[webkit-changes] [WebKit/WebKit] f822e5: Versioning.

Jonathan Bedard noreply at github.com
Mon Dec 11 22:41:15 PST 2023


  Branch: refs/heads/safari-7617.1.17.13-branch
  Home:   https://github.com/WebKit/WebKit
  Commit: f822e58a76ef9ba6006051aebaa31cb9fb78da51
      https://github.com/WebKit/WebKit/commit/f822e58a76ef9ba6006051aebaa31cb9fb78da51
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2023-11-08 (Wed, 08 Nov 2023)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-617.1.17.13.1

Identifier: 267815.545 at safari-7617.1.17.13-branch


  Commit: 8c39779e046d3442e4a1d6c23920bf82a6712c17
      https://github.com/WebKit/WebKit/commit/8c39779e046d3442e4a1d6c23920bf82a6712c17
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2023-11-08 (Wed, 08 Nov 2023)

  Changed paths:
    A LayoutTests/storage/indexeddb/abort-index-rename-crash-expected.txt
    A LayoutTests/storage/indexeddb/abort-index-rename-crash.html
    M Source/WebCore/Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp
    M Source/WebCore/Modules/indexeddb/server/MemoryIndex.cpp
    M Source/WebCore/Modules/indexeddb/server/MemoryIndex.h
    M Source/WebCore/Modules/indexeddb/server/MemoryIndexCursor.cpp
    M Source/WebCore/Modules/indexeddb/server/MemoryObjectStore.h

  Log Message:
  -----------
  Cherry-pick 64bcd93cbc55. rdar://117463447

    jsc_fuz/wktr: heap-use-after-free in WebCore::IDBServer::MemoryObjectStore::takeIndexByIdentifier(unsigned long long) MemoryObjectStore.cpp:128.
    https://bugs.webkit.org/show_bug.cgi?id=264180.
    rdar://117463447.

    Reviewed by Sihui Liu.

    MemoryIndex now keeps WeakPtr to MemoryObjectStore 'm_objectStore' and checks it's validity before using it. Also RefPtr conversion from WekPtr using get() API as applicable.

    * LayoutTests/storage/indexeddb/abort-index-rename-crash-expected.txt: Added the test expected file.
    * LayoutTests/storage/indexeddb/abort-index-rename-crash.html: Added the test case.
    * Source/WebCore/Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp: Checks the validity of MemoryObjectStore pointer before using.
    (WebCore::IDBServer::MemoryBackingStoreTransaction::objectStoreDeleted):
    (WebCore::IDBServer::MemoryBackingStoreTransaction::indexRenamed):
    (WebCore::IDBServer::MemoryBackingStoreTransaction::abort):
    * Source/WebCore/Modules/indexeddb/server/MemoryIndex.cpp: Changed direct reference to WeakPtr. Also used RefPtr conversion using get() API as applicable.
    (WebCore::IDBServer::MemoryIndex::objectStoreCleared):
    (WebCore::IDBServer::MemoryIndex::clearIndexValueStore):
    (WebCore::IDBServer::MemoryIndex::replaceIndexValueStore):
    (WebCore::IDBServer::MemoryIndex::getResultForKeyRange const):
    (WebCore::IDBServer::MemoryIndex::getAllRecords const):
    * Source/WebCore/Modules/indexeddb/server/MemoryIndex.h: Changed direct reference to WeakPtr.
    (WebCore::IDBServer::MemoryIndex::objectStore):
    * Source/WebCore/Modules/indexeddb/server/MemoryIndexCursor.cpp: Used RefPtr conversion using get() API for MemoryIndex based MemoryObjectStore object.
    (WebCore::IDBServer::MemoryIndexCursor::currentData):
    * Source/WebCore/Modules/indexeddb/server/MemoryObjectStore.h:

    Canonical link: https://commits.webkit.org/267815.545@safari-7617-branch

Identifier: 267815.546 at safari-7617.1.17.13-branch


  Commit: ae9636582dbf6df0df3d3eb8f544330c75adc3a2
      https://github.com/WebKit/WebKit/commit/ae9636582dbf6df0df3d3eb8f544330c75adc3a2
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2023-11-08 (Wed, 08 Nov 2023)

  Changed paths:
    M LayoutTests/TestExpectations
    A LayoutTests/fast/multicol/last-set-crash-expected.txt
    A LayoutTests/fast/multicol/last-set-crash.html
    M Source/WebCore/rendering/RenderMultiColumnFlow.cpp
    M Source/WebCore/rendering/RenderMultiColumnFlow.h

  Log Message:
  -----------
  Cherry-pick f524a15d0633. rdar://114559559

    WTFCrashWithSecurityImplication in WebCore::RenderFragmentedFlow::removeLineFragmentInfo()
    https://bugs.webkit.org/show_bug.cgi?id=264327
    rdar://114559559

    Reviewed by Alan Baradlay.

