[webkit-changes] [WebKit/WebKit] 81e970: Merge 255330 at main - [WTF] Unsafe String concatenat...

Mon Oct 10 14:21:11 PDT 2022

  Branch: refs/heads/webkitglib/2.38
  Home:   https://github.com/WebKit/WebKit
  Commit: 81e970ef0e3fb2b8ea54c5ff314f477866865f2d
      https://github.com/WebKit/WebKit/commit/81e970ef0e3fb2b8ea54c5ff314f477866865f2d
  Author: Philippe Normand <philn at igalia.com>
  Date:   2022-10-10 (Mon, 10 Oct 2022)

  Changed paths:
    M Source/WTF/wtf/text/StringView.h

  Log Message:
  -----------
  Merge 255330 at main - [WTF] Unsafe String concatenation in optimized clang builds
https://bugs.webkit.org/show_bug.cgi?id=245640

Reviewed by Darin Adler.

Ensure that StringImpl::copyCharacters() is not called with a null string source pointer. The check
done in StringView::getCharactersWithUpconvert() is on allocated memory, so should not have any
negative impact on performance.

* Source/WTF/wtf/text/StringView.h:
(WTF::StringView::getCharactersWithUpconvert const):

Canonical link: https://commits.webkit.org/255330@main

(cherry picked from commit c736ca45a340bc8340871e961dce909ddbb8ecf7)

  Commit: dd05b9d8001b2f25b797f6ee8a8148075bff02d4
      https://github.com/WebKit/WebKit/commit/dd05b9d8001b2f25b797f6ee8a8148075bff02d4
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2022-10-10 (Mon, 10 Oct 2022)

  Changed paths:
    M LayoutTests/editing/execCommand/enabling-and-selection-expected.txt
    M LayoutTests/editing/execCommand/enabling-and-selection.html
    M LayoutTests/fast/forms/plaintext-mode-1-expected.txt
    M LayoutTests/fast/forms/plaintext-mode-1.html
    M Source/WebCore/editing/EditorCommand.cpp

  Log Message:
  -----------
  Merge 255331 at main - InputEvent.inputType is null when triggering Bold/Italic/Underline using execCommand
https://bugs.webkit.org/show_bug.cgi?id=201128

Reviewed by Wenson Hsieh.

The bug was caused by applyCommandToFrame not specifying EditAction for execCommand.
Also fixed the bug that FontName, FontSize, and FontSizeDelta were enabled in plain text context.
Without this fix, we'd hit assertions inside CompositeEditCommand::apply.

* LayoutTests/editing/execCommand/enabling-and-selection-expected.txt:
* LayoutTests/editing/execCommand/enabling-and-selection.html:
* LayoutTests/fast/events/input-events-fomat-bold-expected.txt: Added.
* LayoutTests/fast/events/input-events-fomat-bold.html: Added.
* LayoutTests/fast/forms/plaintext-mode-1-expected.txt:
* LayoutTests/fast/forms/plaintext-mode-1.html:

* Source/WebCore/editing/EditorCommand.cpp:
(WebCore::applyCommandToFrame):
(WebCore::createCommandMap):

Canonical link: https://commits.webkit.org/255331@main

(cherry picked from commit 233ca36592805c45e9eeaf69ebd8a8cea6f79fcd)

  Commit: 402e1045b083649b3af356d82d19dae602adcf77
      https://github.com/WebKit/WebKit/commit/402e1045b083649b3af356d82d19dae602adcf77
  Author: Mikhail R. Gadelha <mikhail at igalia.com>
  Date:   2022-10-10 (Mon, 10 Oct 2022)

  Changed paths:
    A JSTests/stress/hash-deleted-value-cell-32.js
    M Source/JavaScriptCore/heap/HeapUtil.h

  Log Message:
  -----------
  Merge 255332 at main - [JSC][32bit] HashTable's deletedValue conflict with cell payload
https://bugs.webkit.org/show_bug.cgi?id=246179

Reviewed by Darin Adler.

