Bug 235037

Summary: WebEventConversion.cpp uses switch statements that fall through ASSERT_NOT_REACHED()
Product: WebKit Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: DOMAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 234932    
Bug Blocks:    

David Kilzer (:ddkilzer)
Reported 2022-01-10 10:58:23 PST
WebEventConversion.cpp uses switch statements that fall through ASSERT_NOT_REACHED(). In most cases, the `default` case does not initialize same same instance variable(s) as the other `case` blocks, and (looking at one example), the base class doesn't always initialize the instance variable, either, which could cause uninitialized variables to be used. The fix is to make sure to initialize the same instance variables in the `default` case. WebKit2PlatformMouseEvent(const WebMouseEvent& webEvent) { // PlatformEvent switch (webEvent.type()) { case WebEvent::MouseDown: m_type = WebCore::PlatformEvent::MousePressed; m_force = WebCore::ForceAtClick; break; case WebEvent::MouseUp: m_type = WebCore::PlatformEvent::MouseReleased; m_force = WebCore::ForceAtClick; break; case WebEvent::MouseMove: m_type = WebCore::PlatformEvent::MouseMoved; m_force = webEvent.force(); break; case WebEvent::MouseForceChanged: m_type = WebCore::PlatformEvent::MouseForceChanged; m_force = webEvent.force(); break; case WebEvent::MouseForceDown: m_type = WebCore::PlatformEvent::MouseForceDown; m_force = WebCore::ForceAtForceClick; break; case WebEvent::MouseForceUp: m_type = WebCore::PlatformEvent::MouseForceUp; m_force = WebCore::ForceAtForceClick; break; default: ASSERT_NOT_REACHED(); } [...] } See: Source/WebKit/Shared/WebEventConversion.cpp. There are six places where this occurs (in four switch statements): ERROR: Source/WebKit/Shared/WebEventConversion.cpp:71: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4] ERROR: Source/WebKit/Shared/WebEventConversion.cpp:102: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4] ERROR: Source/WebKit/Shared/WebEventConversion.cpp:205: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4] ERROR: Source/WebKit/Shared/WebEventConversion.cpp:319: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4] ERROR: Source/WebKit/Shared/WebEventConversion.cpp:351: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4] ERROR: Source/WebKit/Shared/WebEventConversion.cpp:410: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4]
Attachments
Radar WebKit Bug Importer
Comment 1 2022-01-10 10:58:43 PST
Note You need to log in before you can comment on or make changes to this bug.