    * LayoutTests/TestExpectations:

    Skip test on debug due to some assertion failures.

    * LayoutTests/fast/multicol/last-set-crash-expected.txt: Added.
    * LayoutTests/fast/multicol/last-set-crash.html: Added.
    * Source/WebCore/rendering/RenderMultiColumnFlow.cpp:
    (WebCore::RenderMultiColumnFlow::fragmentAtBlockOffset const):

    Tree mutations may have made m_lastSetWorkedOn cache invalid by moving the multicolumn set under a different multicolumn flow.
    Check for this.

    * Source/WebCore/rendering/RenderMultiColumnFlow.h:

    Also make it use WeakPtr.

    Canonical link: https://commits.webkit.org/267815.546@safari-7617-branch

Identifier: 267815.547 at safari-7617.1.17.13-branch


  Commit: 73beaee39166ce059df127255a47d9c762d34108
      https://github.com/WebKit/WebKit/commit/73beaee39166ce059df127255a47d9c762d34108
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2023-11-08 (Wed, 08 Nov 2023)

  Changed paths:
    M Source/WebCore/platform/graphics/transforms/RotateTransformOperation.h
    M Source/WebCore/platform/graphics/transforms/TransformOperation.h
    M Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp
    M Source/WebCore/platform/graphics/transforms/TransformationMatrix.h

  Log Message:
  -----------
  Apply patch. rdar://117209302

Identifier: 267815.548 at safari-7617.1.17.13-branch


  Commit: cbd16a27b8e358640f35fc2cbff93f5ac70ac772
      https://github.com/WebKit/WebKit/commit/cbd16a27b8e358640f35fc2cbff93f5ac70ac772
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2023-11-08 (Wed, 08 Nov 2023)

  Changed paths:
    M LayoutTests/TestExpectations
    R LayoutTests/fast/multicol/last-set-crash-expected.txt
    R LayoutTests/fast/multicol/last-set-crash.html
    M Source/WebCore/rendering/RenderMultiColumnFlow.cpp
    M Source/WebCore/rendering/RenderMultiColumnFlow.h

  Log Message:
  -----------
  Revert "Cherry-pick f524a15d0633. rdar://114559559"

This reverts commit ae9636582dbf6df0df3d3eb8f544330c75adc3a2.

Identifier: 267815.549 at safari-7617.1.17.13-branch


  Commit: 6153543a95f2d92646a9d75f7c62bba915ea0346
      https://github.com/WebKit/WebKit/commit/6153543a95f2d92646a9d75f7c62bba915ea0346
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2023-11-08 (Wed, 08 Nov 2023)

  Changed paths:
    R LayoutTests/storage/indexeddb/abort-index-rename-crash-expected.txt
    R LayoutTests/storage/indexeddb/abort-index-rename-crash.html
    M Source/WebCore/Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp
    M Source/WebCore/Modules/indexeddb/server/MemoryIndex.cpp
    M Source/WebCore/Modules/indexeddb/server/MemoryIndex.h
    M Source/WebCore/Modules/indexeddb/server/MemoryIndexCursor.cpp
    M Source/WebCore/Modules/indexeddb/server/MemoryObjectStore.h

  Log Message:
  -----------
  Revert "Cherry-pick 64bcd93cbc55. rdar://117463447"

This reverts commit 8c39779e046d3442e4a1d6c23920bf82a6712c17.

Identifier: 267815.550 at safari-7617.1.17.13-branch


  Commit: 39ce3946744a0ba1ddeed77fe80d216d76da6da0
      https://github.com/WebKit/WebKit/commit/39ce3946744a0ba1ddeed77fe80d216d76da6da0
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2023-11-08 (Wed, 08 Nov 2023)

  Changed paths:
    M Source/WebCore/page/ContextMenuController.cpp
    M Source/WebCore/page/Page.cpp
    M Source/WebCore/page/Page.h
    M Source/WebKit/WebProcess/WebPage/WebPage.cpp

  Log Message:
  -----------
  Cherry-pick 38398649280b. rdar://117215059

    AX: Sometimes unable to see play/pause animation context menu item when setting is toggled
    https://bugs.webkit.org/show_bug.cgi?id=263735
    rdar://117215059

    Reviewed by Tyler Wilcock.