When processing callees in the sampling profiler a cell payload can be
0xFFFFFFFF, which becomes -1 in 32bit systems, causing an assertion to fail in
HashTable::checkKey when it compares the key to its default deletedValue (-1),
but only when JSC is built with asserts enabled.

This patch adds a guard to prevent checking the assertion if the cell is equal
to the deletedValue by checking if the cell is a valid set value. It's only
enabled in 32bit builds when asserts are enabled.

* JSTests/stress/hash-deleted-value-cell-32.js: Added.
(__getProperties):
(__getRandomProperty):
(startSamplingProfiler.__v_45.shouldThrow):
(i.try.__v_45.shouldThrow):
* Source/JavaScriptCore/heap/HeapUtil.h:
(JSC::HeapUtil::isPointerGCObjectJSCell):

Canonical link: https://commits.webkit.org/255332@main

(cherry picked from commit 55fce2d2fa0fc5c39d9f7d198eb3ff91cbd03c3b)

  Commit: 5f0cf9682d8d38d7da5e5e2068bfcce827538f19
      https://github.com/WebKit/WebKit/commit/5f0cf9682d8d38d7da5e5e2068bfcce827538f19
  Author: Angelos Oikonomopoulos <angelos at igalia.com>
  Date:   2022-10-10 (Mon, 10 Oct 2022)

  Changed paths:
    M JSTests/stress/hash-deleted-value-cell-32.js

  Log Message:
  -----------
  Merge 255337 at main - Fix typo in hash-deleted-value-cell-32.js
https://bugs.webkit.org/show_bug.cgi?id=246273

Unreviewed gardening.

* JSTests/stress/hash-deleted-value-cell-32.js:

Canonical link: https://commits.webkit.org/255337@main

(cherry picked from commit 0e0f68d5dad4f994fb8d966ba36a591cdd1e9c39)

  Commit: 24e6963ca57c1531416be30ddc1167565b321c12
      https://github.com/WebKit/WebKit/commit/24e6963ca57c1531416be30ddc1167565b321c12
  Author: Michael Catanzaro <mcatanzaro at redhat.com>
  Date:   2022-10-10 (Mon, 10 Oct 2022)

  Changed paths:
    M Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp
    M Source/WebKit/UIProcess/Launcher/glib/XDGDBusProxy.cpp

  Log Message:
  -----------
  Merge 255325 at main - REGRESSION(254232 at main): Causes process launching to use fork + exec instead of posix_spawn
https://bugs.webkit.org/show_bug.cgi?id=245784

Reviewed by Carlos Garcia Campos.

254232 at main removed use of G_SUBPROCESS_FLAGS_INHERIT_FDS since we
actually do not ever want to inherit fds into our child processes,
except for those that we explicitly pass along using
g_subprocess_launcher_take_fd(). This was a good change since it makes
WebKit more robust to file descriptor leaks, but there is an unfortunate
side effect: it prevents gspawn from using posix_spawn() to launch
subprocesses, so we wind up falling back to fork() and exec() instead. I
had left an insufficient warning comment about this, but it only
mentioned one of the many things that could cause us to fall back to
fork()/exec(). So:

 * Revert 254232 at main
 * Avoid reintroducing bug #221489 by setting CLOEXEC on the client end
   of the IPC socket
 * Improve the warning comments to indicate there is more than one way
   to cause us to fall back to fork()/exec()

* Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp:
(WebKit::connectionOptions):
(WebKit::ProcessLauncher::launchProcess):
* Source/WebKit/UIProcess/Launcher/glib/XDGDBusProxy.cpp:
(WebKit::XDGDBusProxy::launch):

Canonical link: https://commits.webkit.org/255325@main

(cherry picked from commit 9d195cb5d885d32433a7d79547c6a70c16c0959f)

  Commit: 5c0ad8329dbed870d37eb86d6ca5bdfd683e5cba
      https://github.com/WebKit/WebKit/commit/5c0ad8329dbed870d37eb86d6ca5bdfd683e5cba
  Author: Ahmad Saleem <ahmad.saleem792+github at gmail.com>
  Date:   2022-10-10 (Mon, 10 Oct 2022)

