nephele
/
haikuwebkit
1
0
Fork 0
Code Issues Releases Activity
haikuwebkit/Source/WebCore/dom/XMLDocument.cpp

37 lines
1.5 KiB
C++
Raw Permalink Normal View History

Put the DOM in IsoHeaps https://bugs.webkit.org/show_bug.cgi?id=183546 Source/bmalloc: Reviewed by Simon Fraser. Make it easy to runtime-disable IsoHeaps. * bmalloc/Allocator.h: * bmalloc/IsoTLS.cpp: (bmalloc::IsoTLS::determineMallocFallbackState): * bmalloc/IsoTLS.h: * bmalloc/IsoTLSInlines.h: (bmalloc::IsoTLS::allocateSlow): (bmalloc::IsoTLS::deallocateSlow): Source/WebCore: Reviewed by Daniel Bates. No new tests because no change in behavior. This puts all descendants of WebCore::Node in isoheaps, so that UAFs on the DOM cannot be used for RCE attacks. This probably also makes it harder to use UAFs for UXSS, since it means that DOM UAFs cannot be used for universal read gadgets. This looks neutral on Speedometer and membuster, though I did have one round of testing that led me to believe that membuster was regressed - I just wasn't able to reproduce that result on subsequent testing. * Sources.txt: * WebCore.xcodeproj/project.pbxproj: * dom/Attr.cpp: * dom/Attr.h: * dom/CDATASection.cpp: * dom/CDATASection.h: * dom/CharacterData.cpp: * dom/CharacterData.h: * dom/Comment.cpp: * dom/Comment.h: * dom/ContainerNode.cpp: * dom/ContainerNode.h: * dom/Document.cpp: * dom/Document.h: * dom/DocumentFragment.cpp: * dom/DocumentFragment.h: * dom/DocumentType.cpp: * dom/DocumentType.h: * dom/Node.cpp: * dom/Node.h: * dom/ProcessingInstruction.cpp: * dom/ProcessingInstruction.h: * dom/PseudoElement.cpp: * dom/PseudoElement.h: * dom/ShadowRoot.cpp: * dom/ShadowRoot.h: * dom/StyledElement.cpp: * dom/StyledElement.h: * dom/TemplateContentDocumentFragment.cpp: Added. * dom/TemplateContentDocumentFragment.h: * dom/Text.cpp: * dom/Text.h: * dom/XMLDocument.cpp: Added. * dom/XMLDocument.h: * html/FTPDirectoryDocument.cpp: * html/FTPDirectoryDocument.h: * html/FileInputType.cpp: * html/HTMLAnchorElement.cpp: * html/HTMLAnchorElement.h: * html/HTMLAppletElement.cpp: * html/HTMLAppletElement.h: * html/HTMLAreaElement.cpp: * html/HTMLAreaElement.h: * html/HTMLAttachmentElement.cpp: * html/HTMLAttachmentElement.h: * html/HTMLBDIElement.cpp: Added. * html/HTMLBDIElement.h: * html/HTMLBRElement.cpp: * html/HTMLBRElement.h: * html/HTMLBaseElement.cpp: * html/HTMLBaseElement.h: * html/HTMLBodyElement.cpp: * html/HTMLBodyElement.h: * html/HTMLButtonElement.cpp: * html/HTMLButtonElement.h: * html/HTMLCanvasElement.cpp: * html/HTMLCanvasElement.h: * html/HTMLDListElement.cpp: * html/HTMLDListElement.h: * html/HTMLDataElement.cpp: * html/HTMLDataElement.h: * html/HTMLDataListElement.cpp: * html/HTMLDataListElement.h: * html/HTMLDetailsElement.cpp: * html/HTMLDetailsElement.h: * html/HTMLDirectoryElement.cpp: * html/HTMLDirectoryElement.h: * html/HTMLDivElement.cpp: * html/HTMLDivElement.h: * html/HTMLDocument.cpp: * html/HTMLDocument.h: * html/HTMLElement.cpp: * html/HTMLElement.h: * html/HTMLEmbedElement.cpp: * html/HTMLEmbedElement.h: * html/HTMLFieldSetElement.cpp: * html/HTMLFieldSetElement.h: * html/HTMLFontElement.cpp: * html/HTMLFontElement.h: * html/HTMLFormControlElement.cpp: * html/HTMLFormControlElement.h: * html/HTMLFormControlElementWithState.cpp: * html/HTMLFormControlElementWithState.h: * html/HTMLFormElement.cpp: * html/HTMLFormElement.h: * html/HTMLFrameElement.cpp: * html/HTMLFrameElement.h: * html/HTMLFrameElementBase.cpp: * html/HTMLFrameElementBase.h: * html/HTMLFrameOwnerElement.cpp: * html/HTMLFrameOwnerElement.h: * html/HTMLFrameSetElement.cpp: * html/HTMLFrameSetElement.h: * html/HTMLHRElement.cpp: * html/HTMLHRElement.h: * html/HTMLHeadElement.cpp: * html/HTMLHeadElement.h: * html/HTMLHeadingElement.cpp: * html/HTMLHeadingElement.h: * html/HTMLHtmlElement.cpp: * html/HTMLHtmlElement.h: * html/HTMLIFrameElement.cpp: * html/HTMLIFrameElement.h: * html/HTMLImageElement.cpp: * html/HTMLImageElement.h: * html/HTMLInputElement.cpp: * html/HTMLInputElement.h: * html/HTMLKeygenElement.cpp: * html/HTMLKeygenElement.h: * html/HTMLLIElement.cpp: * html/HTMLLIElement.h: * html/HTMLLabelElement.cpp: * html/HTMLLabelElement.h: * html/HTMLLegendElement.cpp: * html/HTMLLegendElement.h: * html/HTMLLinkElement.cpp: * html/HTMLLinkElement.h: * html/HTMLMapElement.cpp: * html/HTMLMapElement.h: * html/HTMLMarqueeElement.cpp: * html/HTMLMarqueeElement.h: * html/HTMLMenuElement.cpp: * html/HTMLMenuElement.h: * html/HTMLMenuItemElement.cpp: * html/HTMLMenuItemElement.h: * html/HTMLMetaElement.cpp: * html/HTMLMetaElement.h: * html/HTMLMeterElement.cpp: * html/HTMLMeterElement.h: * html/HTMLModElement.cpp: * html/HTMLModElement.h: * html/HTMLOListElement.cpp: * html/HTMLOListElement.h: * html/HTMLObjectElement.cpp: * html/HTMLObjectElement.h: * html/HTMLOptGroupElement.cpp: * html/HTMLOptGroupElement.h: * html/HTMLOptionElement.cpp: * html/HTMLOptionElement.h: * html/HTMLOutputElement.cpp: * html/HTMLOutputElement.h: * html/HTMLParagraphElement.cpp: * html/HTMLParagraphElement.h: * html/HTMLParamElement.cpp: * html/HTMLParamElement.h: * html/HTMLPictureElement.cpp: * html/HTMLPictureElement.h: * html/HTMLPlugInElement.cpp: * html/HTMLPlugInElement.h: * html/HTMLPlugInImageElement.cpp: * html/HTMLPlugInImageElement.h: * html/HTMLPreElement.cpp: * html/HTMLPreElement.h: * html/HTMLProgressElement.cpp: * html/HTMLProgressElement.h: * html/HTMLQuoteElement.cpp: * html/HTMLQuoteElement.h: * html/HTMLScriptElement.cpp: * html/HTMLScriptElement.h: * html/HTMLSelectElement.cpp: * html/HTMLSelectElement.h: * html/HTMLSlotElement.cpp: * html/HTMLSlotElement.h: * html/HTMLSourceElement.cpp: * html/HTMLSourceElement.h: * html/HTMLSpanElement.cpp: * html/HTMLSpanElement.h: * html/HTMLStyleElement.cpp: * html/HTMLStyleElement.h: * html/HTMLSummaryElement.cpp: * html/HTMLSummaryElement.h: * html/HTMLTableCaptionElement.cpp: * html/HTMLTableCaptionElement.h: * html/HTMLTableCellElement.cpp: * html/HTMLTableCellElement.h: * html/HTMLTableColElement.cpp: * html/HTMLTableColElement.h: * html/HTMLTableElement.cpp: * html/HTMLTableElement.h: * html/HTMLTablePartElement.cpp: * html/HTMLTablePartElement.h: * html/HTMLTableRowElement.cpp: * html/HTMLTableRowElement.h: * html/HTMLTableSectionElement.cpp: * html/HTMLTableSectionElement.h: * html/HTMLTemplateElement.cpp: * html/HTMLTemplateElement.h: * html/HTMLTextAreaElement.cpp: * html/HTMLTextAreaElement.h: * html/HTMLTextFormControlElement.cpp: * html/HTMLTextFormControlElement.h: * html/HTMLTimeElement.cpp: * html/HTMLTimeElement.h: * html/HTMLTitleElement.cpp: * html/HTMLTitleElement.h: * html/HTMLTrackElement.cpp: * html/HTMLTrackElement.h: * html/HTMLUListElement.cpp: * html/HTMLUListElement.h: * html/HTMLUnknownElement.cpp: Added. * html/HTMLUnknownElement.h: * html/HTMLWBRElement.cpp: * html/HTMLWBRElement.h: * html/ImageDocument.cpp: * html/ImageDocument.h: * html/LabelableElement.cpp: * html/LabelableElement.h: * html/MediaController.cpp: (MediaController::create): Deleted. (MediaController::MediaController): Deleted. (MediaController::addMediaElement): Deleted. (MediaController::removeMediaElement): Deleted. (MediaController::containsMediaElement const): Deleted. (MediaController::buffered const): Deleted. (MediaController::seekable const): Deleted. (MediaController::played): Deleted. (MediaController::duration const): Deleted. (MediaController::currentTime const): Deleted. (MediaController::setCurrentTime): Deleted. (MediaController::unpause): Deleted. (MediaController::play): Deleted. (MediaController::pause): Deleted. (MediaController::setDefaultPlaybackRate): Deleted. (MediaController::playbackRate const): Deleted. (MediaController::setPlaybackRate): Deleted. (MediaController::setVolume): Deleted. (MediaController::setMuted): Deleted. (playbackStateWaiting): Deleted. (playbackStatePlaying): Deleted. (playbackStateEnded): Deleted. (MediaController::playbackState const): Deleted. (MediaController::reportControllerState): Deleted. (eventNameForReadyState): Deleted. (MediaController::updateReadyState): Deleted. (MediaController::updatePlaybackState): Deleted. (MediaController::updateMediaElements): Deleted. (MediaController::bringElementUpToSpeed): Deleted. (MediaController::isBlocked const): Deleted. (MediaController::hasEnded const): Deleted. (MediaController::scheduleEvent): Deleted. (MediaController::asyncEventTimerFired): Deleted. (MediaController::clearPositionTimerFired): Deleted. (MediaController::hasAudio const): Deleted. (MediaController::hasVideo const): Deleted. (MediaController::hasClosedCaptions const): Deleted. (MediaController::setClosedCaptionsVisible): Deleted. (MediaController::supportsScanning