    When deciding whether to add the "Play/Pause all animations" or "Play/Pause animation" context menu item, we had previously
    used a softlink to reference _AXSReduceMotionAutoplayAnimatedImagesEnabled. The issue with using this from the web content
    process, however, is that distributed notifications are not permitted as per the sandbox, so updates to this setting were
    not reaching that process.

    To resolve this, this patch now piggybacks onto our existing cross-process update for the animation setting using the
    AccessibilityPreferencesChanged notification and WebPage::updateImageAnimationEnabled. A new flag, m_systemAllowsAnimationControls,
    now maintains the state of this setting, and allows the Page to have an up-to-date view of the setting without relying on the
    softlink.

    * Source/WebCore/page/ContextMenuController.cpp:
    (WebCore::ContextMenuController::populate):
    * Source/WebCore/page/Page.cpp:
    (WebCore::Page::setSystemAllowsAnimationControls):
    * Source/WebCore/page/Page.h:
    (WebCore::Page::systemAllowsAnimationControls const):
    * Source/WebKit/WebProcess/WebPage/WebPage.cpp:
    (WebKit::WebPage::updateImageAnimationEnabled):

    Canonical link: https://commits.webkit.org/269878@main

Identifier: 267815.551 at safari-7617.1.17.13-branch


  Commit: d0ec0811e49afb082ea417dfd221ec7771209406
      https://github.com/WebKit/WebKit/commit/d0ec0811e49afb082ea417dfd221ec7771209406
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2023-11-08 (Wed, 08 Nov 2023)

  Changed paths:
    M Source/WebCore/platform/graphics/FontCascade.cpp
    M Source/WebCore/platform/graphics/FontCascadeFonts.cpp
    M Source/WebCore/platform/graphics/FontRanges.cpp
    M Source/WebCore/platform/graphics/GlyphPage.h

  Log Message:
  -----------
  Cherry-pick ef2295446d89. rdar://117905809

    Use GlyphData.isValid() consistently for checking whether GlyphData is valid.
    https://bugs.webkit.org/show_bug.cgi?id=264130
    rdar://117905809

    Reviewed by Tim Nguyen.

    Replace GlyphData validity checks using .glyph and .font directly with .isValid().
    Make .isValid() return false even if .glyph is non-zero and .font is null
    (which should never happen) since a .font null check isn't expensive anyway.

    * Source/WebCore/platform/graphics/FontCascade.cpp:
    (WebCore::FontCascade::fontForCombiningCharacterSequence const):
    * Source/WebCore/platform/graphics/FontCascadeFonts.cpp:
    (WebCore::FontCascadeFonts::GlyphPageCacheEntry::setGlyphDataForCharacter):
    (WebCore::FontCascadeFonts::glyphDataForSystemFallback):
    (WebCore::FontCascadeFonts::glyphDataForVariant):
    (WebCore::FontCascadeFonts::glyphDataForCharacter):
    * Source/WebCore/platform/graphics/FontRanges.cpp:
    (WebCore::FontRanges::glyphDataForCharacter const):
    * Source/WebCore/platform/graphics/GlyphPage.h:
    (WebCore::GlyphData::isValid const):

    Canonical link: https://commits.webkit.org/270299@main

Identifier: 267815.552 at safari-7617.1.17.13-branch


  Commit: c638e269603352f32d3c05d557d3d50a50e931a3
      https://github.com/WebKit/WebKit/commit/c638e269603352f32d3c05d557d3d50a50e931a3
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    A LayoutTests/fast/viewport/ios/full-screen-safe-area-insets-expected.txt
    A LayoutTests/fast/viewport/ios/full-screen-safe-area-insets.html
    A LayoutTests/fast/viewport/ios/resources/viewport-fit-contain.html
    A LayoutTests/fast/viewport/ios/resources/viewport-fit-cover.html
    A LayoutTests/fullscreen/full-screen-document-background-color-expected.txt
    A LayoutTests/fullscreen/full-screen-document-background-color.html
    M LayoutTests/fullscreen/full-screen-test.js
    M Source/WebCore/dom/Document.cpp
    M Source/WebCore/dom/FullscreenManager.cpp
    M Source/WebCore/page/LocalFrameView.cpp
    M Source/WebCore/page/Page.cpp
    M Source/WebCore/page/Page.h
    M Source/WebCore/testing/Internals.cpp
    M Source/WebCore/testing/Internals.h
    M Source/WebCore/testing/Internals.idl
    M Source/WebKit/UIProcess/API/ios/WKWebViewIOS.h
    M Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm
    M Source/WebKit/UIProcess/ios/WKScrollView.h
    M Source/WebKit/UIProcess/ios/WKScrollView.mm
    M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenViewController.mm
    M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm

  Log Message:
  -----------
  Cherry-pick 1d5314701b60. rdar://117304719

    Cherry-pick 270199 at main (56d49b081448). rdar://117304719

        [iOS] Element Fullscreen does not respect viewport-fit
        https://bugs.webkit.org/show_bug.cgi?id=264012
        rdar://117304719

        Reviewed by Wenson Hsieh and Tim Horton.

