[Webkit-unassigned] [Bug 107743] Add ASSERT_WITH_SECURITY_IMPLICATION to detect bad casts in rendering
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 24 12:24:50 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=107743
--- Comment #10 from Abhishek Arya <inferno at chromium.org> 2013-01-24 12:26:43 PST ---
(In reply to comment #9)
> If we expect future programmers to use this macro correctly, we need a guideline to explain what this is for and how to use it. Where is that going to go?
I think we can explain in more detail inside Assertions.h [http://trac.webkit.org/changeset/140633/trunk/Source/WTF/wtf/Assertions.h]. Or we can update webkit wiki page here - http://www.webkit.org/coding/assertion-guidelines.html. Frankly, right now, we don't want non-security members to use this assert since they need to understand the vulnerabilities involved before using them. Bad cast ones are the easiest and can be explained easily. The other ones will be based on experience of previous discovered security vulnerabilities.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list