  Changed paths:
    A LayoutTests/editing/selection/caret-in-empty-div-with-pseudo-content-expected.txt
    A LayoutTests/editing/selection/caret-in-empty-div-with-pseudo-content.html
    M Source/WebCore/rendering/CaretRectComputation.cpp

  Log Message:
  -----------
  Merge 255333 at main - contentEditable caret is left aligned instead of centered when :before pseudoelement is used

contentEditable caret is left aligned instead of centered when :before pseudoelement is used
https://bugs.webkit.org/show_bug.cgi?id=135914

Reviewed by Alan Bujtas.

Merge - https://chromium.googlesource.com/chromium/src.git/+/e4c0c0a729891099c502c8e330b71acca7041ce3

It is to align Webkit to show caret /cursor respect text align in contenteditable with
pseudo element with Blink and Gecko.

Avoid considering PseudoElement's content as first child
so that caret rect for empty element is calculated.

* Source/WebCore/rendering/CaretRectComputation.cpp:
(CaretRectComputation::computeCaretRectForEmptyElement): Update Assert
(CaretRectComputation::computeCaretRectForBox): Add "firstChild" being Pseudo Element condition with "AND" logic
* LayoutTests/editing/selection/caret-in-empty-div-with-pseudo-content.html: Added Test Case
* LayoutTests/editing/selection/caret-in-empty-div-with-pseudo-content-expected.txt: Added Test Case Expectations

Canonical link: https://commits.webkit.org/255333@main

(cherry picked from commit 11d258f9db329fa814a7a5466d2a9bae81a6025d)

  Commit: d72a1ca0b78d41789bc45ea0bbd7cb060c26b552
      https://github.com/WebKit/WebKit/commit/d72a1ca0b78d41789bc45ea0bbd7cb060c26b552
  Author: Xabier Rodriguez-Calvar <calvaris at igalia.com>
  Date:   2022-10-10 (Mon, 10 Oct 2022)

  Changed paths:
    M LayoutTests/media/media-source/media-source-changetype-second-init.html
    A LayoutTests/media/media-source/media-source-changetype-support-expected.txt
    A LayoutTests/media/media-source/media-source-changetype-support.html
    M LayoutTests/platform/glib/imported/w3c/web-platform-tests/media-source/mediasource-changetype-play-without-codecs-parameter-expected.txt
    A LayoutTests/platform/glib/media/media-source/media-source-changetype-second-init-expected.txt
    A LayoutTests/platform/glib/media/media-source/media-source-changetype-support-expected.txt
    M Source/WTF/Scripts/Preferences/WebPreferences.yaml

  Log Message:
  -----------
  Merge 255345 at main - [GStreamer][MSE] High resolution video playback broken on Odysee.com due to unimplemented changeType operation
https://bugs.webkit.org/show_bug.cgi?id=245851

Reviewed by Philippe Normand and Alicia Boya Garcia.

Disable the SourceBuffer.changeType method by default in GLib based ports.

Test: LayoutTests/media/media-source/media-source-changetype-support.html.

* LayoutTests/media/media-source/media-source-changetype-second-init.html:
* LayoutTests/media/media-source/media-source-changetype-support-expected.txt: Added.
* LayoutTests/media/media-source/media-source-changetype-support.html: Copied from LayoutTests/media/media-source/media-source-changetype-second-init.html.
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/media-source/mediasource-changetype-play-without-codecs-parameter-expected.txt:
* LayoutTests/platform/glib/media/media-source/media-source-changetype-second-init-expected.txt: Added.
* LayoutTests/platform/glib/media/media-source/media-source-changetype-support-expected.txt: Added.
* Source/WTF/Scripts/Preferences/WebPreferences.yaml:

Canonical link: https://commits.webkit.org/255345@main

(cherry picked from commit 90f34d7eabdf24606fbf34db6a24a1a3a116ec15)

Compare: https://github.com/WebKit/WebKit/compare/2498dcbb1d55...d72a1ca0b78d