        Tests: fast/viewport/ios/full-screen-safe-area-insets.html
               fullscreen/full-screen-document-background-color.html

        When configuring the WKWebView during the enter fullscreen operation, various settings of the view
        must be returned to their default state for the "automatic" avoid-safe-areas behavior to kick in.
        For some calls made by clients, there is no way to reset those behaviors to default, and the
        existing implementation merely overrode those settings with other non-default values. The end
        result was that all fullscreen content was behaving as if `viewport-fit=cover` was specified, which
        allowed some content to slip into the safe areas.

        Additionally, when embedded content is taken fullscreen, the viewport settings of that embedded
        iframe are not respected, and the embedded content uses the viewport settings of whatever page
        embedded it. Also, the fullscreen element's background is not used in the overflow areas when
        iframe content is in fullscreen.

        * Source/WebCore/dom/Document.cpp:
        (WebCore::Document::updateViewportArguments):
        * Source/WebCore/dom/FullscreenManager.cpp:
        (WebCore::FullscreenManager::dispatchFullscreenChangeOrErrorEvent):
        (WebCore::FullscreenManager::deepestFullscreenDocument const):
        * Source/WebCore/dom/FullscreenManager.h:
        * Source/WebCore/page/LocalFrameView.cpp:
        (WebCore::LocalFrameView::documentBackgroundColor const):
        * Source/WebCore/page/Page.cpp:
        (WebCore::viewportDocumentForFrame):
        (WebCore::Page::viewportArguments const):
        * Source/WebKit/UIProcess/API/ios/WKWebViewIOS.h:
        * Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm:
        (-[WKWebView _resetScrollViewInsetAdjustmentBehavior]):
        (-[WKWebView _haveSetUnobscuredSafeAreaInsets]):
        (-[WKWebView _resetUnobscuredSafeAreaInsets]):
        (-[WKWebView _hasOverriddenLayoutParameters]):
        (-[WKWebView _viewLayoutSizeOverride]):
        (-[WKWebView _minimumUnobscuredSizeOverride]):
        (-[WKWebView _maximumUnobscuredSizeOverride]):
        (-[WKWebView _resetObscuredInsets]):
        (-[WKWebView _clearOverrideLayoutParameters]):
        * Source/WebKit/UIProcess/ios/WKContentView.mm:
        (-[WKContentView setFrame:]):
        * Source/WebKit/UIProcess/ios/WKScrollView.h:
        * Source/WebKit/UIProcess/ios/WKScrollView.mm:
        (-[WKScrollView _contentInsetWasExternallyOverridden]):
        (-[WKScrollView _resetContentInset]):
        (-[WKScrollView _resetContentInsetAdjustmentBehavior]):
        * Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenViewController.mm:
        (-[WKFullScreenViewController viewDidLayoutSubviews]):
        (-[WKFullScreenViewController viewWillTransitionToSize:withTransitionCoordinator:]):
        * Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:
        (WebKit::WKWebViewState::applyTo):
        (WebKit::WKWebViewState::store):
        (-[WKFullScreenWindowController enterFullScreen:]):
        (-[WKFullScreenWindowController beganEnterFullScreenWithInitialFrame:finalFrame:]):

        Canonical link: https://commits.webkit.org/270199@main

Identifier: 267815.553 at safari-7617.1.17.13-branch


  Commit: de302c24f42639b26f160d217824ffbf5ffcd35f
      https://github.com/WebKit/WebKit/commit/de302c24f42639b26f160d217824ffbf5ffcd35f
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M LayoutTests/TestExpectations
    A LayoutTests/fast/canvas/canvas-noise-injection-expected.txt
    A LayoutTests/fast/canvas/canvas-noise-injection.html
    M Source/WebCore/html/CanvasBase.cpp
    M Source/WebCore/html/CanvasBase.h
    M Source/WebCore/html/CanvasNoiseInjection.cpp
    M Source/WebCore/html/CanvasNoiseInjection.h
    M Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp
    M Source/WebCore/html/canvas/CanvasRenderingContext2DBase.h
    M Source/WebCore/testing/Internals.cpp
    M Source/WebCore/testing/Internals.h
    M Source/WebCore/testing/Internals.idl

  Log Message:
  -----------
  Cherry-pick bde990fd62dd. rdar://115313154

    Don't apply canvas noise on drawImage/putImageData rects
    https://bugs.webkit.org/show_bug.cgi?id=263129
    rdar://115313154

    Reviewed by Simon Fraser.

