[webkit-changes] [WebKit/WebKit] 24e3ce: Cherry-pick 256112 at main (4a1a50028375). https://bu...
youennf
noreply at github.com
Tue Jan 24 05:31:54 PST 2023
Branch: refs/heads/webkitglib/2.38
Home: https://github.com/WebKit/WebKit
Commit: 24e3ce7b1f024cc6dc43f58ef6b4103d109709b2
https://github.com/WebKit/WebKit/commit/24e3ce7b1f024cc6dc43f58ef6b4103d109709b2
Author: Miguel Salinas <miguel_salinas at apple.com>
Date: 2023-01-24 (Tue, 24 Jan 2023)
Changed paths:
A LayoutTests/storage/indexeddb/crash-on-getdatabases-expected.txt
A LayoutTests/storage/indexeddb/crash-on-getdatabases.html
A LayoutTests/storage/indexeddb/resources/crash-on-getdatabases.js
M Source/WebCore/Modules/indexeddb/IDBTransaction.cpp
Log Message:
-----------
Cherry-pick 256112 at main (4a1a50028375). https://bugs.webkit.org/show_bug.cgi?id=246706
nullptr crash in WebCore::IDBTransaction::dispatchEvent
https://bugs.webkit.org/show_bug.cgi?id=246706
rdar://94637046
Reviewed by Sihui Liu.
We should check if m_openDBRequest is null in
IDBTransaction::dispatchEvent. The repro is flaky but does reproduce for
me ~1/3 of the time. I tried to reduce the test case but it either
stopped reproducing or reproduced significantly less frequently.
* LayoutTests/storage/indexeddb/crash-on-getdatabases-expected.txt: Added.
* LayoutTests/storage/indexeddb/crash-on-getdatabases.html: Added.
* LayoutTests/storage/indexeddb/resources/crash-on-getdatabases.js: Added.
(async testDoesNotCrash):
* Source/WebCore/Modules/indexeddb/IDBTransaction.cpp:
(WebCore::IDBTransaction::dispatchEvent):
Canonical link: https://commits.webkit.org/256112@main
Commit: 3544b1eaff9de757625d2d6dc8b897d18dda6167
https://github.com/WebKit/WebKit/commit/3544b1eaff9de757625d2d6dc8b897d18dda6167
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-01-24 (Tue, 24 Jan 2023)
Changed paths:
M Source/WebCore/page/Quirks.cpp
Log Message:
-----------
Cherry-pick 256081 at main (cc22c989e13b). https://bugs.webkit.org/show_bug.cgi?id=247153
Regression(252759 at main) Unable to log into marcus.com
https://bugs.webkit.org/show_bug.cgi?id=247153
rdar://101086391
Reviewed by Brian Weinstein.
Extend showModalDialog quirk to marcus.com to work around their geo-blocking
relying on the showModalDialog property existing (somehow). Note that the
property is exposed but is undefined, which is sufficient since they don't
actually call the showModalDialog function.
* Source/WebCore/page/Quirks.cpp:
(WebCore::Quirks::shouldExposeShowModalDialog const):
Canonical link: https://commits.webkit.org/256081@main
Commit: c2764831554bdd0597fe5eefd1b7a84b07ea9b1b
https://github.com/WebKit/WebKit/commit/c2764831554bdd0597fe5eefd1b7a84b07ea9b1b
Author: Darin Adler <darin at apple.com>
Date: 2023-01-24 (Tue, 24 Jan 2023)
Changed paths:
M Source/WTF/wtf/text/StringImpl.h
M Source/WTF/wtf/text/StringView.h
Log Message:
-----------
Cherry-pick 255739 at main (a7b9e4efad0c). https://bugs.webkit.org/show_bug.cgi?id=246688
ASSERTION FAILED: !is8Bit()
https://bugs.webkit.org/show_bug.cgi?id=246688
rdar://101291623
Reviewed by Mark Lam.
* Source/WTF/wtf/text/StringImpl.h:
(WTF::StringImpl::characters16 const): Allow calling this on the empty string without asserting.
There is no problem returning the 8-bit character pointer as a 16-bit character pointer when the
length is zero; the pointer will never be dereferenced.
* Source/WTF/wtf/text/StringView.h:
(WTF::StringView::characters16 const): Ditto.
