nephele
/
haikuwebkit
1
0
Fork 0
Code Issues Releases Activity
haikuwebkit/Source/WebCore/mathml/MathMLUnknownElement.cpp

40 lines
1.5 KiB
C++
Raw Permalink Normal View History

Put the DOM in IsoHeaps https://bugs.webkit.org/show_bug.cgi?id=183546 Source/bmalloc: Reviewed by Simon Fraser. Make it easy to runtime-disable IsoHeaps. * bmalloc/Allocator.h: * bmalloc/IsoTLS.cpp: (bmalloc::IsoTLS::determineMallocFallbackState): * bmalloc/IsoTLS.h: * bmalloc/IsoTLSInlines.h: (bmalloc::IsoTLS::allocateSlow): (bmalloc::IsoTLS::deallocateSlow): Source/WebCore: Reviewed by Daniel Bates. No new tests because no change in behavior. This puts all descendants of WebCore::Node in isoheaps, so that UAFs on the DOM cannot be used for RCE attacks. This probably also makes it harder to use UAFs for UXSS, since it means that DOM UAFs cannot be used for universal read gadgets. This looks neutral on Speedometer and membuster, though I did have one round of testing that led me to believe that membuster was regressed - I just wasn't able to reproduce that result on subsequent testing. * Sources.txt: * WebCore.xcodeproj/project.pbxproj: * dom/Attr.cpp: * dom/Attr.h: * dom/CDATASection.cpp: * dom/CDATASection.h: * dom/CharacterData.cpp: * dom/CharacterData.h: * dom/Comment.cpp: * dom/Comment.h: * dom/ContainerNode.cpp: * dom/ContainerNode.h: * dom/Document.cpp: * dom/Document.h: * dom/DocumentFragment.cpp: * dom/DocumentFragment.h: * dom/DocumentType.cpp: * dom/DocumentType.h: * dom/Node.cpp: * dom/Node.h: * dom/ProcessingInstruction.cpp: * dom/ProcessingInstruction.h: * dom/PseudoElement.cpp: * dom/PseudoElement.h: * dom/ShadowRoot.cpp: * dom/ShadowRoot.h: * dom/StyledElement.cpp: * dom/StyledElement.h: * dom/TemplateContentDocumentFragment.cpp: Added. * dom/TemplateContentDocumentFragment.h: * dom/Text.cpp: * dom/Text.h: * dom/XMLDocument.cpp: Added. * dom/XMLDocument.h: * html/FTPDirectoryDocument.cpp: * html/FTPDirectoryDocument.h: * html/FileInputType.cpp: * html/HTMLAnchorElement.cpp: * html/HTMLAnchorElement.h: * html/HTMLAppletElement.cpp: * html/HTMLAppletElement.h: * html/HTMLAreaElement.cpp: * html/HTMLAreaElement.h: * html/HTMLAttachmentElement.cpp: * html/HTMLAttachmentElement.h: * html/HTMLBDIElement.cpp: Added. * html/HTMLBDIElement.h: * html/HTMLBRElement.cpp: * html/HTMLBRElement.h: * html/HTMLBaseElement.cpp: * html/HTMLBaseElement.h: * html/HTMLBodyElement.cpp: * html/HTMLBodyElement.h: * html/HTMLButtonElement.cpp: * html/HTMLButtonElement.h: * html/HTMLCanvasElement.cpp: * html/HTMLCanvasElement.h: * html/HTMLDListElement.cpp: * html/HTMLDListElement.h: * html/HTMLDataElement.cpp: * html/HTMLDataElement.h: * html/HTMLDataListElement.cpp: * html/HTMLDataListElement.h: * html/HTMLDetailsElement.cpp: * html/HTMLDetailsElement.h: * html/HTMLDirectoryElement.cpp: * html/HTMLDirectoryElement.h: * html/HTMLDivElement.cpp: * html/HTMLDivElement.h: * html/HTMLDocument.cpp: * html/HTMLDocument.h: * html/HTMLElement.cpp: * html/HTMLElement.h: * html/HTMLEmbedElement.cpp: * html/HTMLEmbedElement.h: * html/HTMLFieldSetElement.cpp: * html/HTMLFieldSetElement.h: * html/HTMLFontElement.cpp: * html/HTMLFontElement.h: * html/HTMLFormControlElement.cpp: * html/HTMLFormControlElement.h: * html/HTMLFormControlElementWithState.cpp: * html/HTMLFormControlElementWithState.h: * html/HTMLFormElement.cpp: * html/HTMLFormElement.h: * html/HTMLFrameElement.cpp: * html/HTMLFrameElement.h: * html/HTMLFrameElementBase.cpp: * html/HTMLFrameElementBase.h: * html/HTMLFrameOwnerElement.cpp: * html/HTMLFrameOwnerElement.h: * html/HTMLFrameSetElement.cpp: * html/HTMLFrameSetElement.h: * html/HTMLHRElement.cpp: * html/HTMLHRElement.h: * html/HTMLHeadElement.cpp: * html/HTMLHeadElement.h: * html/HTMLHeadingElement.cpp: * html/HTMLHeadingElement.h: * html/HTMLHtmlElement.cpp: * html/HTMLHtmlElement.h: * html/HTMLIFrameElement.cpp: * html/HTMLIFrameElement.h: * html/HTMLImageElement.cpp: * html/HTMLImageElement.h: * html/HTMLInputElement.cpp: * html/HTMLInputElement.h: * html/HTMLKeygenElement.cpp: * html/HTMLKeygenElement.h: * html/HTMLLIElement.cpp: * html/HTMLLIElement.h: * html/HTMLLabelElement.cpp: * html/HTMLLabelElement.h: * html/HTMLLegendElement.cpp: * html/HTMLLegendElement.h: * html/HTMLLinkElement.cpp: * html/HTMLLinkElement.h: * html/HTMLMapElement.cpp: * html/HTMLMapElement.h: * html/HTMLMarqueeElement.cpp: * html/HTMLMarqueeElement.h: * html/HTMLMenuElement.cpp: * html/HTMLMenuElement.h: * html/HTMLMenuItemElement.cpp: * html/HTMLMenuItemElement.h: * html/HTMLMetaElement.cpp: * html/HTMLMetaElement.h: * html/HTMLMeterElement.cpp: * html/HTMLMeterElement.h: * html/HTMLModElement.cpp: * html/HTMLModElement.h: * html/HTMLOListElement.cpp: * html/HTMLOListElement.h: * html/HTMLObjectElement.cpp: * html/HTMLObjectElement.h: * html/HTMLOptGroupElement.cpp: * html/HTMLOptGroupElement.h: * html/HTMLOptionElement.cpp: * html/HTMLOptionElement.h: * html/HTMLOutputElement.cpp: * html/HTMLOutputElement.h: * html/HTMLParagraphElement.cpp: * html/HTMLParagraphElement.h: * html/HTMLParamElement.cpp: * html/HTMLParamElement.h: * html/HTMLPictureElement.cpp: * html/HTMLPictureElement.h: * html/HTMLPlugInElement.cpp: * html/HTMLPlugInElement.h: * html/HTMLPlugInImageElement.cpp: * html/HTMLPlugInImageElement.h: * html/HTMLPreElement.cpp: * html/HTMLPreElement.h: * html/HTMLProgressElement.cpp: * html/HTMLProgressElement.h: * html/HTMLQuoteElement.cpp: * html/HTMLQuoteElement.h: * html/HTMLScriptElement.cpp: * html/HTMLScriptElement.h: * html/HTMLSelectElement.cpp: * html/HTMLSelectElement.h: * html/HTMLSlotElement.cpp: * html/HTMLSlotElement.h: * html/HTMLSourceElement.cpp: * html/HTMLSourceElement.h: * html/HTMLSpanElement.cpp: * html/HTMLSpanElement.h: * html/HTMLStyleElement.cpp: * html/HTMLStyleElement.h: * html/HTMLSummaryElement.cpp: * html/HTMLSummaryElement.h: * html/HTMLTableCaptionElement.cpp: * html/HTMLTableCaptionElement.h: * html/HTMLTableCellElement.cpp: * html/HTMLTableCellElement.h: * html/HTMLTableColElement.cpp: * html/HTMLTableColElement.h: * html/HTMLTableElement.cpp: * html/HTMLTableElement.h: * html/HTMLTablePartElement.cpp: * html/HTMLTablePartElement.h: * html/HTMLTableRowElement.cpp: * html/HTMLTableRowElement.h: * html/HTMLTableSectionElement.cpp: * html/HTMLTableSectionElement.h: * html/HTMLTemplateElement.cpp: * html/HTMLTemplateElement.h: * html/HTMLTextAreaElement.cpp: * html/HTMLTextAreaElement.h: * html/HTMLTextFormControlElement.cpp: * html/HTMLTextFormControlElement.h: * html/HTMLTimeElement.cpp: * html/HTMLTimeElement.h: * html/HTMLTitleElement.cpp: * html/HTMLTitleElement.h: * html/HTMLTrackElement.cpp: * html/HTMLTrackElement.h: * html/HTMLUListElement.cpp: * html/HTMLUListElement.h: * html/HTMLUnknownElement.cpp: Added. * html/HTMLUnknownElement.h: * html/HTMLWBRElement.cpp: * html/HTMLWBRElement.h: * html/ImageDocument.cpp: * html/ImageDocument.h: * html/LabelableElement.cpp: * html/LabelableElement.h: * html/MediaController.cpp: (MediaController::create): Deleted. (MediaController::MediaController): Deleted. (MediaController::addMediaElement): Deleted. (MediaController::removeMediaElement): Deleted. (MediaController::containsMediaElement const): Deleted. (MediaController::buffered const): Deleted. (MediaController::seekable const): Deleted. (MediaController::played): Deleted. (MediaController::duration const): Deleted. (MediaController::currentTime const): Deleted. (MediaController::setCurrentTime): Deleted. (MediaController::unpause): Deleted. (MediaController::play): Deleted. (MediaController::pause): Deleted. (MediaController::setDefaultPlaybackRate): Deleted. (MediaController::playbackRate const): Deleted. (MediaController::setPlaybackRate): Deleted. (MediaController::setVolume): Deleted. (MediaController::setMuted): Deleted. (playbackStateWaiting): Deleted. (playbackStatePlaying): Deleted. (playbackStateEnded): Deleted. (MediaController::playbackState const): Deleted. (MediaController::reportControllerState): Deleted. (eventNameForReadyState): Deleted. (MediaController::updateReadyState): Deleted. (MediaController::updatePlaybackState): Deleted. (MediaController::updateMediaElements): Deleted. (MediaController::bringElementUpToSpeed): Deleted. (MediaController::isBlocked const): Deleted. (MediaController::hasEnded const): Deleted. (MediaController::scheduleEvent): Deleted. (MediaController::asyncEventTimerFired): Deleted. (MediaController::clearPositionTimerFired): Deleted. (MediaController::hasAudio const): Deleted. (MediaController::hasVideo const): Deleted. (MediaController::hasClosedCaptions const): Deleted. (MediaController::setClosedCaptionsVisible): Deleted. (MediaController::supportsScanning const): Deleted. (MediaController::beginScrubbing): Deleted. (MediaController::endScrubbing): Deleted. (MediaController::beginScanning): Deleted. (MediaController::endScanning): Deleted. (MediaController::canPlay const): Deleted. (MediaController::isLiveStream const): Deleted. (MediaController::hasCurrentSrc