    When noise injection is enabled, the backing pixelbuffer of Canvas2D has noise
    applied as an anti-fingerprinting protection. That operation is expensive and
    the protection is not needed in situations where we are given an explicit
    ImageData or specific types of Images because those data don't reveal any
    identifying information about the machine when extracted via getImageData() or
    toDataURL().

    This patch abstracts the default DidDrawOptions into a static function that
    includes DidDrawOption::ApplyPostProcessing, and a companion function that
    doesn't include ApplyPostProcessing. These are static class functions because
    they should both be updated if the default DidDrawOption OptionSet changes in
    the future, and defining them separately seems error prone.

    As described above, the noise injection post-processing is not applied after
    certain drawImage operations where the image is a bitmap, and post-processing
    is conditionally applied when the entire canvas is dirty.

    * LayoutTests/TestExpectations:
    * LayoutTests/fast/canvas/canvas-noise-injection-expected.txt:
    * LayoutTests/fast/canvas/canvas-noise-injection.html:
    * Source/WebCore/html/CanvasBase.cpp:
    (WebCore::CanvasBase::didDraw):
    * Source/WebCore/html/CanvasNoiseInjection.cpp:
    (WebCore::CanvasNoiseInjection::clearDirtyRect):
    * Source/WebCore/html/CanvasNoiseInjection.h:
    * Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp:
    (WebCore::CanvasRenderingContext2DBase::clearRect):
    (WebCore::CanvasRenderingContext2DBase::drawImage):
    (WebCore::CanvasRenderingContext2DBase::didDrawEntireCanvas):
    (WebCore::CanvasRenderingContext2DBase::didDraw):
    * Source/WebCore/html/canvas/CanvasRenderingContext2DBase.h:
    (WebCore::CanvasRenderingContext2DBase::defaultDidDrawOptions):
    (WebCore::CanvasRenderingContext2DBase::defaultDidDrawOptionsWithoutPostProcessing):
    (WebCore::CanvasRenderingContext2DBase::didDraw): Deleted.

    Canonical link: https://commits.webkit.org/270207@main

Identifier: 267815.554 at safari-7617.1.17.13-branch


  Commit: c0097afcc265b6a346fe7637a13cabd6b7147555
      https://github.com/WebKit/WebKit/commit/c0097afcc265b6a346fe7637a13cabd6b7147555
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M LayoutTests/TestExpectations
    A LayoutTests/fast/multicol/last-set-crash-expected.txt
    A LayoutTests/fast/multicol/last-set-crash.html
    M Source/WebCore/rendering/RenderMultiColumnFlow.cpp
    M Source/WebCore/rendering/RenderMultiColumnFlow.h

  Log Message:
  -----------
  Cherry-pick f524a15d0633. rdar://114559559

    WTFCrashWithSecurityImplication in WebCore::RenderFragmentedFlow::removeLineFragmentInfo()
    https://bugs.webkit.org/show_bug.cgi?id=264327
    rdar://114559559

    Reviewed by Alan Baradlay.

    * LayoutTests/TestExpectations:

    Skip test on debug due to some assertion failures.

    * LayoutTests/fast/multicol/last-set-crash-expected.txt: Added.
    * LayoutTests/fast/multicol/last-set-crash.html: Added.
    * Source/WebCore/rendering/RenderMultiColumnFlow.cpp:
    (WebCore::RenderMultiColumnFlow::fragmentAtBlockOffset const):

    Tree mutations may have made m_lastSetWorkedOn cache invalid by moving the multicolumn set under a different multicolumn flow.
    Check for this.

    * Source/WebCore/rendering/RenderMultiColumnFlow.h:

    Also make it use WeakPtr.

    Canonical link: https://commits.webkit.org/267815.546@safari-7617-branch

Identifier: 267815.555 at safari-7617.1.17.13-branch


  Commit: 7b341e04b8d06ad94606722b5af27f98e9ea4ce2
      https://github.com/WebKit/WebKit/commit/7b341e04b8d06ad94606722b5af27f98e9ea4ce2
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-11-10 (Fri, 10 Nov 2023)

  Changed paths:
    A LayoutTests/accessibility/custom-elements/shadow-element-text-expected.txt
    A LayoutTests/accessibility/custom-elements/shadow-element-text.html
    A LayoutTests/platform/glib/accessibility/custom-elements/shadow-element-text-expected.txt
    M Source/WebCore/accessibility/AccessibilityNodeObject.cpp

  Log Message:
  -----------
  Cherry-pick ecb40fdcddf8. rdar://118118138

    AX: VoiceOver does not announce button in text if button is in shadow root
    https://bugs.webkit.org/show_bug.cgi?id=264410
    rdar://118118138

    Reviewed by Tyler Wilcock.

