NEW 113011
Please restore ValueCheck functionality in WebCore 
https://bugs.webkit.org/show_bug.cgi?id=113011
Summary Please restore ValueCheck functionality in WebCore
Alexey Proskuryakov
Reported 2013-03-22 00:01:00 PDT
Changes in bug 112831 yesterday disabled almost all ValueCheck security checks in WebCore. They need to be restored. Please see Maciej's suggestion in bug 112873: "It sounds like it will be possible to fix the StringImpl/AtomicStringImpl cases once the new statically allocated StringImpl's return true from isStatic()."
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2013-03-25 14:14:54 PDT
Adam, Eric, who is going to work on this?
Adam Barth
Comment 2 2013-03-30 11:32:15 PDT
(In reply to comment #1) > Adam, Eric, who is going to work on this? I don't plan to work on this issue this week.
Alexey Proskuryakov
Comment 3 2013-04-03 16:38:33 PDT
Do you plan to work on this after this week?
Maciej Stachowiak
Comment 4 2013-04-04 00:13:18 PDT
(In reply to comment #3) > Do you plan to work on this after this week? I think it's going to our job to deal with it now, given the recent announcement. Let's let our former colleagues go in peace.
Alexey Proskuryakov
Comment 5 2013-04-04 00:36:26 PDT
I was thinking about this part of Eric's e-mail to webkit-dev: "Adam and I are happy to work with other reviewers to remove PLATFORM(CHROMIUM) code and other messes we may have caused over the years from webkit.org" This is one of the most recent cases of "mess".
Adam Barth
Comment 6 2013-04-04 08:50:09 PDT
I'm happy to roll out the patches that led to the changes to ValueCheck if that would be helpful to you. Completing this work requires landing the patch that makes HTMLNames thread safe. That patch works for Chromium today, but making it work for other ports is probably out of scope for helping with cleanup.
Note You need to log in before you can comment on or make changes to this bug.