const): Deleted. (MediaController::returnToRealtime): Deleted. (MediaController::startTimeupdateTimer): Deleted. (MediaController::scheduleTimeupdateEvent): Deleted. * html/MediaDocument.cpp: * html/MediaDocument.h: * html/PluginDocument.cpp: * html/PluginDocument.h: * html/RubyElement.cpp: * html/RubyElement.h: * html/RubyTextElement.cpp: * html/RubyTextElement.h: * html/TextDocument.cpp: * html/TextDocument.h: * html/shadow/AutoFillButtonElement.cpp: * html/shadow/AutoFillButtonElement.h: * html/shadow/DetailsMarkerControl.cpp: * html/shadow/DetailsMarkerControl.h: * html/shadow/ImageControlsRootElement.cpp: * html/shadow/ImageControlsRootElement.h: * html/shadow/MediaControlElementTypes.cpp: * html/shadow/MediaControlElementTypes.h: * html/shadow/MediaControlElements.cpp: * html/shadow/MediaControlElements.h: * html/shadow/MediaControls.cpp: * html/shadow/MediaControls.h: * html/shadow/ProgressShadowElement.cpp: * html/shadow/ProgressShadowElement.h: * html/shadow/SliderThumbElement.cpp: * html/shadow/SliderThumbElement.h: * html/shadow/SpinButtonElement.cpp: * html/shadow/SpinButtonElement.h: * html/shadow/TextControlInnerElements.cpp: * html/shadow/TextControlInnerElements.h: * html/shadow/YouTubeEmbedShadowElement.cpp: * html/shadow/YouTubeEmbedShadowElement.h: * html/shadow/mac/ImageControlsButtonElementMac.cpp: * html/shadow/mac/ImageControlsButtonElementMac.h: * html/shadow/mac/ImageControlsRootElementMac.cpp: * html/shadow/mac/ImageControlsRootElementMac.h: * html/track/TextTrackCueGeneric.cpp: * html/track/VTTCue.cpp: * html/track/VTTCue.h: * html/track/WebVTTElement.cpp: * html/track/WebVTTElement.h: * loader/SinkDocument.cpp: * loader/SinkDocument.h: * mathml/MathMLAnnotationElement.cpp: * mathml/MathMLAnnotationElement.h: * mathml/MathMLElement.cpp: * mathml/MathMLElement.h: * mathml/MathMLFractionElement.cpp: * mathml/MathMLFractionElement.h: * mathml/MathMLMathElement.cpp: * mathml/MathMLMathElement.h: * mathml/MathMLMencloseElement.cpp: * mathml/MathMLMencloseElement.h: * mathml/MathMLOperatorElement.cpp: * mathml/MathMLOperatorElement.h: * mathml/MathMLPaddedElement.cpp: * mathml/MathMLPaddedElement.h: * mathml/MathMLPresentationElement.cpp: * mathml/MathMLPresentationElement.h: * mathml/MathMLRootElement.cpp: * mathml/MathMLRootElement.h: * mathml/MathMLRowElement.cpp: * mathml/MathMLRowElement.h: * mathml/MathMLScriptsElement.cpp: * mathml/MathMLScriptsElement.h: * mathml/MathMLSelectElement.cpp: * mathml/MathMLSelectElement.h: * mathml/MathMLSpaceElement.cpp: * mathml/MathMLSpaceElement.h: * mathml/MathMLTokenElement.cpp: * mathml/MathMLTokenElement.h: * mathml/MathMLUnderOverElement.cpp: * mathml/MathMLUnderOverElement.h: * mathml/MathMLUnknownElement.cpp: Added. * mathml/MathMLUnknownElement.h: * svg/SVGAElement.cpp: * svg/SVGAElement.h: * svg/SVGAltGlyphDefElement.cpp: * svg/SVGAltGlyphDefElement.h: * svg/SVGAltGlyphElement.cpp: * svg/SVGAltGlyphElement.h: * svg/SVGAltGlyphItemElement.cpp: * svg/SVGAltGlyphItemElement.h: * svg/SVGAnimateColorElement.cpp: * svg/SVGAnimateColorElement.h: * svg/SVGAnimateElement.cpp: * svg/SVGAnimateElement.h: * svg/SVGAnimateElementBase.cpp: * svg/SVGAnimateElementBase.h: * svg/SVGAnimateMotionElement.cpp: * svg/SVGAnimateMotionElement.h: * svg/SVGAnimateTransformElement.cpp: * svg/SVGAnimateTransformElement.h: * svg/SVGAnimationElement.cpp: * svg/SVGAnimationElement.h: * svg/SVGCircleElement.cpp: * svg/SVGCircleElement.h: * svg/SVGClipPathElement.cpp: * svg/SVGClipPathElement.h: * svg/SVGComponentTransferFunctionElement.cpp: * svg/SVGComponentTransferFunctionElement.h: * svg/SVGCursorElement.cpp: * svg/SVGCursorElement.h: * svg/SVGDefsElement.cpp: * svg/SVGDefsElement.h: * svg/SVGDescElement.cpp: * svg/SVGDescElement.h: * svg/SVGDocument.cpp: * svg/SVGDocument.h: * svg/SVGElement.cpp: * svg/SVGElement.h: * svg/SVGEllipseElement.cpp: * svg/SVGEllipseElement.h: * svg/SVGFEBlendElement.cpp: * svg/SVGFEBlendElement.h: * svg/SVGFEColorMatrixElement.cpp: * svg/SVGFEColorMatrixElement.h: * svg/SVGFEComponentTransferElement.cpp: * svg/SVGFEComponentTransferElement.h: * svg/SVGFECompositeElement.cpp: * svg/SVGFECompositeElement.h: * svg/SVGFEConvolveMatrixElement.cpp: * svg/SVGFEConvolveMatrixElement.h: * svg/SVGFEDiffuseLightingElement.cpp: * svg/SVGFEDiffuseLightingElement.h: * svg/SVGFEDisplacementMapElement.cpp: * svg/SVGFEDisplacementMapElement.h: * svg/SVGFEDropShadowElement.cpp: * svg/SVGFEDropShadowElement.h: * svg/SVGFEFloodElement.cpp: * svg/SVGFEFloodElement.h: * svg/SVGFEGaussianBlurElement.cpp: * svg/SVGFEGaussianBlurElement.h: * svg/SVGFEImageElement.cpp: * svg/SVGFEImageElement.h: * svg/SVGFELightElement.cpp: * svg/SVGFELightElement.h: * svg/SVGFEMergeElement.cpp: * svg/SVGFEMergeElement.h: * svg/SVGFEMergeNodeElement.cpp: * svg/SVGFEMergeNodeElement.h: * svg/SVGFEMorphologyElement.cpp: * svg/SVGFEMorphologyElement.h: * svg/SVGFEOffsetElement.cpp: * svg/SVGFEOffsetElement.h: * svg/SVGFESpecularLightingElement.cpp: * svg/SVGFESpecularLightingElement.h: * svg/SVGFETileElement.cpp: * svg/SVGFETileElement.h: * svg/SVGFETurbulenceElement.cpp: * svg/SVGFETurbulenceElement.h: * svg/SVGFilterElement.cpp: * svg/SVGFilterElement.h: * svg/SVGFilterPrimitiveStandardAttributes.cpp: * svg/SVGFilterPrimitiveStandardAttributes.h: * svg/SVGFontFaceElement.cpp: * svg/SVGFontFaceElement.h: * svg/SVGFontFaceFormatElement.cpp: * svg/SVGFontFaceFormatElement.h: * svg/SVGFontFaceNameElement.cpp: * svg/SVGFontFaceNameElement.h: * svg/SVGFontFaceSrcElement.cpp: * svg/SVGFontFaceSrcElement.h: * svg/SVGFontFaceUriElement.cpp: * svg/SVGFontFaceUriElement.h: * svg/SVGForeignObjectElement.cpp: * svg/SVGForeignObjectElement.h: * svg/SVGGElement.cpp: * svg/SVGGElement.h: * svg/SVGGlyphElement.cpp: * svg/SVGGlyphElement.h: * svg/SVGGlyphRefElement.cpp: * svg/SVGGlyphRefElement.h: * svg/SVGGradientElement.cpp: * svg/SVGGradientElement.h: * svg/SVGGraphicsElement.cpp: * svg/SVGGraphicsElement.h: * svg/SVGHKernElement.cpp: * svg/SVGHKernElement.h: * svg/SVGImageElement.cpp: * svg/SVGImageElement.h: * svg/SVGLineElement.cpp: * svg/SVGLineElement.h: * svg/SVGLinearGradientElement.cpp: * svg/SVGLinearGradientElement.h: * svg/SVGMPathElement.cpp: * svg/SVGMPathElement.h: * svg/SVGMarkerElement.cpp: * svg/SVGMarkerElement.h: * svg/SVGMaskElement.cpp: * svg/SVGMaskElement.h: * svg/SVGMetadataElement.cpp: * svg/SVGMetadataElement.h: * svg/SVGMissingGlyphElement.cpp: * svg/SVGMissingGlyphElement.h: * svg/SVGPathElement.cpp: * svg/SVGPathElement.h: * svg/SVGPatternElement.cpp: * svg/SVGPatternElement.h: * svg/SVGPolyElement.cpp: * svg/SVGPolyElement.h: * svg/SVGPolygonElement.cpp: * svg/SVGPolygonElement.h: * svg/SVGPolylineElement.cpp: * svg/SVGPolylineElement.h: * svg/SVGRadialGradientElement.cpp: * svg/SVGRadialGradientElement.h: * svg/SVGRectElement.cpp: * svg/SVGRectElement.h: * svg/SVGSVGElement.cpp: * svg/SVGSVGElement.h: * svg/SVGScriptElement.cpp: * svg/SVGScriptElement.h: * svg/SVGSetElement.cpp: * svg/SVGSetElement.h: * svg/SVGStopElement.cpp: * svg/SVGStopElement.h: * svg/SVGStyleElement.cpp: * svg/SVGStyleElement.h: * svg/SVGSwitchElement.cpp: * svg/SVGSwitchElement.h: * svg/SVGSymbolElement.cpp: * svg/SVGSymbolElement.h: * svg/SVGTRefElement.cpp: * svg/SVGTRefElement.h: * svg/SVGTSpanElement.cpp: * svg/SVGTSpanElement.h: * svg/SVGTextContentElement.cpp: * svg/SVGTextContentElement.h: * svg/SVGTextElement.cpp: * svg/SVGTextElement.h: * svg/SVGTextPathElement.cpp: * svg/SVGTextPathElement.h: * svg/SVGTextPositioningElement.cpp: * svg/SVGTextPositioningElement.h: * svg/SVGTitleElement.cpp: * svg/SVGTitleElement.h: * svg/SVGUnknownElement.cpp: Added. * svg/SVGUnknownElement.h: * svg/SVGUseElement.cpp: * svg/SVGUseElement.h: * svg/SVGVKernElement.cpp: * svg/SVGVKernElement.h: * svg/SVGViewElement.cpp: * svg/SVGViewElement.h: * svg/animation/SVGSMILElement.cpp: * svg/animation/SVGSMILElement.h: Canonical link: https://commits.webkit.org/199361@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@229694 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2018-03-17 06:11:00 +00:00
/*
* Copyright (C) 2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "config.h"
#include "MathMLUnknownElement.h"
Fix build without MathML https://bugs.webkit.org/show_bug.cgi?id=185865 Patch by Olivier Blin <olivier.blin@softathome.com> on 2018-05-22 Reviewed by Frédéric Wang. Regression(r226654): [RenderTreeBuilder] Move MathML addChild logic to RenderTreeBuilder https://bugs.webkit.org/show_bug.cgi?id=181443 Regression(r229694): Put the DOM in IsoHeaps https://bugs.webkit.org/show_bug.cgi?id=183546 No new tests, build fix. * mathml/MathMLUnknownElement.cpp: * mathml/MathMLUnknownElement.h: * rendering/updating/RenderTreeBuilder.cpp: (WebCore::RenderTreeBuilder::RenderTreeBuilder): (WebCore::RenderTreeBuilder::attach): * rendering/updating/RenderTreeBuilder.h: * rendering/updating/RenderTreeBuilderMathML.cpp: * rendering/updating/RenderTreeBuilderMathML.h: Canonical link: https://commits.webkit.org/201315@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@232064 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2018-05-22 14:46:42 +00:00