    In shadow DOM elements, if text was within nested elements, textUnderElement would not include it.

    This patch resolves that by adding to our logic for when we decide whether or not to skip a child's
    text. Instead of just checking whether the child's parent and the current node match, we also check
    that the elements are either both in the DOM or Shadow DOM.

    * LayoutTests/accessibility/custom-elements/shadow-element-text-expected.txt: Added.
    * LayoutTests/accessibility/custom-elements/shadow-element-text.html: Added.
    * LayoutTests/platform/glib/accessibility/custom-elements/shadow-element-text-expected.txt: Added.
    * Source/WebCore/accessibility/AccessibilityNodeObject.cpp:
    (WebCore::AccessibilityNodeObject::textUnderElement const):

    Canonical link: https://commits.webkit.org/270542@main

Canonical link: https://commits.webkit.org/267815.556@safari-7617.1.17.13-branch


  Commit: 5c7eac0b2ff969f1bc59acd31f4afd4e71dca226
      https://github.com/WebKit/WebKit/commit/5c7eac0b2ff969f1bc59acd31f4afd4e71dca226
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-11-10 (Fri, 10 Nov 2023)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7617.1.17.13.2

Canonical link: https://commits.webkit.org/267815.557@safari-7617.1.17.13-branch


  Commit: d5d49d6ef475fdd669b505ecdb49fa944b570993
      https://github.com/WebKit/WebKit/commit/d5d49d6ef475fdd669b505ecdb49fa944b570993
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2023-11-13 (Mon, 13 Nov 2023)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-617.1.17.13.3

Identifier: 267815.558 at safari-7617.1.17.13-branch


  Commit: fd4bac2f23415db83df6794291202caf313112b7
      https://github.com/WebKit/WebKit/commit/fd4bac2f23415db83df6794291202caf313112b7
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2023-11-13 (Mon, 13 Nov 2023)

  Changed paths:
    R JSTests/stress/arrow-function-captured-arguments-aliased.js
    M Source/JavaScriptCore/bytecode/CodeBlock.cpp
    M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
    M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
    M Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
    M Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
    M Source/JavaScriptCore/runtime/GetPutInfo.h
    M Source/JavaScriptCore/runtime/ScopedArguments.h
    M Source/JavaScriptCore/runtime/ScopedArgumentsTable.cpp
    M Source/JavaScriptCore/runtime/ScopedArgumentsTable.h
    M Source/JavaScriptCore/runtime/SymbolTable.cpp
    M Source/JavaScriptCore/runtime/SymbolTable.h

  Log Message:
  -----------
  Cherry-pick af7c136e799e. rdar://117838992

    Reverting https://commits.webkit.org/267815.345@safari-7617-branch
    https://bugs.webkit.org/show_bug.cgi?id=264767
    rdar://117838992

    Reviewed by Michael Saboff.

    * JSTests/stress/arrow-function-captured-arguments-aliased.js: Removed.
    * Source/JavaScriptCore/bytecode/CodeBlock.cpp:
    (JSC::CodeBlock::finishCreation):
    * Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:
    (JSC::BytecodeGenerator::BytecodeGenerator):
    * Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::parseBlock):
    * Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm:
    * Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:
    * Source/JavaScriptCore/runtime/GetPutInfo.h:
    (JSC::initializationModeName):
    (JSC::isInitialization):
    * Source/JavaScriptCore/runtime/ScopedArguments.h:
    * Source/JavaScriptCore/runtime/ScopedArgumentsTable.cpp:
    (JSC::ScopedArgumentsTable::tryCreate):
    (JSC::ScopedArgumentsTable::tryClone):
    (JSC::ScopedArgumentsTable::trySetLength):
    (JSC::ScopedArgumentsTable::trySetWatchpointSet): Deleted.
    * Source/JavaScriptCore/runtime/ScopedArgumentsTable.h:
    * Source/JavaScriptCore/runtime/SymbolTable.cpp:
    (JSC::SymbolTable::localToEntry):
    (JSC::SymbolTable::cloneScopePart):
    * Source/JavaScriptCore/runtime/SymbolTable.h:

    Canonical link: https://commits.webkit.org/267815.566@safari-7617-branch

Identifier: 267815.559 at safari-7617.1.17.13-branch


  Commit: 4bb8d7594c3ad2f3992276d99d6fca73a357a561
      https://github.com/WebKit/WebKit/commit/4bb8d7594c3ad2f3992276d99d6fca73a357a561
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-11-14 (Tue, 14 Nov 2023)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7617.1.17.13.4

