178269 2017-10-13 10:46:47 -0700 Add RELEASE_ASSERT_WITH_SECURITY_IMPLICATION() macro 2017-10-16 12:02:17 -0700 1 1 1 Unclassified WebKit Web Template Framework WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 ddkilzer ddkilzer achristensen aestes benjamin bfulgham buildbot cdumez cmarcelo commit-queue dbates eric.carlson ggaren glenn jer.noble keith_miller mitz webkit-bug-importer oldest_to_newest 1360081 0 ddkilzer 2017-10-13 10:46:47 -0700 It turns out that some ASSERT_WITH_SECURITY_IMPLICATION() statements would have prevented security issues in WebKit had they been compiled into release builds.* Toward that end, I'm introducing the RELEASE_ASSERT_WITH_SECURITY_IMPLICATION() macro so that we can transition to release assertions incrementally. (Doing a wholesale change would incur performance regressions, so we want to be able to change a few at a time.) I'm also adding a webkit-style-checker (security/assertion) to suggest that new patches stop using ASSERT_WITH_SECURITY_IMPLICATION(). Q: Why not just use RELEASE_ASSERT() instead of adding RELEASE_ASSERT_WITH_SECURITY_IMPLICATION()? A: Switching from ASSERT_WITH_SECURITY_IMPLICATION() to RELEASE_ASSERT() would lose some important information that the original author thought that this assertion had security implications if it was hit. When an engineer investigates such crashes, they may be more inclined to consider the security implications of the assertion than if it were a simple RELEASE_ASSERT(). Also, if we later decide that RELEASE_ASSERT_WITH_SECURITY_IMPLICATION() no longer provides useful context, then the Tools/Scripts/do-webcore-rename script can be used to remove it relatively easily in the future. * Using -DENABLE_SECURITY_ASSERTIONS=1 when compiling WebKit will enable ASSERT_WITH_SECURITY_IMPLICATION() on release builds. 1360090 1 323704 ddkilzer 2017-10-13 10:57:50 -0700 Created attachment 323704 Patch v1 1360091 2 webkit-bug-importer 2017-10-13 10:59:28 -0700 <rdar://problem/34981321> 1360877 3 323704 commit-queue 2017-10-16 12:02:15 -0700 Comment on attachment 323704 Patch v1 Clearing flags on attachment: 323704 Committed r223421: <https://trac.webkit.org/changeset/223421> 1360878 4 commit-queue 2017-10-16 12:02:17 -0700 All reviewed patches have been