Canonical link: https://commits.webkit.org/255739@main
Commit: f7faf90291eb0a196d9a2007749ffce2c4d57369
https://github.com/WebKit/WebKit/commit/f7faf90291eb0a196d9a2007749ffce2c4d57369
Author: Alicia Boya Garcia <aboya at igalia.com>
Date: 2023-01-24 (Tue, 24 Jan 2023)
Changed paths:
M Source/WTF/wtf/MediaTime.cpp
M Tools/TestWebKitAPI/Tests/WTF/MediaTime.cpp
Log Message:
-----------
Cherry-pick 255767 at main (c020c7e213d8). https://bugs.webkit.org/show_bug.cgi?id=246746
[WTF] MediaTime: compute flags on multiplication with doubles
https://bugs.webkit.org/show_bug.cgi?id=246746
Reviewed by Yusuke Suzuki.
The current multiplication algorithm in WTF::MediaTime updates the time
value without updating the flags. This becomes a problem if the
multiplication promotes the number to infinity.
This patch fixes this problem and adds a test for it.
* Source/WTF/wtf/MediaTime.cpp:
(WTF::MediaTime::operator* const):
* Tools/TestWebKitAPI/Tests/WTF/MediaTime.cpp:
(TestWebKitAPI::TEST):
Canonical link: https://commits.webkit.org/255767@main
Commit: 991d269b4371d5ac9733f9d7fc38e42c75fb7ad1
https://github.com/WebKit/WebKit/commit/991d269b4371d5ac9733f9d7fc38e42c75fb7ad1
Author: Alejandro G. Castro <alex at igalia.com>
Date: 2023-01-24 (Tue, 24 Jan 2023)
Changed paths:
M Source/WebCore/inspector/InspectorCanvas.cpp
M Source/WebCore/inspector/InspectorCanvasCallTracer.h
Log Message:
-----------
Cherry-pick 255778 at main (6b4ed06fa609). https://bugs.webkit.org/show_bug.cgi?id=246753
WebGL compilation disabling WebGL 2 is broken
https://bugs.webkit.org/show_bug.cgi?id=246753
Reviewed by Kenneth Russell.
WebGLVertexArrayObject is part of the WebGL 2 API but there are some
places in the code where it was added under the WEBGL ifdef instead of WEBGL2.
* Source/WebCore/inspector/InspectorCanvas.cpp:
* Source/WebCore/inspector/InspectorCanvasCallTracer.h:
Canonical link: https://commits.webkit.org/255778@main
Commit: 77fea22f4f22c794773f741e7f63add927ce133c
https://github.com/WebKit/WebKit/commit/77fea22f4f22c794773f741e7f63add927ce133c
Author: Fujii Hironori <Hironori.Fujii at sony.com>
Date: 2023-01-24 (Tue, 24 Jan 2023)
Changed paths:
M LayoutTests/platform/gtk/transforms/2d/zoom-menulist-expected.png
M LayoutTests/platform/gtk/transforms/2d/zoom-menulist-expected.txt
M Source/WebCore/platform/adwaita/ThemeAdwaita.cpp
M Source/WebCore/platform/adwaita/ThemeAdwaita.h
M Source/WebCore/rendering/RenderThemeAdwaita.cpp
Log Message:
-----------
Cherry-pick 255820 at main (fbcbce2f5153). https://bugs.webkit.org/show_bug.cgi?id=246679
ThemeAdwaita: checkbox, radio and inner spin button don't scale along by page zoom
https://bugs.webkit.org/show_bug.cgi?id=246679
Reviewed by Carlos Garcia Campos.
ThemeAdwaita should scale controls based on a given zoom factor. Scale
buttons for input elements with type=number, type=checkbox, type=radio
and datalist, and select elements.
ThemeAdwaita::paintArrow painted a 16x16 arrow at (0, 0) position.
Change it to take a rect and paint an arrow at the center of the rect,
fitting to the smaller edge.
