[webkit-changes] [163148] trunk/Source

Thu, 30 Jan 2014 17:58:11 -0800

Title: [163148] trunk/Source
Revision
163148
Author
[email protected]
Date
2014-01-30 18:02:05 -0800 (Thu, 30 Jan 2014)

Log Message

Add security-checked cast for WebCore::CachedImage
<http://webkit.org/b/127967>

Reviewed by Darin Adler.

Source/WebCore:

* loader/cache/CachedImage.h:
(WebCore::toCachedImage): Add.
(WebCore::toCachedImageManual): Add.
* loader/cache/CachedResource.h:
(CACHED_RESOURCE_TYPE_CASTS): Add macro.

* loader/cache/CachedImage.cpp:
(WebCore::CachedImage::switchClientsToRevalidatedResource):
(WebCore::CachedImage::resumeAnimatingImagesForLoader):
* loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestImage):
* loader/cache/MemoryCache.cpp:
(WebCore::MemoryCache::removeImageFromCache):
- Use toCachedImage() and toCachedImageManual().

Source/WebKit/mac:

* Misc/WebCache.mm:
(+[WebCache imageForURL:]):
- Use WebCore::toCachedImage().

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (163147 => 163148)


--- trunk/Source/WebCore/ChangeLog	2014-01-31 01:53:19 UTC (rev 163147)
+++ trunk/Source/WebCore/ChangeLog	2014-01-31 02:02:05 UTC (rev 163148)
@@ -1,3 +1,25 @@
+2014-01-30  David Kilzer  <[email protected]>
+
+        Add security-checked cast for WebCore::CachedImage
+        <http://webkit.org/b/127967>
+
+        Reviewed by Darin Adler.
+
+        * loader/cache/CachedImage.h:
+        (WebCore::toCachedImage): Add.
+        (WebCore::toCachedImageManual): Add.
+        * loader/cache/CachedResource.h:
+        (CACHED_RESOURCE_TYPE_CASTS): Add macro.
+
+        * loader/cache/CachedImage.cpp:
+        (WebCore::CachedImage::switchClientsToRevalidatedResource):
+        (WebCore::CachedImage::resumeAnimatingImagesForLoader):
+        * loader/cache/CachedResourceLoader.cpp:
+        (WebCore::CachedResourceLoader::requestImage):
+        * loader/cache/MemoryCache.cpp:
+        (WebCore::MemoryCache::removeImageFromCache):
+        - Use toCachedImage() and toCachedImageManual().
+
 2014-01-30  Simon Fraser  <[email protected]>
 
         Fixed position objects are clipped in iOS WK2

Modified: trunk/Source/WebCore/loader/cache/CachedImage.cpp (163147 => 163148)


--- trunk/Source/WebCore/loader/cache/CachedImage.cpp	2014-01-31 01:53:19 UTC (rev 163147)
+++ trunk/Source/WebCore/loader/cache/CachedImage.cpp	2014-01-31 02:02:05 UTC (rev 163148)
@@ -141,7 +141,7 @@
         for (ContainerSizeRequests::iterator it = m_pendingContainerSizeRequests.begin(); it != m_pendingContainerSizeRequests.end(); ++it)
             switchContainerSizeRequests.set(it->key, it->value);
         CachedResource::switchClientsToRevalidatedResource();
-        CachedImage* revalidatedCachedImage = static_cast<CachedImage*>(resourceToRevalidate());
+        CachedImage* revalidatedCachedImage = toCachedImage(resourceToRevalidate());
         for (ContainerSizeRequests::iterator it = switchContainerSizeRequests.begin(); it != switchContainerSizeRequests.end(); ++it)
             revalidatedCachedImage->setContainerSizeForRenderer(it->key, it->value.first, it->value.second);
         return;
@@ -545,7 +545,7 @@
         const CachedResourceHandle<CachedResource>& resource = it->value;
         if (!resource || !resource->isImage())
             continue;
-        CachedImage* cachedImage = static_cast<CachedImage*>(resource.get());
+        CachedImage* cachedImage = toCachedImage(resource.get());
         if (!cachedImage->hasImage())
             continue;
         Image* image = cachedImage->image();

Modified: trunk/Source/WebCore/loader/cache/CachedImage.h (163147 => 163148)


--- trunk/Source/WebCore/loader/cache/CachedImage.h	2014-01-31 01:53:19 UTC (rev 163147)
+++ trunk/Source/WebCore/loader/cache/CachedImage.h	2014-01-31 02:02:05 UTC (rev 163148)
@@ -161,6 +161,11 @@
 };
 #endif
 