landed. Closing bug. 323704 2017-10-13 10:57:50 -0700 2017-10-16 12:02:15 -0700 Patch v1 bug-178269-20171013105749.patch text/plain 4887 ddkilzer U3VidmVyc2lvbiBSZXZpc2lvbjogMjIyOTk2CmRpZmYgLS1naXQgYS9Tb3VyY2UvV1RGL0NoYW5n ZUxvZyBiL1NvdXJjZS9XVEYvQ2hhbmdlTG9nCmluZGV4IGM3ZThkODdkYTRmN2M4ZmYwNTU2NDc1 MDVmOGI0ZmE3NDZmOGVmMmEuLmUzYjIwMzBiNjY1YTdiMWQ3ODg2YWUxOTVkY2M3ZGFjOGYwNTI0 ZjQgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XVEYvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9XVEYvQ2hh bmdlTG9nCkBAIC0xLDMgKzEsMTMgQEAKKzIwMTctMTAtMTMgIERhdmlkIEtpbHplciAgPGRka2ls emVyQGFwcGxlLmNvbT4KKworICAgICAgICBBZGQgUkVMRUFTRV9BU1NFUlRfV0lUSF9TRUNVUklU WV9JTVBMSUNBVElPTigpIG1hY3JvCisgICAgICAgIDxodHRwczovL3dlYmtpdC5vcmcvYi8xNzgy Njk+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgKiB3 dGYvQXNzZXJ0aW9ucy5oOgorICAgICAgICAoUkVMRUFTRV9BU1NFUlRfV0lUSF9TRUNVUklUWV9J TVBMSUNBVElPTik6IEFkZCBtYWNyby4KKwogMjAxNy0xMC0wNiAgQW50dGkgS29pdmlzdG8gIDxh bnR0aUBhcHBsZS5jb20+CiAKICAgICAgICAgTWlub3IgV2Vha1B0ciBpbXByb3ZlbWVudHMKZGlm ZiAtLWdpdCBhL1NvdXJjZS9XVEYvd3RmL0Fzc2VydGlvbnMuaCBiL1NvdXJjZS9XVEYvd3RmL0Fz c2VydGlvbnMuaAppbmRleCAxNzlmNTE4ZWQ2NGU4YjUyZDBhM2NkN2ZkY2VkZmVjN2UzYzI3ZmYz Li5iOThjMjhlZWE5OGIxODUxZTE1NDFhMmViNDIzNDI1YjdkN2ZlNzBiIDEwMDY0NAotLS0gYS9T b3VyY2UvV1RGL3d0Zi9Bc3NlcnRpb25zLmgKKysrIGIvU291cmNlL1dURi93dGYvQXNzZXJ0aW9u cy5oCkBAIC00NzgsMTAgKzQ3OCwxMiBAQCBXVEZfRVhQT1JUX1BSSVZBVEUgTk9fUkVUVVJOX0RV RV9UT19DUkFTSCB2b2lkIFdURkNyYXNoV2l0aFNlY3VyaXR5SW1wbGljYXRpb24oKQogICAgICAg ICBDUkFTSCgpOyBcCiB9IHdoaWxlICgwKQogI2RlZmluZSBSRUxFQVNFX0FTU0VSVF9XSVRIX01F U1NBR0UoYXNzZXJ0aW9uLCAuLi4pIFJFTEVBU0VfQVNTRVJUKGFzc2VydGlvbikKKyNkZWZpbmUg UkVMRUFTRV9BU1NFUlRfV0lUSF9TRUNVUklUWV9JTVBMSUNBVElPTihhc3NlcnRpb24pIFJFTEVB U0VfQVNTRVJUKGFzc2VydGlvbikKICNkZWZpbmUgUkVMRUFTRV9BU1NFUlRfTk9UX1JFQUNIRUQo KSBDUkFTSCgpCiAjZWxzZQogI2RlZmluZSBSRUxFQVNFX0FTU0VSVChhc3NlcnRpb24pIEFTU0VS VChhc3NlcnRpb24pCiAjZGVmaW5lIFJFTEVBU0VfQVNTRVJUX1dJVEhfTUVTU0FHRShhc3NlcnRp b24sIC4uLikgQVNTRVJUX1dJVEhfTUVTU0FHRShhc3NlcnRpb24sIF9fVkFfQVJHU19fKQorI2Rl ZmluZSBSRUxFQVNFX0FTU0VSVF9XSVRIX1NFQ1VSSVRZX0lNUExJQ0FUSU9OKGFzc2VydGlvbikg QVNTRVJUX1dJVEhfU0VDVVJJVFlfSU1QTElDQVRJT04oYXNzZXJ0aW9uKQogI2RlZmluZSBSRUxF QVNFX0FTU0VSVF9OT1RfUkVBQ0hFRCgpIEFTU0VSVF9OT1RfUkVBQ0hFRCgpCiAjZW5kaWYKIApk