* Source/WebCore/platform/adwaita/ThemeAdwaita.cpp:
(WebCore::ThemeAdwaita::paintArrow):
(WebCore::ThemeAdwaita::controlSize const):
(WebCore::ThemeAdwaita::paintSpinButton):
* Source/WebCore/platform/adwaita/ThemeAdwaita.h:
* Source/WebCore/rendering/RenderThemeAdwaita.cpp:
(WebCore::RenderThemeAdwaita::paintTextField):
(WebCore::RenderThemeAdwaita::popupInternalPaddingBox const):
(WebCore::RenderThemeAdwaita::paintMenuList):
* LayoutTests/platform/gtk/transforms/2d/zoom-menulist-expected.png:
* LayoutTests/platform/gtk/transforms/2d/zoom-menulist-expected.txt:
Canonical link: https://commits.webkit.org/255820@main
Commit: 9bf91b552df7e799cb8b51d649f2509820cbe2f2
https://github.com/WebKit/WebKit/commit/9bf91b552df7e799cb8b51d649f2509820cbe2f2
Author: Arie Geiger <arsgeiger at gmail.com>
Date: 2023-01-24 (Tue, 24 Jan 2023)
Changed paths:
M Source/cmake/FindGI.cmake
Log Message:
-----------
Cherry-pick 255887 at main (a5345caf3944). https://bugs.webkit.org/show_bug.cgi?id=246907
[GTK] Fix GIR build failure when cross compiling
https://bugs.webkit.org/show_bug.cgi?id=246907
Reviewed by Michael Catanzaro.
* Source/cmake/FindGI.cmake
Canonical link: https://commits.webkit.org/255887@main
Commit: 194225d79c6c2fd938af1f60f67bf46f9c7a87fc
https://github.com/WebKit/WebKit/commit/194225d79c6c2fd938af1f60f67bf46f9c7a87fc
Author: Przemyslaw Gorszkowski <pgorszkowski at igalia.com>
Date: 2023-01-24 (Tue, 24 Jan 2023)
Changed paths:
M Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp
M Source/WebKit/UIProcess/ProvisionalPageProxy.cpp
Log Message:
-----------
Cherry-pick 255908 at main (238827ce8406). https://bugs.webkit.org/show_bug.cgi?id=246935
Add missing undef MESSAGE_CHECK for cpp file
https://bugs.webkit.org/show_bug.cgi?id=246935
Reviewed by Žan Doberšek.
Add missing #undef MESSAGE_CHECK at the end of the cpp file
solves the problem with errors in unified builds on mac machines.
* Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp:
* Source/WebKit/UIProcess/ProvisionalPageProxy.cpp:
Canonical link: https://commits.webkit.org/255908@main
Commit: c99e2b44631f61ed3b14278140742aa1befbce48
https://github.com/WebKit/WebKit/commit/c99e2b44631f61ed3b14278140742aa1befbce48
Author: Wenson Hsieh <wenson_hsieh at apple.com>
Date: 2023-01-24 (Tue, 24 Jan 2023)
Changed paths:
A LayoutTests/editing/resources/selection-scrolling-in-multiple-nested-subframes-iframe.html
A LayoutTests/editing/selection/selection-scrolling-in-multiple-nested-subframes-expected.txt
A LayoutTests/editing/selection/selection-scrolling-in-multiple-nested-subframes.html
M Source/WebCore/page/FrameView.cpp
Log Message:
-----------
Cherry-pick 255998 at main (dd872d60f501). https://bugs.webkit.org/show_bug.cgi?id=246978
Release assert while scrolling subframes under reentrant calls to updateAppearanceAfterLayout()
https://bugs.webkit.org/show_bug.cgi?id=246978
rdar://97896551
Reviewed by Simon Fraser.
It's currently possible to induce a release assertion when attempting to update layout underneath
`RenderWidget::updateWidgetPosition()`, by revealing the selection inside of a nested subframe that
contains viewport-constrained elements. The new test case below contains the steps required to set
up this assertion:
- Load a page that contains a subframe (`s_0`), which in turn contains two or more child frames
(`s_1`, `s_2`). `s_1` and `s_2` contain editable content, and `s_0` contains a fixed-position
element.
- Focus each of `s_1` and `s_2`, and use the keyboard to change the selection. This causes both
frames' `FrameSelection`s to be in a state where `m_selectionRevealMode` is set to `Reveal`.
- Scroll `s_0` down to the bottom (see (3) below for more information), and then click the button
to trigger an event handler that runs the rest of the test.
1. On click, in `s_1` and `s_2`, we clear the contents of the body, which schedules selection
revealing as post-layout tasks.
2. Next, we force a sync layout update by invoking `document.body.offsetHeight;` in the main frame,
which triggers all the following events in the test.
3. As a post-layout task, since `s_0` contains a fixed-position element, we invoke
`FrameView::updateWidgetPositions()`, which triggers a subsequent layout in each of the
subframes.
