Print additional message for RELEASE_ASSERT in builds used for fuzzing.

third_party/WebKit/Source/wtf/Assertions.h

 /*
  * Copyright (C) 2003, 2006, 2007 Apple Inc.  All rights reserved.
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
@@ skipping 228 matching lines @@
 #define ENABLE_SECURITY_ASSERT 0
 #endif
 
 // SECURITY_DCHECK and SECURITY_CHECK
 // Use in places where failure of the assertion indicates a possible security
 // vulnerability. Classes of these vulnerabilities include bad casts, out of
 // bounds accesses, use-after-frees, etc. Please be sure to file bugs for these
 // failures using the security template:
 //    https://bugs.chromium.org/p/chromium/issues/entry?template=Security%20Bug
 #if ENABLE_SECURITY_ASSERT
-#define SECURITY_DCHECK(condition) LOG_IF(FATAL, !(condition)) << "Security check failed: " #condition ". "
-// TODO(tkent): Should we make SECURITY_CHECK different from SECURITY_DCHECK?
+#define SECURITY_DCHECK(condition) LOG_IF(FATAL, !(condition)) << "Security DCHECK failed: " #condition ". "

[mmoroz, 2016/08/25 13:44:04]

After the discussion in previous patchset, I propose two different messages for
SECURITY_CHECK and SECURITY_DCHECK.

On CF side we will mark 'Security DCHECK failed' as a security issue, 'Security
CHECK failed' as a not security issue.

RELEASE_ASSERT uses the same message to simplify its deprecation process: CF
shouldn't break if we replace RELEASE_ASSERT()s with SECURITY_CHECK()s.

 // A SECURITY_CHECK failure is actually not vulnerable.
-#define SECURITY_CHECK(condition) SECURITY_DCHECK(condition)
+#define SECURITY_CHECK(condition) LOG_IF(FATAL, !(condition)) << "Security CHECK failed: " #condition ". "
 #else
 #define SECURITY_DCHECK(condition) ((void)0)
 #define SECURITY_CHECK(condition) CHECK(condition)
 #endif
 
 // RELEASE_ASSERT
 // Use in places where failure of an assertion indicates a definite security
 // vulnerability from which execution must not continue even in a release build.
 // Please sure to file bugs for these failures using the security template:
 //    http://code.google.com/p/chromium/issues/entry?template=Security%20Bug
 // RELEASE_ASSERT is deprecated.  We should use CHECK() instead.
 #if ENABLE(ASSERT)
 #define RELEASE_ASSERT(assertion) ASSERT(assertion)
+#elif defined(ADDRESS_SANITIZER)
+#define RELEASE_ASSERT(condition) LOG_IF(FATAL, !(condition)) << "Security CHECK failed: " #condition ". "

[inferno, 2016/08/25 15:03:06]

Why not #define RELEASE_ASSERT(condition) SECURITY_CHECK(condition)

[mmoroz, 2016/08/26 08:10:00]

Oh, yes! Thanks.

 #else
 #define RELEASE_ASSERT(assertion) (UNLIKELY(!(assertion)) ? (IMMEDIATE_CRASH()) : (void)0)
 #endif
 // TODO(tkent): Move this to base/logging.h?
 #define RELEASE_NOTREACHED() LOG(FATAL)
 
 // DEFINE_COMPARISON_OPERATORS_WITH_REFERENCES
 // Allow equality comparisons of Objects by reference or pointer,
 // interchangeably.  This can be only used on types whose equality makes no
 // other sense than pointer equality.
@@ skipping 26 matching lines @@
 } \
 inline const thisType& to##thisType(const argumentType& argumentName) \
 { \
     ASSERT_WITH_SECURITY_IMPLICATION(referencePredicate); \
     return static_cast<const thisType&>(argumentName); \
 } \
 void to##thisType(const thisType*); \
 void to##thisType(const thisType&)
 
 #endif // WTF_Assertions_h