Bug 235037 - WebEventConversion.cpp uses switch statements that fall through ASSERT_NOT_REACHED()
Summary: WebEventConversion.cpp uses switch statements that fall through ASSERT_NOT_RE...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: Other
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on: 234932
Blocks:
  Show dependency treegraph
 
Reported: 2022-01-10 10:58 PST by David Kilzer (:ddkilzer)
Modified: 2022-01-10 10:58 PST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David Kilzer (:ddkilzer) 2022-01-10 10:58:23 PST 
WebEventConversion.cpp uses switch statements that fall through ASSERT_NOT_REACHED().

In most cases, the `default` case does not initialize same same instance variable(s) as the other `case` blocks, and (looking at one example), the base class doesn't always initialize the instance variable, either, which could cause uninitialized variables to be used.

The fix is to make sure to initialize the same instance variables in the `default` case.

    WebKit2PlatformMouseEvent(const WebMouseEvent& webEvent)
    {
        // PlatformEvent
        switch (webEvent.type()) {
        case WebEvent::MouseDown:
            m_type = WebCore::PlatformEvent::MousePressed;
            m_force = WebCore::ForceAtClick;
            break;
        case WebEvent::MouseUp:
            m_type = WebCore::PlatformEvent::MouseReleased;
            m_force = WebCore::ForceAtClick;
            break;
        case WebEvent::MouseMove:
            m_type = WebCore::PlatformEvent::MouseMoved;
            m_force = webEvent.force();
            break;
        case WebEvent::MouseForceChanged:
            m_type = WebCore::PlatformEvent::MouseForceChanged;
            m_force = webEvent.force();
            break;
        case WebEvent::MouseForceDown:
            m_type = WebCore::PlatformEvent::MouseForceDown;
            m_force = WebCore::ForceAtForceClick;
            break;
        case WebEvent::MouseForceUp:
            m_type = WebCore::PlatformEvent::MouseForceUp;
            m_force = WebCore::ForceAtForceClick;
            break;
        default:
            ASSERT_NOT_REACHED();
        }
        [...]
    }

See:  Source/WebKit/Shared/WebEventConversion.cpp.

There are six places where this occurs (in four switch statements):

ERROR: Source/WebKit/Shared/WebEventConversion.cpp:71:  ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution.  [security/assertion_fallthrough] [4]
ERROR: Source/WebKit/Shared/WebEventConversion.cpp:102:  ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution.  [security/assertion_fallthrough] [4]
ERROR: Source/WebKit/Shared/WebEventConversion.cpp:205:  ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution.  [security/assertion_fallthrough] [4]
ERROR: Source/WebKit/Shared/WebEventConversion.cpp:319:  ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution.  [security/assertion_fallthrough] [4]
ERROR: Source/WebKit/Shared/WebEventConversion.cpp:351:  ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution.  [security/assertion_fallthrough] [4]
ERROR: Source/WebKit/Shared/WebEventConversion.cpp:410:  ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution.  [security/assertion_fallthrough] [4]
Comment 1 Radar WebKit Bug Importer 2022-01-10 10:58:43 PST 
<rdar://problem/87350981>