[webkit-changes] [WebKit/WebKit] b08d86: jsc_fuz/wktr: *flaky* RELEASE_ASSERT_WITH_SECURITY...

youennf noreply at github.com
Fri Aug 4 12:31:33 PDT 2023


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: b08d8686ee799d28d585b8d6468fb328bd151c18
      https://github.com/WebKit/WebKit/commit/b08d8686ee799d28d585b8d6468fb328bd151c18
  Author: Youenn Fablet <youennf at gmail.com>
  Date:   2023-08-04 (Fri, 04 Aug 2023)

  Changed paths:
    A LayoutTests/fast/mediastream/mediarecorder-close-expected.txt
    A LayoutTests/fast/mediastream/mediarecorder-close.html
    M Source/WebCore/platform/mediarecorder/MediaRecorderPrivateAVFImpl.cpp
    M Source/WebCore/platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.h
    M Source/WebCore/platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm
    M Source/WebKit/GPUProcess/webrtc/RemoteMediaRecorder.cpp

  Log Message:
  -----------
  jsc_fuz/wktr: *flaky* RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(!retainedPointer || !m_controlBlock->objectHasBeenDeleted()); in MediaRecorderPrivateWriter::compressedVideoOutputBufferCallback MediaRecorderPrivateWriterCocoa.mm:107
https://bugs.webkit.org/show_bug.cgi?id=257780
rdar://109659987

Reviewed by Eric Carlson.

After the introduction of ThreadSafeRefCountedAndCanMakeThreadSafeWeakPtr,
we are now lazily creating our weak pointer on various threads, and this can happen while destroying the object in main thread.
To make sure we do not end up in that situation, we are now closing MediaRecorderPrivateWriter before destroying it.
In closing, we destroy the compressors which are the ones calling the callbacks that can create the weak pointers.

* LayoutTests/fast/mediastream/mediarecorder-close-expected.txt: Added.
* LayoutTests/fast/mediastream/mediarecorder-close.html: Added.
* Source/WebCore/platform/mediarecorder/MediaRecorderPrivateAVFImpl.cpp:
(WebCore::MediaRecorderPrivateAVFImpl::MediaRecorderPrivateAVFImpl):
* Source/WebCore/platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.h:
* Source/WebCore/platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm:
(WebCore::MediaRecorderPrivateWriter::~MediaRecorderPrivateWriter):
(WebCore::MediaRecorderPrivateWriter::close):
* Source/WebKit/GPUProcess/webrtc/RemoteMediaRecorder.cpp:
(WebKit::RemoteMediaRecorder::~RemoteMediaRecorder):

Originally-landed-as: 259548.822 at safari-7615-branch (3282e8c968c7). rdar://113224891
Canonical link: https://commits.webkit.org/266596@main


  Commit: 9b58b4bed53b93f81335017b9f732e9a189ce800
      https://github.com/WebKit/WebKit/commit/9b58b4bed53b93f81335017b9f732e9a189ce800
  Author: J Pascoe <j_pascoe at apple.com>
  Date:   2023-08-04 (Fri, 04 Aug 2023)

  Changed paths:
    M Source/WebCore/page/LocalDOMWindow.cpp
    M Source/WebCore/page/Quirks.cpp
    M Source/WebCore/page/Quirks.h
    M Source/WebKit/UIProcess/WebPageProxy.cpp

  Log Message:
  -----------
  https://bugs.webkit.org/show_bug.cgi?id=257352
rdar://106974958

Reviewed by John Wilander and Brent Fulgham.

This quirk is no longer nessesary to get favorites and recents to show up
in the radio player, which is why it was added in the first place. Therefore
it can be removed.

* Source/WebCore/page/DOMWindow.cpp:
(WebCore::DOMWindow::open):
* Source/WebCore/page/Quirks.cpp:
(WebCore::Quirks::triggerOptionalStorageAccessQuirk const):
(WebCore::Quirks::BBCRadioPlayerURLString): Deleted.
(WebCore::Quirks::staticRadioPlayerURLString): Deleted.
(WebCore::isBBCDomain): Deleted.
(WebCore::isBBCPopUpPlayerElement): Deleted.
* Source/WebCore/page/Quirks.h:
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::createNewPage):

Originally-landed-as: 259548.824 at safari-7615-branch (cff01e3a9ba5). rdar://113285349
Canonical link: https://commits.webkit.org/266597@main


  Commit: 147a80d7a4244276a735f43b17aa21177dcd9541
      https://github.com/WebKit/WebKit/commit/147a80d7a4244276a735f43b17aa21177dcd9541
  Author: Youenn Fablet <youennf at gmail.com>
  Date:   2023-08-04 (Fri, 04 Aug 2023)

  Changed paths:
    A LayoutTests/http/wpt/webcodecs/videoFrame-negative-timestamp-expected.txt
    A LayoutTests/http/wpt/webcodecs/videoFrame-negative-timestamp.html
    M Source/WebKit/WebProcess/GPU/media/RemoteVideoCodecFactory.cpp

  Log Message:
  -----------
  RemoteVideoEncoderCallbacks and RemoteVideoDecoderCallbacks HashMaps could be corrupted by JS
https://bugs.webkit.org/show_bug.cgi?id=258123
rdar://110777506

Reviewed by Eric Carlson.

JS can provide signed timestamps, which are used as keys in RemoteVideoDecoderCallbacks and RemoteVideoEncoderCallbacks maps.
Move to StdUnorderedMap to support all keys.

* LayoutTests/http/wpt/webcodecs/videoFrame-negative-timestamp-expected.txt: Added.
* LayoutTests/http/wpt/webcodecs/videoFrame-negative-timestamp.html: Added.
* Source/WebKit/WebProcess/GPU/media/RemoteVideoCodecFactory.cpp:
(WebKit::RemoteVideoDecoderCallbacks::addDuration):
(WebKit::RemoteVideoEncoderCallbacks::addDuration):
(WebKit::RemoteVideoDecoderCallbacks::notifyDecodingResult):
(WebKit::RemoteVideoEncoderCallbacks::notifyEncodedChunk):

Originally-landed-as: 259548.831 at safari-7615-branch (d263e8a08a93). rdar://113285399
Canonical link: https://commits.webkit.org/266598@main


Compare: https://github.com/WebKit/WebKit/compare/6d13b1672d0f...147a80d7a424


More information about the webkit-changes mailing list