aWZmIC0tZ2l0IGEvVG9vbHMvQ2hhbmdlTG9nIGIvVG9vbHMvQ2hhbmdlTG9nCmluZGV4IGJjNDhj ZjlkYWY3YzBhZmYzNjY0ZmI5MTE0MGYxMTU2NjNlYWFhOWUuLmE1MDk5OWMyYmUxNWYzMzc5Mzdh ZDUzZDNkZmZlM2QwMmFlODFhNjMgMTAwNjQ0Ci0tLSBhL1Rvb2xzL0NoYW5nZUxvZworKysgYi9U b29scy9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxOSBAQAorMjAxNy0xMC0xMyAgRGF2aWQgS2lsemVy ICA8ZGRraWx6ZXJAYXBwbGUuY29tPgorCisgICAgICAgIEFkZCBSRUxFQVNFX0FTU0VSVF9XSVRI X1NFQ1VSSVRZX0lNUExJQ0FUSU9OKCkgbWFjcm8KKyAgICAgICAgPGh0dHBzOi8vd2Via2l0Lm9y Zy9iLzE3ODI2OT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAg ICAgICAqIFNjcmlwdHMvd2Via2l0cHkvc3R5bGUvY2hlY2tlcnMvY3BwLnB5OgorICAgICAgICAo Y2hlY2tfbGFuZ3VhZ2UpOiBBZGQgY2hlY2tlciB0byB3YXJuIGFib3V0IHVzaW5nCisgICAgICAg IEFTU0VSVF9XSVRIX1NFQ1VSSVRZX0lNUExJQ0FUSU9OKCkuCisgICAgICAgIChDcHBDaGVja2Vy LmNhdGVnb3JpZXMpOiBBZGQgJ3NlY3VyaXR5L2Fzc2VydGlvbicgdG8gbGlzdCBvZgorICAgICAg ICBlbmFibGVkIGNoZWNrZXJzLgorICAgICAgICAqIFNjcmlwdHMvd2Via2l0cHkvc3R5bGUvY2hl Y2tlcnMvY3BwX3VuaXR0ZXN0LnB5OgorICAgICAgICAoQ3BwU3R5bGVUZXN0LnRlc3RfZGVidWdf c2VjdXJpdHlfYXNzZXJ0aW9uKTogQWRkIHRlc3RzIGZvcgorICAgICAgICBuZXcgY2hlY2tlci4K KwogMjAxNy0xMC0wNiAgV2Vuc29uIEhzaWVoICA8d2Vuc29uX2hzaWVoQGFwcGxlLmNvbT4KIAog ICAgICAgICBbaU9TXSBUd2VhayBzdXBwb3J0IGZvciBjbGFzc2lmeWluZyBmb3JtIGNvbnRyb2xz IChmb2xsb3d1cCB0byByMjIyNDg3KQpkaWZmIC0tZ2l0IGEvVG9vbHMvU2NyaXB0cy93ZWJraXRw eS9zdHlsZS9jaGVja2Vycy9jcHAucHkgYi9Ub29scy9TY3JpcHRzL3dlYmtpdHB5L3N0eWxlL2No ZWNrZXJzL2NwcC5weQppbmRleCBlZTBlMTdmNDQ2YTgyZmU5MGFhMjVlM2ZlYTQ4MjQ4NDY0M2Jm Njk0Li40MmUzOTUxZjU4NGNkMDE3NTljN2Q2MzA2ZjE4OTIzMjIzZTIzMGMyIDEwMDY0NAotLS0g YS9Ub29scy9TY3JpcHRzL3dlYmtpdHB5L3N0eWxlL2NoZWNrZXJzL2NwcC5weQorKysgYi9Ub29s cy9TY3JpcHRzL3dlYmtpdHB5L3N0eWxlL2NoZWNrZXJzL2NwcC5weQpAQCAtMzE3OCw2ICszMTc4 LDEzIEBAIGRlZiBjaGVja19sYW5ndWFnZShmaWxlbmFtZSwgY2xlYW5fbGluZXMsIGxpbmVfbnVt YmVyLCBmaWxlX2V4dGVuc2lvbiwgaW5jbHVkZV9zCiAgICAgICAgICAgICAgICdJZiB5b3UgY2Fu LCB1c2Ugc2l6ZW9mKCVzKSBpbnN0ZWFkIG9mICVzIGFzIHRoZSAybmQgYXJnICcKICAgICAgICAg ICAgICAgJ3RvIHNucHJpbnRmLicgJSAobWF0Y2hlZC5ncm91cCgxKSwgbWF0Y2hlZC5ncm91cCgy KSkpCiAKKyAgICAjIFdhcm4gd2hlbiBEZWJ1ZyBBU1NFUlRfV0lUSF9TRUNVUklUWV9JTVBMSUNB VElPTigpIGlzIHVzZWQuCisgICAgaWYgZmlsZW5hbWUgIT0gJ1NvdXJjZS9XVEYvd3RmL0Fzc2Vy dGlvbnMuaCc6CisgICAgICAgIGlmIHNlYXJjaChyJ1xiQVNTRVJUX1dJVEhfU0VDVVJJVFlfSU1Q