {
-    ASSERT(!node || isHTMLMeterElement(node));
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || isHTMLMeterElement(node));
     return static_cast<HTMLMeterElement*>(node);
 }
 
index 01e66f8..dacbdb1 100644 (file)
@@ -393,13 +393,13 @@ String HTMLOptionElement::collectOptionInnerText() const
 
 HTMLOptionElement* toHTMLOptionElement(Node* node)
 {
-    ASSERT(!node || node->hasTagName(optionTag));
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->hasTagName(optionTag));
     return static_cast<HTMLOptionElement*>(node);
 }
 
 const HTMLOptionElement* toHTMLOptionElement(const Node* node)
 {
-    ASSERT(!node || node->hasTagName(optionTag));
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->hasTagName(optionTag));
     return static_cast<const HTMLOptionElement*>(node);
 }
 
index fe8f99b..d01ead5 100644 (file)
@@ -78,7 +78,7 @@ RenderProgress* HTMLProgressElement::renderProgress() const
         return static_cast<RenderProgress*>(renderer());
 
     RenderObject* renderObject = userAgentShadowRoot()->firstChild()->renderer();
-    ASSERT(!renderObject || renderObject->isProgress());
+    ASSERT_WITH_SECURITY_IMPLICATION(!renderObject || renderObject->isProgress());
     return static_cast<RenderProgress*>(renderObject);
 }
 
index df7b772..ce6309c 100644 (file)
@@ -80,7 +80,7 @@ inline bool isHTMLProgressElement(Node* node)
 
 inline HTMLProgressElement* toHTMLProgressElement(Node* node)
 {
-    ASSERT(!node || isHTMLProgressElement(node));
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || isHTMLProgressElement(node));
     return static_cast<HTMLProgressElement*>(node);
 }
 
index c3b0a0b..0d6da77 100644 (file)
@@ -209,13 +209,13 @@ inline bool isHTMLSelectElement(const Node* node)
 
 inline HTMLSelectElement* toHTMLSelectElement(Node* node)
 {
-    ASSERT(!node || isHTMLSelectElement(node));
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || isHTMLSelectElement(node));
     return static_cast<HTMLSelectElement*>(node);
 }
 
 inline const HTMLSelectElement* toHTMLSelectElement(const Node* node)
 {
-    ASSERT(!node || isHTMLSelectElement(node));
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || isHTMLSelectElement(node));
     return static_cast<const HTMLSelectElement*>(node);
 }
 
index bbae372..d12cae1 100644 (file)
@@ -186,13 +186,13 @@ HTMLTableCellElement* HTMLTableCellElement::cellAbove() const
 
 HTMLTableCellElement* toHTMLTableCellElement(Node* node)
 {
-    ASSERT(!node || node->hasTagName(HTMLNames::tdTag) || node->hasTagName(HTMLNames::thTag));
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->hasTagName(HTMLNames::tdTag) || node->hasTagName(HTMLNames::thTag));
     return static_cast<HTMLTableCellElement*>(node);
 }
 
 const HTMLTableCellElement* toHTMLTableCellElement(const Node* node)
 {
-    ASSERT(!node || node->hasTagName(HTMLNames::tdTag) || node->hasTagName(HTMLNames::thTag));
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || node->hasTagName(HTMLNames::tdTag) || node->hasTagName(HTMLNames::thTag));
     return static_cast<const HTMLTableCellElement*>(node);
 }
 
index 1ac65f5..4fec85c 100644 (file)
@@ -148,7 +148,7 @@ inline bool isHTMLTextFormControlElement(const Node* node)
 
 inline HTMLTextFormControlElement* toHTMLTextFormControlElement(Node* node)
 {
-    ASSERT(!node || isHTMLTextFormControlElement(node));
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || isHTMLTextFormControlElement(node));
     return static_cast<HTMLTextFormControlElement*>(node);
 }
 
index 6daa97c..ccdee3f 100644 (file)
@@ -64,13 +64,13 @@ private:
 
 inline PluginDocument* toPluginDocument(Document* document)
 {
-    ASSERT(!document || document->isPluginDocument());
+    ASSERT_WITH_SECURITY_IMPLICATION(!document || document->isPluginDocument());
     return static_cast<PluginDocument*>(document);
 }
 
 inline const PluginDocument* toPluginDocument(const Document* document)
 {
-    ASSERT(!document || document->isPluginDocument());
+    ASSERT_WITH_SECURITY_IMPLICATION(!document || document->isPluginDocument());
     return static_cast<const PluginDocument*>(document);
 }
 