Canonical link: https://commits.webkit.org/267815.560@safari-7617.1.17.13-branch


  Commit: eb47716ff9b28e12d442cabd9857d00354c22992
      https://github.com/WebKit/WebKit/commit/eb47716ff9b28e12d442cabd9857d00354c22992
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-11-14 (Tue, 14 Nov 2023)

  Changed paths:
    A LayoutTests/fonts/font-cache-memory-pressure-crash-expected.txt
    A LayoutTests/fonts/font-cache-memory-pressure-crash.html
    M Source/WebCore/platform/graphics/FontCascadeFonts.cpp

  Log Message:
  -----------
  Cherry-pick a595ddd8348d. rdar://117805319

    Adding last resort font to System Font fallback set for PUA characters
    https://bugs.webkit.org/show_bug.cgi?id=264737
    rdar://117805319

    Reviewed by Brent Fulgham.

    Until now, when we are purging inactive font data, we would just clear
    the glyph page cache if we had to purge system fallback font.
    This means that we consider glyph page cache would only point to
    fonts from system fonts fallback.

    When we are handling unicode's in the Private-User-Area (PUA) block,
    we shouldn't fallback to system fonts searching for a font that can render
    it, per spec: https://www.w3.org/TR/css-fonts-4/#char-handling-issues
    Instead, we render the glyph 0 with the last resort font. However, this
    font is just added to the custom font cache, and its font pointer in the
    Glyph Page cache is not cleared during memory pressure.

    We should add this font to the system font fallback set, to make sure
    that the associated font pointer is removed from the glyph page cache
    during memory pressure.

    * LayoutTests/fonts/font-cache-memory-pressure-crash.html: Added.
    * Source/WebCore/platform/graphics/FontCascadeFonts.cpp:
    (WebCore::FontCascadeFonts::glyphDataForVariant):
    * LayoutTests/fonts/font-cache-memory-pressure-crash-expected.txt: Added.

    Canonical link: https://commits.webkit.org/267815.567@safari-7617-branch

Canonical link: https://commits.webkit.org/267815.561@safari-7617.1.17.13-branch


  Commit: abae4309625bb53459b4db62d500754859bd5579
      https://github.com/WebKit/WebKit/commit/abae4309625bb53459b4db62d500754859bd5579
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-11-14 (Tue, 14 Nov 2023)

  Changed paths:
    M Source/WebKit/UIProcess/mac/PageClientImplMac.mm

  Log Message:
  -----------
  Cherry-pick 9ed78dcdcb4a. rdar://118249650

    REGRESSION (270325 at main): Overrelease of NSColor under PageClientImpl::appUsesCustomAccentColor
    https://bugs.webkit.org/show_bug.cgi?id=264845
    <rdar://problem/118312264>

    Reviewed by Aditya Keerthi, Chris Dumez and Simon Fraser.

    * Source/WebKit/UIProcess/mac/PageClientImplMac.mm:
    (WebKit::PageClientImpl::appUsesCustomAccentColor):
    We don't own these colors, don't adopt them.

    Canonical link: https://commits.webkit.org/270735@main

Identifier: 267815.562 at safari-7617.1.17.13-branch


  Commit: dfd2068ae23ce5f290ebbcd0c7a37f52d6fd9e53
      https://github.com/WebKit/WebKit/commit/dfd2068ae23ce5f290ebbcd0c7a37f52d6fd9e53
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-11-14 (Tue, 14 Nov 2023)

  Changed paths:
    M Source/WebKit/UIProcess/mac/PageClientImplMac.mm

  Log Message:
  -----------
  Revert "Cherry-pick 9ed78dcdcb4a. rdar://118249650"

This reverts commit abae4309625bb53459b4db62d500754859bd5579.

Identifier: 267815.563 at safari-7617.1.17.13-branch


  Commit: 065301fb63de779f7f0bed45f9a3dd2daeb18721
      https://github.com/WebKit/WebKit/commit/065301fb63de779f7f0bed45f9a3dd2daeb18721
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-11-16 (Thu, 16 Nov 2023)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7617.1.17.13.5

Identifier: 267815.564 at safari-7617.1.17.13-branch


  Commit: d764093be9f440497c7100bb6c27d4c6abbffb75
      https://github.com/WebKit/WebKit/commit/d764093be9f440497c7100bb6c27d4c6abbffb75
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-11-16 (Thu, 16 Nov 2023)

  Changed paths:
    M Source/JavaScriptCore/b3/B3LowerToAir.cpp
    M Source/JavaScriptCore/b3/air/AirValidate.cpp

  Log Message:
  -----------
  Cherry-pick 49ba637c4abb. rdar://118515062

    Extr can overflow when imm=64, allowing a random register to be read
    rdar://118515062

    Reviewed by Yusuke Suzuki.

