[webkit-changes] [223886] trunk/Source/WebCore

Tue, 24 Oct 2017 01:55:10 -0700

Title: [223886] trunk/Source/WebCore
Revision
223886
Author
[email protected]
Date
2017-10-24 01:54:42 -0700 (Tue, 24 Oct 2017)

Log Message

DocumentOrderedMap::add should release assert that tree scopes match
https://bugs.webkit.org/show_bug.cgi?id=178708

Reviewed by Antti Koivisto.

Assert that the tree scope of element matches the given tree scope instead of asserting that
element is in tree scope, and replaced the use of RELEASE_ASSERT by the newly added
RELEASE_ASSERT_WITH_SECURITY_IMPLICATION to clarify the semantics of these assertions.

Also removed now redudnant early exits which would never execute due to release assertions.

* dom/DocumentOrderedMap.cpp:
(WebCore::DocumentOrderedMap::add):
(WebCore::DocumentOrderedMap::remove):
(WebCore::DocumentOrderedMap::get const):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (223885 => 223886)


--- trunk/Source/WebCore/ChangeLog	2017-10-24 08:38:28 UTC (rev 223885)
+++ trunk/Source/WebCore/ChangeLog	2017-10-24 08:54:42 UTC (rev 223886)
@@ -1,3 +1,21 @@
+2017-10-24  Ryosuke Niwa  <[email protected]>
+
+        DocumentOrderedMap::add should release assert that tree scopes match
+        https://bugs.webkit.org/show_bug.cgi?id=178708
+
+        Reviewed by Antti Koivisto.
+
+        Assert that the tree scope of element matches the given tree scope instead of asserting that
+        element is in tree scope, and replaced the use of RELEASE_ASSERT by the newly added
+        RELEASE_ASSERT_WITH_SECURITY_IMPLICATION to clarify the semantics of these assertions.
+
+        Also removed now redudnant early exits which would never execute due to release assertions.
+
+        * dom/DocumentOrderedMap.cpp:
+        (WebCore::DocumentOrderedMap::add):
+        (WebCore::DocumentOrderedMap::remove):
+        (WebCore::DocumentOrderedMap::get const):
+
 2017-10-24  Michael Catanzaro  <[email protected]>
 
         -Wsubobject-linkage warning in InspectorIndexedDBAgent.cpp

Modified: trunk/Source/WebCore/dom/DocumentOrderedMap.cpp (223885 => 223886)


--- trunk/Source/WebCore/dom/DocumentOrderedMap.cpp	2017-10-24 08:38:28 UTC (rev 223885)
+++ trunk/Source/WebCore/dom/DocumentOrderedMap.cpp	2017-10-24 08:54:42 UTC (rev 223886)
@@ -48,8 +48,7 @@
 
 void DocumentOrderedMap::add(const AtomicStringImpl& key, Element& element, const TreeScope& treeScope)
 {
-    UNUSED_PARAM(treeScope);
-    RELEASE_ASSERT(element.isInTreeScope());
+    RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(&element.treeScope() == &treeScope);
     ASSERT_WITH_SECURITY_IMPLICATION(treeScope.rootNode().containsIncludingShadowDOM(&element));
 
     if (!element.isInTreeScope())
@@ -67,7 +66,7 @@
     if (addResult.isNewEntry)
         return;
 
-    RELEASE_ASSERT(entry.count);
+    RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(entry.count);
     entry.element = nullptr;
     entry.count++;
     entry.orderedList.clear();
@@ -78,15 +77,13 @@
     m_map.checkConsistency();
     auto it = m_map.find(&key);
 
-    RELEASE_ASSERT(it != m_map.end());
-    if (it == m_map.end())
-        return;
+    RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(it != m_map.end());
 
     MapEntry& entry = it->value;
     ASSERT_WITH_SECURITY_IMPLICATION(entry.registeredElements.remove(&element));
-    RELEASE_ASSERT(entry.count);
+    RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(entry.count);
     if (entry.count == 1) {
-        RELEASE_ASSERT(!entry.element || entry.element == &element);
+        RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(!entry.element || entry.element == &element);
         m_map.remove(it);
     } else {
         if (entry.element == &element)
@@ -108,10 +105,10 @@
     MapEntry& entry = it->value;
     ASSERT(entry.count);
     if (entry.element) {
-        RELEASE_ASSERT(entry.element->isInTreeScope());
-        RELEASE_ASSERT(&entry.element->treeScope() == &scope);
-        ASSERT_WITH_SECURITY_IMPLICATION(entry.registeredElements.contains(entry.element));
-        return entry.element;
+        auto& element = *entry.element;
+        RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(&element.treeScope() == &scope);
+        ASSERT_WITH_SECURITY_IMPLICATION(entry.registeredElements.contains(&element));
+        return &element;
     }
 
     // We know there's at least one node that matches; iterate to find the first one.
@@ -119,8 +116,7 @@
         if (!keyMatches(key, element))
             continue;
         entry.element = &element;
-        RELEASE_ASSERT(element.isInTreeScope());
-        RELEASE_ASSERT(&element.treeScope() == &scope);
+        RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(&element.treeScope() == &scope);
         ASSERT_WITH_SECURITY_IMPLICATION(entry.registeredElements.contains(entry.element));
         return &element;
     }
@@ -187,9 +183,7 @@
         return nullptr;
 
     MapEntry& entry = it->value;
-    RELEASE_ASSERT(entry.count);
-    if (!entry.count)
-        return nullptr;
+    RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(entry.count);
 
     if (entry.orderedList.isEmpty()) {
         entry.orderedList.reserveCapacity(entry.count);
@@ -202,7 +196,7 @@
                 continue;
             entry.orderedList.append(&element);
         }
-        RELEASE_ASSERT(entry.orderedList.size() == entry.count);
+        RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(entry.orderedList.size() == entry.count);
     }
 
     return &entry.orderedList;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to