const): Deleted. (MediaController::beginScrubbing): Deleted. (MediaController::endScrubbing): Deleted. (MediaController::beginScanning): Deleted. (MediaController::endScanning): Deleted. (MediaController::canPlay const): Deleted. (MediaController::isLiveStream const): Deleted. (MediaController::hasCurrentSrc const): Deleted. (MediaController::returnToRealtime): Deleted. (MediaController::startTimeupdateTimer): Deleted. (MediaController::scheduleTimeupdateEvent): Deleted. * html/MediaDocument.cpp: * html/MediaDocument.h: * html/PluginDocument.cpp: * html/PluginDocument.h: * html/RubyElement.cpp: * html/RubyElement.h: * html/RubyTextElement.cpp: * html/RubyTextElement.h: * html/TextDocument.cpp: * html/TextDocument.h: * html/shadow/AutoFillButtonElement.cpp: * html/shadow/AutoFillButtonElement.h: * html/shadow/DetailsMarkerControl.cpp: * html/shadow/DetailsMarkerControl.h: * html/shadow/ImageControlsRootElement.cpp: * html/shadow/ImageControlsRootElement.h: * html/shadow/MediaControlElementTypes.cpp: * html/shadow/MediaControlElementTypes.h: * html/shadow/MediaControlElements.cpp: * html/shadow/MediaControlElements.h: * html/shadow/MediaControls.cpp: * html/shadow/MediaControls.h: * html/shadow/ProgressShadowElement.cpp: * html/shadow/ProgressShadowElement.h: * html/shadow/SliderThumbElement.cpp: * html/shadow/SliderThumbElement.h: * html/shadow/SpinButtonElement.cpp: * html/shadow/SpinButtonElement.h: * html/shadow/TextControlInnerElements.cpp: * html/shadow/TextControlInnerElements.h: * html/shadow/YouTubeEmbedShadowElement.cpp: * html/shadow/YouTubeEmbedShadowElement.h: * html/shadow/mac/ImageControlsButtonElementMac.cpp: * html/shadow/mac/ImageControlsButtonElementMac.h: * html/shadow/mac/ImageControlsRootElementMac.cpp: * html/shadow/mac/ImageControlsRootElementMac.h: * html/track/TextTrackCueGeneric.cpp: * html/track/VTTCue.cpp: * html/track/VTTCue.h: * html/track/WebVTTElement.cpp: * html/track/WebVTTElement.h: * loader/SinkDocument.cpp: * loader/SinkDocument.h: * mathml/MathMLAnnotationElement.cpp: * mathml/MathMLAnnotationElement.h: * mathml/MathMLElement.cpp: * mathml/MathMLElement.h: * mathml/MathMLFractionElement.cpp: * mathml/MathMLFractionElement.h: * mathml/MathMLMathElement.cpp: * mathml/MathMLMathElement.h: * mathml/MathMLMencloseElement.cpp: * mathml/MathMLMencloseElement.h: * mathml/MathMLOperatorElement.cpp: * mathml/MathMLOperatorElement.h: * mathml/MathMLPaddedElement.cpp: * mathml/MathMLPaddedElement.h: * mathml/MathMLPresentationElement.cpp: * mathml/MathMLPresentationElement.h: * mathml/MathMLRootElement.cpp: * mathml/MathMLRootElement.h: * mathml/MathMLRowElement.cpp: * mathml/MathMLRowElement.h: * mathml/MathMLScriptsElement.cpp: * mathml/MathMLScriptsElement.h: * mathml/MathMLSelectElement.cpp: * mathml/MathMLSelectElement.h: * mathml/MathMLSpaceElement.cpp: * mathml/MathMLSpaceElement.h: * mathml/MathMLTokenElement.cpp: * mathml/MathMLTokenElement.h: * mathml/MathMLUnderOverElement.cpp: * mathml/MathMLUnderOverElement.h: * mathml/MathMLUnknownElement.cpp: Added. * mathml/MathMLUnknownElement.h: * svg/SVGAElement.cpp: * svg/SVGAElement.h: * svg/SVGAltGlyphDefElement.cpp: * svg/SVGAltGlyphDefElement.h: * svg/SVGAltGlyphElement.cpp: * svg/SVGAltGlyphElement.h: * svg/SVGAltGlyphItemElement.cpp: * svg/SVGAltGlyphItemElement.h: * svg/SVGAnimateColorElement.cpp: * svg/SVGAnimateColorElement.h: * svg/SVGAnimateElement.cpp: * svg/SVGAnimateElement.h: * svg/SVGAnimateElementBase.cpp: * svg/SVGAnimateElementBase.h: * svg/SVGAnimateMotionElement.cpp: * svg/SVGAnimateMotionElement.h: * svg/SVGAnimateTransformElement.cpp: * svg/SVGAnimateTransformElement.h: * svg/SVGAnimationElement.cpp: * svg/SVGAnimationElement.h: * svg/SVGCircleElement.cpp: * svg/SVGCircleElement.h: * svg/SVGClipPathElement.cpp: * svg/SVGClipPathElement.h: * svg/SVGComponentTransferFunctionElement.cpp: * svg/SVGComponentTransferFunctionElement.h: * svg/SVGCursorElement.cpp: * svg/SVGCursorElement.h: * svg/SVGDefsElement.cpp: * svg/SVGDefsElement.h: * svg/SVGDescElement.cpp: * svg/SVGDescElement.h: * svg/SVGDocument.cpp: * svg/SVGDocument.h: * svg/SVGElement.cpp: * svg/SVGElement.h: * svg/SVGEllipseElement.cpp: * svg/SVGEllipseElement.h: * svg/SVGFEBlendElement.cpp: * svg/SVGFEBlendElement.h: * svg/SVGFEColorMatrixElement.cpp: * svg/SVGFEColorMatrixElement.h: * svg/SVGFEComponentTransferElement.cpp: * svg/SVGFEComponentTransferElement.h: * svg/SVGFECompositeElement.cpp: * svg/SVGFECompositeElement.h: * svg/SVGFEConvolveMatrixElement.cpp: * svg/SVGFEConvolveMatrixElement.h: * svg/SVGFEDiffuseLightingElement.cpp: * svg/SVGFEDiffuseLightingElement.h: * svg/SVGFEDisplacementMapElement.cpp: * svg/SVGFEDisplacementMapElement.h: * svg/SVGFEDropShadowElement.cpp: * svg/SVGFEDropShadowElement.h: * svg/SVGFEFloodElement.cpp: * svg/SVGFEFloodElement.h: * svg/SVGFEGaussianBlurElement.cpp: * svg/SVGFEGaussianBlurElement.h: * svg/SVGFEImageElement.cpp: * svg/SVGFEImageElement.h: * svg/SVGFELightElement.cpp: * svg/SVGFELightElement.h: * svg/SVGFEMergeElement.cpp: * svg/SVGFEMergeElement.h: * svg/SVGFEMergeNodeElement.cpp: * svg/SVGFEMergeNodeElement.h: * svg/SVGFEMorphologyElement.cpp: * svg/SVGFEMorphologyElement.h: * svg/SVGFEOffsetElement.cpp: * svg/SVGFEOffsetElement.h: * svg/SVGFESpecularLightingElement.cpp: * svg/SVGFESpecularLightingElement.h: * svg/SVGFETileElement.cpp: * svg/SVGFETileElement.h: * svg/SVGFETurbulenceElement.cpp: * svg/SVGFETurbulenceElement.h: * svg/SVGFilterElement.cpp: * svg/SVGFilterElement.h: * svg/SVGFilterPrimitiveStandardAttributes.cpp: * svg/SVGFilterPrimitiveStandardAttributes.h: * svg/SVGFontFaceElement.cpp: * svg/SVGFontFaceElement.h: * svg/SVGFontFaceFormatElement.cpp: * svg/SVGFontFaceFormatElement.h: * svg/SVGFontFaceNameElement.cpp: * svg/SVGFontFaceNameElement.h: * svg/SVGFontFaceSrcElement.cpp: * svg/SVGFontFaceSrcElement.h: * svg/SVGFontFaceUriElement.cpp: * svg/SVGFontFaceUriElement.h: * svg/SVGForeignObjectElement.cpp: * svg/SVGForeignObjectElement.h: * svg/SVGGElement.cpp: * svg/SVGGElement.h: * svg/SVGGlyphElement.cpp: * svg/SVGGlyphElement.h: * svg/SVGGlyphRefElement.cpp: * svg/SVGGlyphRefElement.h: * svg/SVGGradientElement.cpp: * svg/SVGGradientElement.h: * svg/SVGGraphicsElement.cpp: * svg/SVGGraphicsElement.h: * svg/SVGHKernElement.cpp: * svg/SVGHKernElement.h: * svg/SVGImageElement.cpp: * svg/SVGImageElement.h: * svg/SVGLineElement.cpp: * svg/SVGLineElement.h: * svg/SVGLinearGradientElement.cpp: * svg/SVGLinearGradientElement.h: * svg/SVGMPathElement.cpp: * svg/SVGMPathElement.h: * svg/SVGMarkerElement.cpp: * svg/SVGMarkerElement.h: * svg/SVGMaskElement.cpp: * svg/SVGMaskElement.h: * svg/SVGMetadataElement.cpp: * svg/SVGMetadataElement.h: * svg/SVGMissingGlyphElement.cpp: * svg/SVGMissingGlyphElement.h: * svg/SVGPathElement.cpp: * svg/SVGPathElement.h: * svg/SVGPatternElement.cpp: * svg/SVGPatternElement.h: * svg/SVGPolyElement.cpp: * svg/SVGPolyElement.h: * svg/SVGPolygonElement.cpp: * svg/SVGPolygonElement.h: * svg/SVGPolylineElement.cpp: * svg/SVGPolylineElement.h: * svg/SVGRadialGradientElement.cpp: * svg/SVGRadialGradientElement.h: * svg/SVGRectElement.cpp: * svg/SVGRectElement.h: * svg/SVGSVGElement.cpp: * svg/SVGSVGElement.h: * svg/SVGScriptElement.cpp: * svg/SVGScriptElement.h: * svg/SVGSetElement.cpp: * svg/SVGSetElement.h: * svg/SVGStopElement.cpp: * svg/SVGStopElement.h: * svg/SVGStyleElement.cpp: * svg/SVGStyleElement.h: * svg/SVGSwitchElement.cpp: * svg/SVGSwitchElement.h: * svg/SVGSymbolElement.cpp: * svg/SVGSymbolElement.h: * svg/SVGTRefElement.cpp: * svg/SVGTRefElement.h: * svg/SVGTSpanElement.cpp: * svg/SVGTSpanElement.h: * svg/SVGTextContentElement.cpp: * svg/SVGTextContentElement.h: * svg/SVGTextElement.cpp: * svg/SVGTextElement.h: * svg/SVGTextPathElement.cpp: * svg/SVGTextPathElement.h: * svg/SVGTextPositioningElement.cpp: * svg/SVGTextPositioningElement.h: * svg/SVGTitleElement.cpp: * svg/SVGTitleElement.h: * svg/SVGUnknownElement.cpp: Added. * svg/SVGUnknownElement.h: * svg/SVGUseElement.cpp: * svg/SVGUseElement.h: * svg/SVGVKernElement.cpp: * svg/SVGVKernElement.h: * svg/SVGViewElement.cpp: * svg/SVGViewElement.h: * svg/animation/SVGSMILElement.cpp: * svg/animation/SVGSMILElement.h: Canonical link: https://commits.webkit.org/199361@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@229694 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2018-03-17 06:11:00 +00:00
/*
* Copyright (C) 2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "config.h"
#include "XMLDocument.h"
#include <wtf/IsoMallocInlines.h>
namespace WebCore {
WTF_MAKE_ISO_ALLOCATED_IMPL(XMLDocument);
} // namespace WebCore