[Webkit-unassigned] [Bug 178269] New: Add RELEASE_ASSERT_WITH_SECURITY_IMPLICATION() macro

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 13 10:46:47 PDT 2017 

https://bugs.webkit.org/show_bug.cgi?id=178269

            Bug ID: 178269
           Summary: Add RELEASE_ASSERT_WITH_SECURITY_IMPLICATION() macro
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Web Template Framework
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ddkilzer at webkit.org
                CC: aestes at apple.com, bfulgham at webkit.org

It turns out that some ASSERT_WITH_SECURITY_IMPLICATION() statements would have prevented security issues in WebKit had they been compiled into release builds.*

Toward that end, I'm introducing the RELEASE_ASSERT_WITH_SECURITY_IMPLICATION() macro so that we can transition to release assertions incrementally.  (Doing a wholesale change would incur performance regressions, so we want to be able to change a few at a time.)

I'm also adding a webkit-style-checker (security/assertion) to suggest that new patches stop using ASSERT_WITH_SECURITY_IMPLICATION().

Q: Why not just use RELEASE_ASSERT() instead of adding RELEASE_ASSERT_WITH_SECURITY_IMPLICATION()?

A: Switching from ASSERT_WITH_SECURITY_IMPLICATION() to RELEASE_ASSERT() would lose some important information that the original author thought that this assertion had security implications if it was hit.  When an engineer investigates such crashes, they may be more inclined to consider the security implications of the assertion than if it were a simple RELEASE_ASSERT().  Also, if we later decide that RELEASE_ASSERT_WITH_SECURITY_IMPLICATION() no longer provides useful context, then the Tools/Scripts/do-webcore-rename script can be used to remove it relatively easily in the future.

* Using -DENABLE_SECURITY_ASSERTIONS=1 when compiling WebKit will enable ASSERT_WITH_SECURITY_IMPLICATION() on release builds.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171013/360e9749/attachment.html>

More information about the webkit-unassigned mailing list