TElDQVRJT05cYlwoJywgbGluZSk6CisgICAgICAgICAgICBlcnJvcihsaW5lX251bWJlciwgJ3Nl Y3VyaXR5L2Fzc2VydGlvbicsIDUsCisgICAgICAgICAgICAgICAgJ1BsZWFzZSByZXBsYWNlIEFT U0VSVF9XSVRIX1NFQ1VSSVRZX0lNUExJQ0FUSU9OKCkgd2l0aCAnCisgICAgICAgICAgICAgICAg J1JFTEVBU0VfQVNTRVJUX1dJVEhfU0VDVVJJVFlfSU1QTElDQVRJT04oKS4nKQorCiAgICAgIyBD aGVjayBpZiBzb21lIHZlcmJvdGVuIEMgZnVuY3Rpb25zIGFyZSBiZWluZyB1c2VkLgogICAgIGlm IHNlYXJjaChyJ1xic3ByaW50ZlxiJywgbGluZSk6CiAgICAgICAgIGVycm9yKGxpbmVfbnVtYmVy LCAnc2VjdXJpdHkvcHJpbnRmJywgNSwKQEAgLTM5MzAsNiArMzkzNyw3IEBAIGNsYXNzIENwcENo ZWNrZXIob2JqZWN0KToKICAgICAgICAgJ3J1bnRpbWUvdW5zaWduZWQnLAogICAgICAgICAncnVu dGltZS92aXJ0dWFsJywKICAgICAgICAgJ3J1bnRpbWUvd3RmX21vdmUnLAorICAgICAgICAnc2Vj dXJpdHkvYXNzZXJ0aW9uJywKICAgICAgICAgJ3NlY3VyaXR5L3ByaW50ZicsCiAgICAgICAgICdz ZWN1cml0eS90ZW1wX2ZpbGUnLAogICAgICAgICAnd2hpdGVzcGFjZS9ibGFua19saW5lJywKZGlm ZiAtLWdpdCBhL1Rvb2xzL1NjcmlwdHMvd2Via2l0cHkvc3R5bGUvY2hlY2tlcnMvY3BwX3VuaXR0 ZXN0LnB5IGIvVG9vbHMvU2NyaXB0cy93ZWJraXRweS9zdHlsZS9jaGVja2Vycy9jcHBfdW5pdHRl c3QucHkKaW5kZXggNTk1YzczMTcwYjBlM2ZiYWQyNmE5MWYxNTlkMzY2NzRiZGZjYmUzOC4uMGQy ZDY5YmZkYTIwYzc2YmMwZWJiOTI5NDZhZGE1ZGU2MDM3ZGU5ZSAxMDA2NDQKLS0tIGEvVG9vbHMv U2NyaXB0cy93ZWJraXRweS9zdHlsZS9jaGVja2Vycy9jcHBfdW5pdHRlc3QucHkKKysrIGIvVG9v bHMvU2NyaXB0cy93ZWJraXRweS9zdHlsZS9jaGVja2Vycy9jcHBfdW5pdHRlc3QucHkKQEAgLTE1 MjgsNiArMTUyOCwxNiBAQCBjbGFzcyBDcHBTdHlsZVRlc3QoQ3BwU3R5bGVUZXN0QmFzZSk6CiAg ICAgICAgICAgICAgICAgICAgICAgICAgJyBmb3IgaW1wcm92ZWQgdGhyZWFkIHNhZmV0eS4nCiAg ICAgICAgICAgICAgICAgICAgICAgICAgJyAgW3J1bnRpbWUvdGhyZWFkc2FmZV9mbl0gWzJdJykK IAorICAgIGRlZiB0ZXN0X2RlYnVnX3NlY3VyaXR5X2Fzc2VydGlvbihzZWxmKToKKyAgICAgICAg c2VsZi5hc3NlcnRfbGludCgKKyAgICAgICAgICAgICdBU1NFUlRfV0lUSF9TRUNVUklUWV9JTVBM SUNBVElPTih2YWx1ZSknLAorICAgICAgICAgICAgJ1BsZWFzZSByZXBsYWNlIEFTU0VSVF9XSVRI X1NFQ1VSSVRZX0lNUExJQ0FUSU9OKCkgd2l0aCAnCisgICAgICAgICAgICAnUkVMRUFTRV9BU1NF UlRfV0lUSF9TRUNVUklUWV9JTVBMSUNBVElPTigpLicKKyAgICAgICAgICAgICcgIFtzZWN1cml0 eS9hc3NlcnRpb25dIFs1XScpCisgICAgICAgIHNlbGYuYXNzZXJ0X2xpbnQoCisgICAgICAgICAg ICAnUkVMRUFTRV9BU1NFUlRfV0lUSF9TRUNVUklUWV9JTVBMSUNBVElPTih2YWx1ZSknLAorICAg ICAgICAgICAgJycpCisKICAgICAjIFRlc3QgZm9yIGluc2VjdXJlIHN0cmluZyBmdW5jdGlvbnMg bGlrZSBzdHJjcHkoKS9zdHJjYXQoKS4KICAgICBkZWYgdGVzdF9pbnNlY3VyZV9zdHJpbmdfb3Bl cmF0aW9ucyhzZWxmKToKICAgICAgICAgc2VsZi5hc3NlcnRfbGludCgK