[webkit-changes] [WebKit/WebKit] ca8ecf: Versioning.
Russell Epstein
noreply at github.com
Wed Oct 25 13:53:23 PDT 2023
Branch: refs/heads/safari-7615.1.26.100-branch
Home: https://github.com/WebKit/WebKit
Commit: ca8ecf6caa268fdd50c575623e9a3f9d2a904eb1
https://github.com/WebKit/WebKit/commit/ca8ecf6caa268fdd50c575623e9a3f9d2a904eb1
Author: Russell Epstein <repstein at apple.com>
Date: 2023-04-10 (Mon, 10 Apr 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7615.1.26.100.1
Canonical link: https://commits.webkit.org/259548.391@safari-7615.1.26.100-branch
Commit: e8bbb1979f3e6eb1026f8b722ec2fcd325f39bb8
https://github.com/WebKit/WebKit/commit/e8bbb1979f3e6eb1026f8b722ec2fcd325f39bb8
Author: Antoine Quint <graouts at webkit.org>
Date: 2023-04-10 (Mon, 10 Apr 2023)
Changed paths:
M Source/WebCore/animation/WebAnimation.cpp
Log Message:
-----------
Cherry-pick 1d6fe184ea53. rdar://problem/107856564
Potential use-after-free in WebAnimation::commitStyles
https://bugs.webkit.org/show_bug.cgi?id=254840
rdar://107444873
Reviewed by Dean Jackson and Darin Adler.
Ensure that the animation's effect and target are kept alive for the duration of this method
since it is possible that calling updateStyleIfNeeded() could call into JavaScript and thus
these two pointers could be changed to a null value using the Web Animations API.
* Source/WebCore/animation/WebAnimation.cpp:
(WebCore::WebAnimation::commitStyles):
Canonical link: https://commits.webkit.org/259548.532@safari-7615-branch
Canonical link: https://commits.webkit.org/259548.392@safari-7615.1.26.100-branch
Commit: 4eb9ee50a616bfb5da8b7932fd1778627354b3b2
https://github.com/WebKit/WebKit/commit/4eb9ee50a616bfb5da8b7932fd1778627354b3b2
Author: Michael Saboff <msaboff at apple.com>
Date: 2023-04-10 (Mon, 10 Apr 2023)
Changed paths:
A JSTests/stress/string-replace-regexp-matchBOL-correct-advancing.js
M Source/JavaScriptCore/runtime/StringPrototype.cpp
M Source/JavaScriptCore/yarr/YarrInterpreter.cpp
Log Message:
-----------
Cherry-pick e34edaa74575. rdar://problem/107856432
[JSC] RegExpGlobalData::performMatch issue leading to OOB read
https://bugs.webkit.org/show_bug.cgi?id=254930
rdar://107436732
Reviewed by Alexey Shvayka.
Fixed two issues:
1) In YarrInterpreter.cpp::matchAssertionBOL() we were advancing the string position for non-BMP
characters. Since it is an assertion, we shouldn't advance the character position.
Made the same fix to matchAssertionEOL().
2) In StringPrototype.cpp::replaceUsingRegExpSearch(), we need to advance past both elements of
a non-BMP character for the case where the RegExp match is empty.
* JSTests/stress/string-replace-regexp-matchBOL-correct-advancing.js: New test.
* Source/JavaScriptCore/runtime/StringPrototype.cpp:
(JSC::replaceUsingRegExpSearch):
* Source/JavaScriptCore/yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::InputStream::readCheckedDontAdvance):
(JSC::Yarr::Interpreter::matchAssertionBOL):
(JSC::Yarr::Interpreter::matchAssertionEOL):
Canonical link: https://commits.webkit.org/259548.551@safari-7615-branch
Canonical link: https://commits.webkit.org/259548.393@safari-7615.1.26.100-branch
Commit: 0b4da5022ccb64dee6861ecf7d694efb93f341c7
https://github.com/WebKit/WebKit/commit/0b4da5022ccb64dee6861ecf7d694efb93f341c7
Author: Russell Epstein <repstein at apple.com>
Date: 2023-04-28 (Fri, 28 Apr 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning
WebKit-7615.1.26.100.2
Canonical link: https://commits.webkit.org/259548.394@safari-7615.1.26.100-branch
Compare: https://github.com/WebKit/WebKit/compare/ca8ecf6caa26%5E...0b4da5022ccb
More information about the webkit-changes
mailing list