#if ENABLE(MATHML)
Put the DOM in IsoHeaps https://bugs.webkit.org/show_bug.cgi?id=183546 Source/bmalloc: Reviewed by Simon Fraser. Make it easy to runtime-disable IsoHeaps. * bmalloc/Allocator.h: * bmalloc/IsoTLS.cpp: (bmalloc::IsoTLS::determineMallocFallbackState): * bmalloc/IsoTLS.h: * bmalloc/IsoTLSInlines.h: (bmalloc::IsoTLS::allocateSlow): (bmalloc::IsoTLS::deallocateSlow): Source/WebCore: Reviewed by Daniel Bates. No new tests because no change in behavior. This puts all descendants of WebCore::Node in isoheaps, so that UAFs on the DOM cannot be used for RCE attacks. This probably also makes it harder to use UAFs for UXSS, since it means that DOM UAFs cannot be used for universal read gadgets. This looks neutral on Speedometer and membuster, though I did have one round of testing that led me to believe that membuster was regressed - I just wasn't able to reproduce that result on subsequent testing. * Sources.txt: * WebCore.xcodeproj/project.pbxproj: * dom/Attr.cpp: * dom/Attr.h: * dom/CDATASection.cpp: * dom/CDATASection.h: * dom/CharacterData.cpp: * dom/CharacterData.h: * dom/Comment.cpp: * dom/Comment.h: * dom/ContainerNode.cpp: * dom/ContainerNode.h: * dom/Document.cpp: * dom/Document.h: * dom/DocumentFragment.cpp: * dom/DocumentFragment.h: * dom/DocumentType.cpp: * dom/DocumentType.h: * dom/Node.cpp: * dom/Node.h: * dom/ProcessingInstruction.cpp: * dom/ProcessingInstruction.h: * dom/PseudoElement.cpp: * dom/PseudoElement.h: * dom/ShadowRoot.cpp: * dom/ShadowRoot.h: * dom/StyledElement.cpp: * dom/StyledElement.h: * dom/TemplateContentDocumentFragment.cpp: Added. * dom/TemplateContentDocumentFragment.h: * dom/Text.cpp: * dom/Text.h: * dom/XMLDocument.cpp: Added. * dom/XMLDocument.h: * html/FTPDirectoryDocument.cpp: * html/FTPDirectoryDocument.h: * html/FileInputType.cpp: * html/HTMLAnchorElement.cpp: * html/HTMLAnchorElement.h: * html/HTMLAppletElement.cpp: * html/HTMLAppletElement.h: * html/HTMLAreaElement.cpp: * html/HTMLAreaElement.h: * html/HTMLAttachmentElement.cpp: * html/HTMLAttachmentElement.h: * html/HTMLBDIElement.cpp: Added. * html/HTMLBDIElement.h: * html/HTMLBRElement.cpp: * html/HTMLBRElement.h: * html/HTMLBaseElement.cpp: * html/HTMLBaseElement.h: * html/HTMLBodyElement.cpp: * html/HTMLBodyElement.h: * html/HTMLButtonElement.cpp: * html/HTMLButtonElement.h: * html/HTMLCanvasElement.cpp: * html/HTMLCanvasElement.h: * html/HTMLDListElement.cpp: * html/HTMLDListElement.h: * html/HTMLDataElement.cpp: * html/HTMLDataElement.h: * html/HTMLDataListElement.cpp: * html/HTMLDataListElement.h: * html/HTMLDetailsElement.cpp: * html/HTMLDetailsElement.h: * html/HTMLDirectoryElement.cpp: * html/HTMLDirectoryElement.h: * html/HTMLDivElement.cpp: * html/HTMLDivElement.h: * html/HTMLDocument.cpp: * html/HTMLDocument.h: * html/HTMLElement.cpp: * html/HTMLElement.h: * html/HTMLEmbedElement.cpp: * html/HTMLEmbedElement.h: * html/HTMLFieldSetElement.cpp: * html/HTMLFieldSetElement.h: * html/HTMLFontElement.cpp: * html/HTMLFontElement.h: * html/HTMLFormControlElement.cpp: * html/HTMLFormControlElement.h: * html/HTMLFormControlElementWithState.cpp: * html/HTMLFormControlElementWithState.h: * html/HTMLFormElement.cpp: * html/HTMLFormElement.h: * html/HTMLFrameElement.cpp: * html/HTMLFrameElement.h: * html/HTMLFrameElementBase.cpp: * html/HTMLFrameElementBase.h: * html/HTMLFrameOwnerElement.cpp: * html/HTMLFrameOwnerElement.h: * html/HTMLFrameSetElement.cpp: * html/HTMLFrameSetElement.h: * html/HTMLHRElement.cpp: * html/HTMLHRElement.h: * html/HTMLHeadElement.cpp: * html/HTMLHeadElement.h: * html/HTMLHeadingElement.cpp: * html/HTMLHeadingElement.h: * html/HTMLHtmlElement.cpp: * html/HTMLHtmlElement.h: * html/HTMLIFrameElement.cpp: * html/HTMLIFrameElement.h: * html/HTMLImageElement.cpp: * html/HTMLImageElement.h: * html/HTMLInputElement.cpp: * html/HTMLInputElement.h: * html/HTMLKeygenElement.cpp: * html/HTMLKeygenElement.h: * html/HTMLLIElement.cpp: * html/HTMLLIElement.h: * html/HTMLLabelElement.cpp: * html/HTMLLabelElement.h: * html/HTMLLegendElement.cpp: * html/HTMLLegendElement.h: * html/HTMLLinkElement.cpp: * html/HTMLLinkElement.h: * html/HTMLMapElement.cpp: * html/HTMLMapElement.h: * html/HTMLMarqueeElement.cpp: * html/HTMLMarqueeElement.h: * html/HTMLMenuElement.cpp: * html/HTMLMenuElement.h: * html/HTMLMenuItemElement.cpp: * html/HTMLMenuItemElement.h: * html/HTMLMetaElement.cpp: * html/HTMLMetaElement.h: * html/HTMLMeterElement.cpp: * html/HTMLMeterElement.h: * html/HTMLModElement.cpp: * html/HTMLModElement.h: * html/HTMLOListElement.cpp: * html/HTMLOListElement.h: * html/HTMLObjectElement.cpp: * html/HTMLObjectElement.h: * html/HTMLOptGroupElement.cpp: * html/HTMLOptGroupElement.h: * html/HTMLOptionElement.cpp: * html/HTMLOptionElement.h: * html/HTMLOutputElement.cpp: * html/HTMLOutputElement.h: * html/HTMLParagraphElement.cpp: * html/HTMLParagraphElement.h: * html/HTMLParamElement.cpp: * html/HTMLParamElement.h: * html/HTMLPictureElement.cpp: * html/HTMLPictureElement.h: * html/HTMLPlugInElement.cpp: * html/HTMLPlugInElement.h: * html/HTMLPlugInImageElement.cpp: * html/HTMLPlugInImageElement.h: * html/HTMLPreElement.cpp: * html/HTMLPreElement.h: * html/HTMLProgressElement.cpp: * html/HTMLProgressElement.h: * html/HTMLQuoteElement.cpp: * html/HTMLQuoteElement.h: * html/HTMLScriptElement.cpp: * html/HTMLScriptElement.h: * html/HTMLSelectElement.cpp: * html/HTMLSelectElement.h: * html/HTMLSlotElement.cpp: * html/HTMLSlotElement.h: * html/HTMLSourceElement.cpp: * html/HTMLSourceElement.h: * html/HTMLSpanElement.cpp: * html/HTMLSpanElement.h: * html/HTMLStyleElement.cpp: * html/HTMLStyleElement.h: * html/HTMLSummaryElement.cpp: * html/HTMLSummaryElement.h: * html/HTMLTableCaptionElement.cpp: * html/HTMLTableCaptionElement.h: * html/HTMLTableCellElement.cpp: * html/HTMLTableCellElement.h: * html/HTMLTableColElement.cpp: * html/HTMLTableColElement.h: * html/HTMLTableElement.cpp: * html/HTMLTableElement.h: * html/HTMLTablePartElement.cpp: * html/HTMLTablePartElement.h: * html/HTMLTableRowElement.cpp: * html/HTMLTableRowElement.h: * html/HTMLTableSectionElement.cpp: * html/HTMLTableSectionElement.h: * html/HTMLTemplateElement.cpp: * html/HTMLTemplateElement.h: * html/HTMLTextAreaElement.cpp: * html/HTMLTextAreaElement.h: * html/HTMLTextFormControlElement.cpp: * html/HTMLTextFormControlElement.h: * html/HTMLTimeElement.cpp: * html/HTMLTimeElement.h: * html/HTMLTitleElement.cpp: * html/HTMLTitleElement.h: * html/HTMLTrackElement.cpp: * html/HTMLTrackElement.h: * html/HTMLUListElement.cpp: * html/HTMLUListElement.h: * html/HTMLUnknownElement.cpp: Added. * html/HTMLUnknownElement.h: * html/HTMLWBRElement.cpp: * html/HTMLWBRElement.h: * html/ImageDocument.cpp: * html/ImageDocument.h: * html/LabelableElement.cpp: * html/LabelableElement.h: * html/MediaController.cpp: (MediaController::create): Deleted. (MediaController::MediaController): Deleted. (MediaController::addMediaElement): Deleted. (MediaController::removeMediaElement): Deleted. (MediaController::containsMediaElement const): Deleted. (MediaController::buffered const): Deleted. (MediaController::seekable const): Deleted. (MediaController::played): Deleted. (MediaController::duration const): Deleted. (MediaController::currentTime const): Deleted. (MediaController::setCurrentTime): Deleted. (MediaController::unpause): Deleted. (MediaController::play): Deleted. (MediaController::pause): Deleted. (MediaController::setDefaultPlaybackRate): Deleted. (MediaController::playbackRate const): Deleted. (MediaController::setPlaybackRate): Deleted. (MediaController::setVolume): Deleted. (MediaController::setMuted): Deleted. (playbackStateWaiting): Deleted. (playbackStatePlaying): Deleted. (playbackStateEnded): Deleted. (MediaController::playbackState const): Deleted. (MediaController::reportControllerState): Deleted. (eventNameForReadyState): Deleted. (MediaController::updateReadyState): Deleted. (MediaController::updatePlaybackState): Deleted. (MediaController::updateMediaElements): Deleted. (MediaController::bringElementUpToSpeed): Deleted. (MediaController::isBlocked const): Deleted. (MediaController::hasEnded const): Deleted. (MediaController::scheduleEvent): Deleted. (MediaController::asyncEventTimerFired): Deleted. (MediaController::clearPositionTimerFired): Deleted. (MediaController::hasAudio const): Deleted. (MediaController::hasVideo const): Deleted. (MediaController::hasClosedCaptions const): Deleted. (MediaController::setClosedCaptionsVisible): Deleted. (MediaController::supportsScanning const): Deleted. (MediaController::beginScrubbing): Deleted. (MediaController::endScrubbing): Deleted. (MediaController::beginScanning): Deleted. (MediaController::endScanning): Deleted. (MediaController::canPlay const): Deleted. (MediaController::isLiveStream const): Deleted. (MediaController::hasCurrentSrc const): Deleted. (MediaController::returnToRealtime): Deleted. (MediaController::startTimeupdateTimer): Deleted. (MediaController::scheduleTimeupdateEvent): Deleted. * html/MediaDocument.cpp: * html/MediaDocument.h: * html/PluginDocument.cpp: * html/PluginDocument.h: * html/RubyElement.cpp: * html/RubyElement.h: * html/RubyTextElement.cpp: * html/RubyTextElement.h: * html/TextDocument.cpp: * html/TextDocument.h: * html/shadow/AutoFillButtonElement.cpp: * html/shadow/AutoFillButtonElement.h: * html/shadow/DetailsMarkerControl.cpp: * html/shadow/DetailsMarkerControl.h: * html/shadow/ImageControlsRootElement.cpp: * html/shadow/ImageControlsRootElement.h: * html/shadow/MediaControlElementTypes.cpp: * html/shadow/MediaControlElementTypes.h: * html/shadow/MediaControlElements.cpp: * html/shadow/MediaControlElements.h: * html/shadow/MediaControls.cpp: * html/shadow/MediaControls.h: * html/shadow/ProgressShadowElement.cpp: * html/shadow/ProgressShadowElement.h: * html/shadow/SliderThumbElement.cpp: * html/shadow/SliderThumbElement.h: * html/shadow/SpinButtonElement.cpp: * html/shadow/SpinButtonElement.h: * html/shadow/TextControlInnerElements.cpp: * html/shadow/TextControlInnerElements.h: * html/shadow/YouTubeEmbedShadowElement.cpp: * html/shadow/YouTubeEmbedShadowElement.h: * html/shadow/mac/ImageControlsButtonElementMac.cpp: * html/shadow/mac/ImageControlsButtonElementMac.h: * html/shadow/mac/ImageControlsRootElementMac.cpp: * html/shadow/mac/ImageControlsRootElementMac.h: * html/track/TextTrackCueGeneric.cpp: * html/track/VTTCue.cpp: * html/track/VTTCue.h: * html/track/WebVTTElement.cpp: * html/track/WebVTTElement.h: * loader/SinkDocument.cpp: * loader/SinkDocument.h: * mathml/MathMLAnnotationElement.cpp: * mathml/MathMLAnnotationElement.h: * mathml/MathMLElement.cpp: * mathml/MathMLElement.h: * mathml/MathMLFractionElement.cpp: * mathml/MathMLFractionElement.h: * mathml/MathMLMathElement.cpp: * mathml/MathMLMathElement.h: * mathml/MathMLMencloseElement.cpp: * mathml/MathMLMencloseElement.h: * mathml/MathMLOperatorElement.cpp: * mathml/MathMLOperatorElement.h: * mathml/MathMLPaddedElement.cpp: * mathml/MathMLPaddedElement.h: * mathml/MathMLPresentationElement.cpp: * mathml/MathMLPresentationElement.h: * mathml/MathMLRootElement.cpp: * mathml/MathMLRootElement.h: * mathml/MathMLRowElement.cpp: * mathml/MathMLRowElement.h: * mathml/MathMLScriptsElement.cpp: * mathml/MathMLScriptsElement.h: * mathml/MathMLSelectElement.cpp: * mathml/MathMLSelectElement.h: * mathml/MathMLSpaceElement.cpp: * mathml/MathMLSpaceElement.h: * mathml/MathMLTokenElement.cpp: * mathml/MathMLTokenElement.h: * mathml/MathMLUnderOverElement.cpp: * mathml/MathMLUnderOverElement.h: * mathml/MathMLUnknownElement.cpp: Added. * mathml/MathMLUnknownElement.h: * svg/SVGAElement.cpp: * svg/SVGAElement.h: * svg/SVGAltGlyphDefElement.cpp: * svg/SVGAltGlyphDefElement.h: * svg/SVGAltGlyphElement.cpp: * svg/SVGAltGlyphElement.h: * svg/SVGAltGlyphItemElement.cpp: * svg/SVGAltGlyphItemElement.h: * svg/SVGAnimateColorElement.cpp: * svg/SVGAnimateColorElement.h: * svg/SVGAnimateElement.cpp: * svg/SVGAnimateElement.h: * svg/SVGAnimateElementBase.cpp: * svg/SVGAnimateElementBase.h: * svg/SVGAnimateMotionElement.cpp: * svg/SVGAnimateMotionElement.h: * svg/SVGAnimateTransformElement.cpp: * svg/SVGAnimateTransformElement.h: * svg/SVGAnimationElement.cpp: * svg/SVGAnimationElement.h: * svg/SVGCircleElement.cpp: * svg/SVGCircleElement.h: * svg/SVGClipPathElement.cpp: * svg/SVGClipPathElement.h: * svg/SVGComponentTransferFunctionElement.cpp: * svg/SVGComponentTransferFunctionElement.h: * svg/SVGCursorElement.cpp: * svg/SVGCursorElement.h: * svg/SVGDefsElement.cpp: * svg/SVGDefsElement.h: * svg/SVGDescElement.cpp: * svg/SVGDescElement.h: * svg/SVGDocument.cpp: * svg/SVGDocument.h: * svg/SVGElement.cpp: * svg/SVGElement.h: * svg/SVGEllipseElement.cpp: * svg/SVGEllipseElement.h: * svg/SVGFEBlendElement.cpp: * svg/SVGFEBlendElement.h: * svg/SVGFEColorMatrixElement.cpp: * svg/SVGFEColorMatrixElement.h: * svg/SVGFEComponentTransferElement.cpp: * svg/SVGFEComponentTransferElement.h: * svg/SVGFECompositeElement.cpp: * svg/SVGFECompositeElement.h: * svg/SVGFEConvolveMatrixElement.cpp: * svg/SVGFEConvolveMatrixElement.h: * svg/SVGFEDiffuseLightingElement.cpp: * svg/SVGFEDiffuseLightingElement.h: * svg/SVGFEDisplacementMapElement.cpp: * svg/SVGFEDisplacementMapElement.h: * svg/SVGFEDropShadowElement.cpp: * svg/SVGFEDropShadowElement.h: * svg/SVGFEFloodElement.cpp: * svg/SVGFEFloodElement.h: * svg/SVGFEGaussianBlurElement.cpp: * svg/SVGFEGaussianBlurElement.h: * svg/SVGFEImageElement.cpp: * svg/SVGFEImageElement.h: * svg/SVGFELightElement.cpp: * svg/SVGFELightElement.h: * svg/SVGFEMergeElement.cpp: * svg/SVGFEMergeElement.h: * svg/SVGFEMergeNodeElement.cpp: * svg/SVGFEMergeNodeElement.h: * svg/SVGFEMorphologyElement.cpp: * svg/SVGFEMorphologyElement.h: * svg/SVGFEOffsetElement.cpp: * svg/SVGFEOffsetElement.h: * svg/SVGFESpecularLightingElement.cpp: * svg/SVGFESpecularLightingElement.h: * svg/SVGFETileElement.cpp: * svg/SVGFETileElement.h: * svg/SVGFETurbulenceElement.cpp: * svg/SVGFETurbulenceElement.h: * svg/SVGFilterElement.cpp: * svg/SVGFilterElement.h: * svg/SVGFilterPrimitiveStandardAttributes.cpp: * svg/SVGFilterPrimitiveStandardAttributes.h: * svg/SVGFontFaceElement.cpp: * svg/SVGFontFaceElement.h: * svg/SVGFontFaceFormatElement.cpp: * svg/SVGFontFaceFormatElement.h: * svg/SVGFontFaceNameElement.cpp: * svg/SVGFontFaceNameElement.h: * svg/SVGFontFaceSrcElement.cpp: * svg/SVGFontFaceSrcElement.h: * svg/SVGFontFaceUriElement.cpp: * svg/SVGFontFaceUriElement.h: * svg/SVGForeignObjectElement.cpp: * svg/SVGForeignObjectElement.h: * svg/SVGGElement.cpp: * svg/SVGGElement.h: * svg/SVGGlyphElement.cpp: * svg/SVGGlyphElement.h: * svg/SVGGlyphRefElement.cpp: * svg/SVGGlyphRefElement.h: * svg/SVGGradientElement.cpp: * svg/SVGGradientElement.h: * svg/SVGGraphicsElement.cpp: * svg/SVGGraphicsElement.h: * svg/SVGHKernElement.cpp: * svg/SVGHKernElement.h: * svg/SVGImageElement.cpp: * svg/SVGImageElement.h: * svg/SVGLineElement.cpp: * svg/SVGLineElement.h: * svg/SVGLinearGradientElement.cpp: * svg/SVGLinearGradientElement.h: * svg/SVGMPathElement.cpp: * svg/SVGMPathElement.h: * svg/SVGMarkerElement.cpp: * svg/SVGMarkerElement.h: * svg/SVGMaskElement.cpp: * svg/SVGMaskElement.h: * svg/SVGMetadataElement.cpp: * svg/SVGMetadataElement.h: * svg/SVGMissingGlyphElement.cpp: * svg/SVGMissingGlyphElement.h: * svg/SVGPathElement.cpp: * svg/SVGPathElement.h: * svg/SVGPatternElement.cpp: * svg/SVGPatternElement.h: * svg/SVGPolyElement.cpp: * svg/SVGPolyElement.h: * svg/SVGPolygonElement.cpp: * svg/SVGPolygonElement.h: * svg/SVGPolylineElement.cpp: * svg/SVGPolylineElement.h: * svg/SVGRadialGradientElement.cpp: * svg/SVGRadialGradientElement.h: * svg/SVGRectElement.cpp: * svg/SVGRectElement.h: * svg/SVGSVGElement.cpp: * svg/SVGSVGElement.h: * svg/SVGScriptElement.cpp: * svg/SVGScriptElement.h: * svg/SVGSetElement.cpp: * svg/SVGSetElement.h: * svg/SVGStopElement.cpp: * svg/SVGStopElement.h: * svg/SVGStyleElement.cpp: * svg/SVGStyleElement.h: * svg/SVGSwitchElement.cpp: * svg/SVGSwitchElement.h: * svg/SVGSymbolElement.cpp: * svg/SVGSymbolElement.h: * svg/SVGTRefElement.cpp: * svg/SVGTRefElement.h: * svg/SVGTSpanElement.cpp: * svg/SVGTSpanElement.h: * svg/SVGTextContentElement.cpp: * svg/SVGTextContentElement.h: * svg/SVGTextElement.cpp: * svg/SVGTextElement.h: * svg/SVGTextPathElement.cpp: * svg/SVGTextPathElement.h: * svg/SVGTextPositioningElement.cpp: * svg/SVGTextPositioningElement.h: * svg/SVGTitleElement.cpp: * svg/SVGTitleElement.h: * svg/SVGUnknownElement.cpp: Added. * svg/SVGUnknownElement.h: * svg/SVGUseElement.cpp: * svg/SVGUseElement.h: * svg/SVGVKernElement.cpp: * svg/SVGVKernElement.h: * svg/SVGViewElement.cpp: * svg/SVGViewElement.h: * svg/animation/SVGSMILElement.cpp: * svg/animation/SVGSMILElement.h: Canonical link: https://commits.webkit.org/199361@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@229694 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2018-03-17 06:11:00 +00:00
#include <wtf/IsoMallocInlines.h>
namespace WebCore {
WTF_MAKE_ISO_ALLOCATED_IMPL(MathMLUnknownElement);
} // namespace WebCore
Fix build without MathML https://bugs.webkit.org/show_bug.cgi?id=185865 Patch by Olivier Blin <olivier.blin@softathome.com> on 2018-05-22 Reviewed by Frédéric Wang. Regression(r226654): [RenderTreeBuilder] Move MathML addChild logic to RenderTreeBuilder https://bugs.webkit.org/show_bug.cgi?id=181443 Regression(r229694): Put the DOM in IsoHeaps https://bugs.webkit.org/show_bug.cgi?id=183546 No new tests, build fix. * mathml/MathMLUnknownElement.cpp: * mathml/MathMLUnknownElement.h: * rendering/updating/RenderTreeBuilder.cpp: (WebCore::RenderTreeBuilder::RenderTreeBuilder): (WebCore::RenderTreeBuilder::attach): * rendering/updating/RenderTreeBuilder.h: * rendering/updating/RenderTreeBuilderMathML.cpp: * rendering/updating/RenderTreeBuilderMathML.h: Canonical link: https://commits.webkit.org/201315@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@232064 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2018-05-22 14:46:42 +00:00
#endif // ENABLE(MATHML)