4. In this nested layout pass, we then fire off the additional post-layout tasks scheduled by `s_1`
and `s_2`, which both attempt to reveal the selection synchronously, one after another.
5. The selection scrolling causes us to establish a `ScriptDisallowedScope` inside of
`FrameView::scrollRectToVisibleInChildView`, while attempting scrolling the child frame `s_1` to
reveal the selection.
6. This nested `RenderWidget::updateWidgetPosition()` triggers another nested layout pass. Note
that this, in theory, already reveals the bug — though in practice, we don't crash yet because
`s_1`'s layout is already up to date. After layout, we fire off the other queued post-layout
task to reveal the selection, this time for `s_2`.
7. We then attempt to reveal the selection again, this time for `s_2`. However, due to the fact
that this is now all happening inside a `ScriptDisallowedScope` established in (5), we now
crash.
To fix this, we take advantage of some of the prior work done in `commits.webkit.org/250836 at main` to
remove a synchronous post-layout call to `updateAppearanceAfterLayout()` in the case where the
selection is not focused and active. Since we now update the selection appearance in the next
rendering update anyways, this simply defers work that would've otherwise been done as a post-layout
task to the next rendering update instead. Note that we still update eagerly here in the case where
the selection is active, since accessibility notifications still rely on the fact that intermediate
AX notifications are dispatched for selection changes that happen during text editing (see:
accessibility/mac/selection-value-changes-for-aria-textbox.html).
In the future, we could probably queue the accessibility notifications above as well, and eliminate
the post-layout selection appearance update altogether.
Test: editing/selection/selection-scrolling-in-multiple-nested-subframes.html
* LayoutTests/editing/resources/selection-scrolling-in-multiple-nested-subframes-iframe.html: Added.
* LayoutTests/editing/selection/selection-scrolling-in-multiple-nested-subframes-expected.txt: Added.
* LayoutTests/editing/selection/selection-scrolling-in-multiple-nested-subframes.html: Added.
* Source/WebCore/page/FrameView.cpp:
(WebCore::FrameView::performPostLayoutTasks):
Canonical link: https://commits.webkit.org/255998@main
Commit: 9f0df5cff717690374b8f94dc0190c68444958a3
https://github.com/WebKit/WebKit/commit/9f0df5cff717690374b8f94dc0190c68444958a3
Author: Alan Coon <alancoon at apple.com>
Date: 2023-01-24 (Tue, 24 Jan 2023)
Changed paths:
M Source/WebCore/rendering/RenderImage.cpp
Log Message:
-----------
Cherry-pick 252432.595 at safari-7614-branch (60a99963fd45). https://bugs.webkit.org/show_bug.cgi?id=246712
Crash in RenderImage::paintReplaced
https://bugs.webkit.org/show_bug.cgi?id=246712
rdar://101205947
Reviewed by David Kilzer and Myles Maxfield.
* Source/WebCore/rendering/RenderImage.cpp:
(WebCore::RenderImage::paintReplaced):
Canonical link: https://commits.webkit.org/252432.595@safari-7614-branch
Commit: b8f565c7a7c7dbd150c578f147d2134aacfe1316
https://github.com/WebKit/WebKit/commit/b8f565c7a7c7dbd150c578f147d2134aacfe1316
Author: Youenn Fablet <youennf at gmail.com>
Date: 2023-01-24 (Tue, 24 Jan 2023)
Changed paths:
M Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServer.cpp
Log Message:
-----------
Cherry-pick 255968 at main (62dfaac6890c). https://bugs.webkit.org/show_bug.cgi?id=246999
Creating a shared worker connection should retry without providing a specific webprocess
https://bugs.webkit.org/show_bug.cgi?id=246999
rdar://101506812
Reviewed by Chris Dumez.
We were trying to create a context connection of a shared worker by always sending a particular target process.
If this process is terminated for instance, the network process will think that the connection should be there.
But no context connection is there, so it retries to create a context connection, with the same target process.
This triggers a loop.
To break the loop, we try using the first target process on the first try but not on successive tries.
UIProcess, on second try, will then try some other processes, typically by creating a new process.
* Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServer.cpp:
(WebKit::WebSharedWorkerServer::createContextConnection):
Canonical link: https://commits.webkit.org/255968@main
Compare: https://github.com/WebKit/WebKit/compare/9a224f3ed860...b8f565c7a7c7
More information about the webkit-changes
mailing list