    Extr can overflow when imm=64, allowing a random register to be read.

    * Source/JavaScriptCore/b3/B3LowerToAir.cpp:
    * Source/JavaScriptCore/b3/air/AirValidate.cpp:

    Canonical link: https://commits.webkit.org/267815.574@safari-7617-branch


  Commit: 31b27a862699d5ca28de5b729df43d01d8ed944a
      https://github.com/WebKit/WebKit/commit/31b27a862699d5ca28de5b729df43d01d8ed944a
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-11-17 (Fri, 17 Nov 2023)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7617.1.17.13.6

Canonical link: https://commits.webkit.org/267815.566@safari-7617.1.17.13-branch


  Commit: 6a433268fc0cc4b3dddde2f67ca8ddba66ec185a
      https://github.com/WebKit/WebKit/commit/6a433268fc0cc4b3dddde2f67ca8ddba66ec185a
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-11-17 (Fri, 17 Nov 2023)

  Changed paths:
    M Source/JavaScriptCore/runtime/Structure.cpp

  Log Message:
  -----------
  Cherry-pick b0a755e34426. rdar://118548733

    Race condition between JSObject::getDirectConcurrently users and Structure::flattenDictionaryStructure
    https://bugs.webkit.org/show_bug.cgi?id=265067
    rdar://118548733

    Reviewed by Justin Michaud and Mark Lam.

    Like Array shift/unshift, flattenDictionaryStructure is the other code which can shrink butterfly for named properties (no other code does it).
    Compiler threads rely on the fact that normally named property storage never shrunk. And we should catch this exceptional case by taking a cellLock
    in the compiler thread. But flattenDictionaryStructure is not taking cellLock correctly.

    This patch computes afterOutOfLineCapacity first to detect that whether this flattening will shrink the butterfly.
    And if it is, then we take a cellLock. We do not need to take it if we do not shrink the butterfly.

    * Source/JavaScriptCore/runtime/Structure.cpp:
    (JSC::Structure::flattenDictionaryStructure):

    Canonical link: https://commits.webkit.org/267815.577@safari-7617-branch

Canonical link: https://commits.webkit.org/267815.567@safari-7617.1.17.13-branch


  Commit: 4fb567aa7f71f54901bcc3322dd5e63c733e7941
      https://github.com/WebKit/WebKit/commit/4fb567aa7f71f54901bcc3322dd5e63c733e7941
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-11-17 (Fri, 17 Nov 2023)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7617.1.17.13.7

Canonical link: https://commits.webkit.org/267815.568@safari-7617.1.17.13-branch


  Commit: cbe051a9a3765825ccb92c790ec0e50c66c6bc51
      https://github.com/WebKit/WebKit/commit/cbe051a9a3765825ccb92c790ec0e50c66c6bc51
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-11-17 (Fri, 17 Nov 2023)

  Changed paths:
    M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml

  Log Message:
  -----------
  Revert b16d10297d26. rdar://118303187

Canonical link: https://commits.webkit.org/267815.569@safari-7617.1.17.13-branch


  Commit: 3e18ed466046639b921de13e38c274299a6f6023
      https://github.com/WebKit/WebKit/commit/3e18ed466046639b921de13e38c274299a6f6023
  Author: Jonathan Bedard <jbedard at apple.com>
  Date:   2023-11-27 (Mon, 27 Nov 2023)

  Changed paths:
    M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py

  Log Message:
  -----------
  Cherry-pick 270059 at main (219eb0bb7b43). rdar://116915892

    [AutoInstall] prefer wheels whenever possible (Follow-up fix)
    https://bugs.webkit.org/show_bug.cgi?id=263119
    rdar://116915892

    Reviewed by Elliott Williams and Sam Sneddon.

    Wheel installs of rapidfuzz aren't valid for all configurations, and
    it doesn't take long to install manually.

    * Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
    * Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Opt out of wheel for rapidfuzz.

    Canonical link: https://commits.webkit.org/270059@main

    Canonical link: https://commits.webkit.org/267815.561@safari-7617-branch

Identifier: 267815.570 at safari-7617.1.17.13-branch


Compare: https://github.com/WebKit/WebKit/compare/f822e58a76ef%5E...3e18ed466046


More information about the webkit-changes mailing list