Add ASSERT_WITH_SECURITY_IMPLICATION to detect bad cast in DOM, CSS, etc.
Created attachment 186132 [details] Patch
Comment on attachment 186132 [details] Patch Attachment 186132 [details] did not pass win-ews (win): Output: http://queues.webkit.org/results/16344187
So remind me... these are ASSERTS which are on for builds sent through your fuzzers? but not generally for release buidls?
Could you give some context (here, or on the security list) about how well this has worked/hasn't?
(In reply to comment #3) > So remind me... these are ASSERTS which are on for builds sent through your fuzzers? but not generally for release buidls? Yes, only for the fuzzing builds, they won't impact any production branches. http://trac.webkit.org/changeset/140633/trunk/Source/WTF/wtf/Assertions.h (In reply to comment #4) > Could you give some context (here, or on the security list) about how well this has worked/hasn't? If you open https://bugs.webkit.org/show_bug.cgi?id=107699, you will see the list of bugs it is finding. (in blocks field - 107748 108150 108153 108307 108503 108522 108828 108829). This is just the beginning, since clusterfuzz has been down a lot last week because of migration work.
Wow. 8 real sec bugs found with just a couple asserts... not bad man.
(In reply to comment #6) > Wow. 8 real sec bugs found with just a couple asserts... not bad man. Just filed the 9th :) https://bugs.webkit.org/show_bug.cgi?id=108833
Comment on attachment 186132 [details] Patch LGTM.
Comment on attachment 186132 [details] Patch Clearing flags on attachment: 186132 Committed r141783: <http://trac.webkit.org/changeset/141783>
All reviewed patches have been landed. Closing bug.
Heeey, please build before land. ews won't help you in this case :-/ http://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20ASAN/builds/3122
(In reply to comment #11) > Heeey, please build before land. ews won't help you in this case :-/ > http://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20ASAN/builds/3122 Sorry about that. We definitely need an ASAN ews, we rely a lot on this tool these days and can't expect what life would look like without it.