[webkit-changes] [WebKit/WebKit] edcf18: CloneDeserializer should always purifyNaN all doub...

youennf noreply at github.com
Thu Nov 2 18:41:32 PDT 2023


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: edcf18996504f11f319fb74aa22eb29fb5a70535
      https://github.com/WebKit/WebKit/commit/edcf18996504f11f319fb74aa22eb29fb5a70535
  Author: Mark Lam <mark.lam at apple.com>
  Date:   2023-11-02 (Thu, 02 Nov 2023)

  Changed paths:
    M Source/WebCore/bindings/js/SerializedScriptValue.cpp

  Log Message:
  -----------
  CloneDeserializer should always purifyNaN all double values it reads.
https://bugs.webkit.org/show_bug.cgi?id=261801
rdar://115756664

Reviewed by Yusuke Suzuki.

CloneDeserializer::read() will now invoke purifyNaN() on any double values that it reads.
As a result, we can remove the 2 purifyNaN calls in its client that are now redundant.

* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::read):
(WebCore::CloneDeserializer::readTerminal):

Originally-landed-as: 265870.574 at safari-7616-branch (58238f2ad1a0). rdar://117810713
Canonical link: https://commits.webkit.org/270153@main


  Commit: 25b7b0fab317d2f14d4cdea4320def22b6734cf8
      https://github.com/WebKit/WebKit/commit/25b7b0fab317d2f14d4cdea4320def22b6734cf8
  Author: Youenn Fablet <youennf at gmail.com>
  Date:   2023-11-02 (Thu, 02 Nov 2023)

  Changed paths:
    M Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/test/resize_test.cc
    M Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp9/common/vp9_alloccommon.c
    M Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp9/encoder/vp9_encoder.c

  Log Message:
  -----------
  VP9 additional changes related to CVE-2023-5217
rdar://116293231

Reviewed by Jean-Yves Avenard.

Cherry-picking patches that do hardening of VP9 encoder reconfiguration:
- 02ab555e992c191e5c509ed87b3cc48ed915b447
- 263682c9a29395055f3b3afe2d97be1828a6223f

I had to update CHECK_MEM_ERROR call site since we need to pass cm currently, while they do pass cm->error upstream.

While we do not think we are exercising this code path of reconfiguring while encoding,
it is future proof and low risk to cherry-pick these changes.

* Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/test/resize_test.cc:
* Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp9/common/vp9_alloccommon.c:
(free_seg_map):
(vp9_free_context_buffers):
(vp9_alloc_context_buffers):
* Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp9/encoder/vp9_encoder.c:
(free_copy_partition_data):
(vp9_change_config):

Originally-landed-as: 267815.170 at safari-7617-branch (505f26eea3a5). rdar://117811019
Canonical link: https://commits.webkit.org/270154@main


Compare: https://github.com/WebKit/WebKit/compare/fbed4417590f...25b7b0fab317


More information about the webkit-changes mailing list