Bug 113011 - Please restore ValueCheck functionality in WebCore
Summary: Please restore ValueCheck functionality in WebCore
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Template Framework (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-03-22 00:01 PDT by Alexey Proskuryakov
Modified: 2013-04-05 10:33 PDT (History)
4 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Proskuryakov 2013-03-22 00:01:00 PDT
Changes in bug 112831 yesterday disabled almost all ValueCheck security checks in WebCore. They need to be restored.

Please see Maciej's suggestion in bug 112873: "It sounds like it will be possible to fix the StringImpl/AtomicStringImpl cases once the new statically allocated StringImpl's return true from isStatic()."
Comment 1 Alexey Proskuryakov 2013-03-25 14:14:54 PDT
Adam, Eric, who is going to work on this?
Comment 2 Adam Barth 2013-03-30 11:32:15 PDT
(In reply to comment #1)
> Adam, Eric, who is going to work on this?

I don't plan to work on this issue this week.
Comment 3 Alexey Proskuryakov 2013-04-03 16:38:33 PDT
Do you plan to work on this after this week?
Comment 4 Maciej Stachowiak 2013-04-04 00:13:18 PDT
(In reply to comment #3)
> Do you plan to work on this after this week?

I think it's going to our job to deal with it now, given the recent announcement. Let's let our former colleagues go in peace.
Comment 5 Alexey Proskuryakov 2013-04-04 00:36:26 PDT
I was thinking about this part of Eric's e-mail to webkit-dev: "Adam and I are happy to work with other reviewers to remove PLATFORM(CHROMIUM) code and other messes we may have caused over the years from webkit.org"

This is one of the most recent cases of "mess".
Comment 6 Adam Barth 2013-04-04 08:50:09 PDT
I'm happy to roll out the patches that led to the changes to ValueCheck if that would be helpful to you.  Completing this work requires landing the patch that makes HTMLNames thread safe.  That patch works for Chromium today, but making it work for other ports is probably out of scope for helping with cleanup.