index e67d44e..8edef48 100644 (file)
@@ -64,7 +64,7 @@ const AtomicString& DetailsMarkerControl::shadowPseudoId() const
 HTMLSummaryElement* DetailsMarkerControl::summaryElement()
 {
     Element* element = shadowHost();
-    ASSERT(!element || element->hasTagName(summaryTag));
+    ASSERT_WITH_SECURITY_IMPLICATION(!element || element->hasTagName(summaryTag));
     return static_cast<HTMLSummaryElement*>(element);
 }
 
index 9d0c8fc..40a4ad0 100644 (file)
@@ -106,7 +106,7 @@ inline bool isHTMLContentElement(const Node* node)
 
 inline HTMLContentElement* toHTMLContentElement(Node* node)
 {
-    ASSERT(!node || isHTMLContentElement(node));
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || isHTMLContentElement(node));
     return static_cast<HTMLContentElement*>(node);
 }
 
index 51d1a86..b56b4c1 100644 (file)
@@ -60,13 +60,13 @@ inline bool isHTMLShadowElement(const Node* node)
 
 inline HTMLShadowElement* toHTMLShadowElement(Node* node)
 {
-    ASSERT(!node || isHTMLShadowElement(node));
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || isHTMLShadowElement(node));
     return static_cast<HTMLShadowElement*>(node);
 }
 
 inline const HTMLShadowElement* toHTMLShadowElement(const Node* node)
 {
-    ASSERT(!node || isHTMLShadowElement(node));
+    ASSERT_WITH_SECURITY_IMPLICATION(!node || isHTMLShadowElement(node));
     return static_cast<const HTMLShadowElement*>(node);
 }
 
index 47580a6..027b757 100644 (file)
@@ -127,7 +127,7 @@ inline HTMLInputElement* TextFieldDecorationElement::hostInput()
 {
     // TextFieldDecorationElement is created only by C++ code, and it is always
     // in <input> shadow.
-    ASSERT(!shadowHost() || shadowHost()->hasTagName(inputTag));
+    ASSERT_WITH_SECURITY_IMPLICATION(!shadowHost() || shadowHost()->hasTagName(inputTag));
     return static_cast<HTMLInputElement*>(shadowHost());
 }
 
index fffdcaf..e4d0256 100644 (file)
@@ -1323,7 +1323,7 @@ DOMWindow* DOMWindow::top() const
 Document* DOMWindow::document() const
 {
     ScriptExecutionContext* context = ContextDestructionObserver::scriptExecutionContext();
-    ASSERT(!context || context->isDocument());
+    ASSERT_WITH_SECURITY_IMPLICATION(!context || context->isDocument());
     return static_cast<Document*>(context);
 }
 
index f5bfb10..3e17475 100644 (file)
@@ -201,13 +201,13 @@ private:
 
 inline InlineTextBox* toInlineTextBox(InlineBox* inlineBox)
 {
-    ASSERT(!inlineBox || inlineBox->isInlineTextBox());
+    ASSERT_WITH_SECURITY_IMPLICATION(!inlineBox || inlineBox->isInlineTextBox());
     return static_cast<InlineTextBox*>(inlineBox);
 }
 
 inline const InlineTextBox* toInlineTextBox(const InlineBox* inlineBox)
 {
-    ASSERT(!inlineBox || inlineBox->isInlineTextBox());
+    ASSERT_WITH_SECURITY_IMPLICATION(!inlineBox || inlineBox->isInlineTextBox());
     return static_cast<const InlineTextBox*>(inlineBox);
 }
 
index 5bed27f..f4e07cc 100644 (file)
@@ -49,7 +49,7 @@ private:
 
 inline RenderHTMLCanvas* toRenderHTMLCanvas(RenderObject* object)
 {
-    ASSERT(!object || !strcmp(object->renderName(), "RenderHTMLCanvas"));
+    ASSERT_WITH_SECURITY_IMPLICATION(!object || object->isCanvas());
     return static_cast<RenderHTMLCanvas*>(object);
 }
 
index 496b17e..685c007 100644 (file)
@@ -89,7 +89,7 @@ private:
 
 inline RenderScrollbar* toRenderScrollbar(ScrollbarThemeClient* scrollbar)
 {
-    ASSERT(!scrollbar || scrollbar->isCustomScrollbar());
+    ASSERT_WITH_SECURITY_IMPLICATION(!scrollbar || scrollbar->isCustomScrollbar());
     return static_cast<RenderScrollbar*>(scrollbar);
 }
 
index b7f3b0e..3f86357 100644 (file)
@@ -71,13 +71,13 @@ private:
 