+CACHED_RESOURCE_TYPE_CASTS(CachedImage, CachedResource, CachedResource::ImageResource)
+#if USE(CF)
+TYPE_CASTS_BASE(CachedImageManual, CachedImage, resource, resource->isManual(), resource.isManual())
+#endif
+
 }
 
 #endif

Modified: trunk/Source/WebCore/loader/cache/CachedResource.h (163147 => 163148)


--- trunk/Source/WebCore/loader/cache/CachedResource.h	2014-01-31 01:53:19 UTC (rev 163147)
+++ trunk/Source/WebCore/loader/cache/CachedResource.h	2014-01-31 02:02:05 UTC (rev 163148)
@@ -368,6 +368,9 @@
     HashSet<CachedResourceHandleBase*> m_handlesToRevalidate;
 };
 
+#define CACHED_RESOURCE_TYPE_CASTS(ToClassName, FromClassName, CachedResourceType) \
+    TYPE_CASTS_BASE(ToClassName, FromClassName, resource, resource->type() == CachedResourceType, resource.type() == CachedResourceType)
+
 }
 
 #endif

Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (163147 => 163148)


--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp	2014-01-31 01:53:19 UTC (rev 163147)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp	2014-01-31 02:02:05 UTC (rev 163148)
@@ -160,7 +160,7 @@
         }
     }
     request.setDefer(clientDefersImage(request.resourceRequest().url()) ? CachedResourceRequest::DeferredByClient : CachedResourceRequest::NoDefer);
-    return static_cast<CachedImage*>(requestResource(CachedResource::ImageResource, request).get());
+    return toCachedImage(requestResource(CachedResource::ImageResource, request).get());
 }
 
 CachedResourceHandle<CachedFont> CachedResourceLoader::requestFont(CachedResourceRequest& request)

Modified: trunk/Source/WebCore/loader/cache/MemoryCache.cpp (163147 => 163148)


--- trunk/Source/WebCore/loader/cache/MemoryCache.cpp	2014-01-31 01:53:19 UTC (rev 163147)
+++ trunk/Source/WebCore/loader/cache/MemoryCache.cpp	2014-01-31 02:02:05 UTC (rev 163148)
@@ -255,7 +255,7 @@
         return;
 
     // A resource exists and is not a manually cached image, so just remove it.
-    if (!resource->isImage() || !static_cast<CachedImage*>(resource)->isManual()) {
+    if (!resource->isImage() || !toCachedImage(resource)->isManual()) {
         evict(resource);
         return;
     }
@@ -265,7 +265,7 @@
     // dead resources are pruned. That might be immediately since
     // removing the last client triggers a MemoryCache::prune, so the
     // resource may be deleted after this call.
-    static_cast<CachedImageManual*>(resource)->removeFakeClient();
+    toCachedImageManual(toCachedImage(resource))->removeFakeClient();
 }
 #endif

Modified: trunk/Source/WebKit/mac/ChangeLog (163147 => 163148)


--- trunk/Source/WebKit/mac/ChangeLog	2014-01-31 01:53:19 UTC (rev 163147)
+++ trunk/Source/WebKit/mac/ChangeLog	2014-01-31 02:02:05 UTC (rev 163148)
@@ -1,5 +1,16 @@
 2014-01-30  David Kilzer  <[email protected]>
 
+        Add security-checked cast for WebCore::CachedImage
+        <http://webkit.org/b/127967>
+
+        Reviewed by Darin Adler.
+
+        * Misc/WebCache.mm:
+        (+[WebCache imageForURL:]):
+        - Use WebCore::toCachedImage().
+
+2014-01-30  David Kilzer  <[email protected]>
+
         De-virtual-ize CachedResource::isImage()
         <http://webkit.org/b/127936>

Modified: trunk/Source/WebKit/mac/Misc/WebCache.mm (163147 => 163148)


--- trunk/Source/WebKit/mac/Misc/WebCache.mm	2014-01-31 01:53:19 UTC (rev 163147)
+++ trunk/Source/WebKit/mac/Misc/WebCache.mm	2014-01-31 02:02:05 UTC (rev 163148)
@@ -236,7 +236,7 @@
     WebCore::CachedResource* cachedResource = WebCore::memoryCache()->resourceForURL(url);
     if (!cachedResource || !cachedResource->isImage())
         return nullptr;
-    WebCore::CachedImage* cachedImage = static_cast<WebCore::CachedImage*>(cachedResource);
+    WebCore::CachedImage* cachedImage = WebCore::toCachedImage(cachedResource);
     if (!cachedImage || !cachedImage->hasImage())
         return nullptr;
     return cachedImage->image()->getCGImageRef();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to