 inline RenderTextFragment* toRenderTextFragment(RenderObject* object)
 { 
-    ASSERT(!object || toRenderText(object)->isTextFragment());
+    ASSERT_WITH_SECURITY_IMPLICATION(!object || toRenderText(object)->isTextFragment());
     return static_cast<RenderTextFragment*>(object);
 }
 
 inline const RenderTextFragment* toRenderTextFragment(const RenderObject* object)
 { 
-    ASSERT(!object || toRenderText(object)->isTextFragment());
+    ASSERT_WITH_SECURITY_IMPLICATION(!object || toRenderText(object)->isTextFragment());
     return static_cast<const RenderTextFragment*>(object);
 }
 
index 15009cf..747f070 100644 (file)
@@ -72,13 +72,13 @@ private:
 
 inline RenderMathMLOperator* toRenderMathMLOperator(RenderMathMLBlock* block)
 { 
-    ASSERT(!block || block->isRenderMathMLOperator());
+    ASSERT_WITH_SECURITY_IMPLICATION(!block || block->isRenderMathMLOperator());
     return static_cast<RenderMathMLOperator*>(block);
 }
 
 inline const RenderMathMLOperator* toRenderMathMLOperator(const RenderMathMLBlock* block)
 { 
-    ASSERT(!block || block->isRenderMathMLOperator());
+    ASSERT_WITH_SECURITY_IMPLICATION(!block || block->isRenderMathMLOperator());
     return static_cast<const RenderMathMLOperator*>(block);
 }
 
index 88d931b..f1c8721 100644 (file)
@@ -45,7 +45,7 @@ private:
 
 inline RenderSVGTextPath* toRenderSVGTextPath(RenderObject* object)
 { 
-    ASSERT(!object || !strcmp(object->renderName(), "RenderSVGTextPath"));
+    ASSERT_WITH_SECURITY_IMPLICATION(!object || object->isSVGTextPath());
     return static_cast<RenderSVGTextPath*>(object);
 }
 
index eb7041a..d56e751 100644 (file)
@@ -63,13 +63,13 @@ private:
   
 inline RenderSVGViewportContainer* toRenderSVGViewportContainer(RenderObject* object)
 {
-    ASSERT(!object || !strcmp(object->renderName(), "RenderSVGViewportContainer"));
+    ASSERT_WITH_SECURITY_IMPLICATION(!object || !object->isSVGViewportContainer());
     return static_cast<RenderSVGViewportContainer*>(object);
 }
 
 inline const RenderSVGViewportContainer* toRenderSVGViewportContainer(const RenderObject* object)
 {
-    ASSERT(!object || !strcmp(object->renderName(), "RenderSVGViewportContainer"));
+    ASSERT_WITH_SECURITY_IMPLICATION(!object || !object->isSVGViewportContainer());
     return static_cast<const RenderSVGViewportContainer*>(object);
 }
 
index 2b443d5..5c3dd4a 100644 (file)
@@ -64,7 +64,7 @@ private:
 
 inline SVGImageChromeClient* toSVGImageChromeClient(ChromeClient* client)
 {
-    ASSERT(!client || client->isSVGImageChromeClient());
+    ASSERT_WITH_SECURITY_IMPLICATION(!client || client->isSVGImageChromeClient());
     return static_cast<SVGImageChromeClient*>(client);
 }
     
index 7ba641e..5a0a17a 100644 (file)
@@ -1,3 +1,13 @@
+2013-03-11  Abhishek Arya  <inferno@chromium.org>
+
+        Add ASSERT_WITH_SECURITY_IMPLICATION to catch bad casts.
+        https://bugs.webkit.org/show_bug.cgi?id=112060
+
+        Reviewed by Eric Seidel.
+
+        * src/FrameLoaderClientImpl.cpp:
+        (WebKit::FrameLoaderClientImpl::redirectDataToPlugin):
+
 2013-03-11  Sheriff Bot  <webkit.review.bot@gmail.com>
 
         Unreviewed, rolling out r145375.
index b4de1bd..8091589 100644 (file)
@@ -1528,7 +1528,7 @@ PassRefPtr<Widget> FrameLoaderClientImpl::createPlugin(
 // (e.g., acrobat reader).
 void FrameLoaderClientImpl::redirectDataToPlugin(Widget* pluginWidget)
 {
-    ASSERT(!pluginWidget || pluginWidget->isPluginContainer());
+    ASSERT_WITH_SECURITY_IMPLICATION(!pluginWidget || pluginWidget->isPluginContainer());
     m_pluginWidget = static_cast<WebPluginContainerImpl*>(pluginWidget);
 }