[webkit-changes] [WebKit/WebKit] bcd671: Cherry-pick 276012 at main (910ab18a82d4). https://bu...
Justin Michaud
noreply at github.com
Fri Mar 15 12:20:03 PDT 2024
Branch: refs/heads/webkitglib/2.44
Home: https://github.com/WebKit/WebKit
Commit: bcd671bfcbcd9ca829dedeb66a3ffc67222103be
https://github.com/WebKit/WebKit/commit/bcd671bfcbcd9ca829dedeb66a3ffc67222103be
Author: Michael Catanzaro <mcatanzaro at redhat.com>
Date: 2024-03-15 (Fri, 15 Mar 2024)
Changed paths:
M Source/WebKit/PlatformGTK.cmake
M Source/WebKit/PlatformWPE.cmake
M Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp
M Source/WebKit/UIProcess/API/glib/WebKitWebView.h.in
Log Message:
-----------
Cherry-pick 276012 at main (910ab18a82d4). https://bugs.webkit.org/show_bug.cgi?id=269377
[WPE][GTK] Warning: WebKit2: Couldn't find 'run_async_javascript_function_in_world_finish' for the corresponding async function: 'run_async_javascript_function_in_world'
https://bugs.webkit.org/show_bug.cgi?id=269377
Reviewed by Adrian Perez de Castro.
We need to use the new finish-func annotation so that language bindings
can figure out how to complete the async call, due to our nonstandard
naming for the finish function. It seems trying to reuse the same finish
function for multiple async calls was not such a good idea.
Unfortunately, with older gobject-introspection, we cannot use this
new annotation or the build will fail due to the unrecognized
annotation. So we will need to conditionalize the entire doc comment.
Finally, I've also fixed the nullability of the world_name parameter,
which was broken due to a missing colon.
* Source/WebKit/PlatformGTK.cmake:
* Source/WebKit/PlatformWPE.cmake:
* Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:
* Source/WebKit/UIProcess/API/glib/WebKitWebView.h.in:
Canonical link: https://commits.webkit.org/276012@main
Canonical link: https://commits.webkit.org/274313.87@webkitglib/2.44
Commit: 629d941b3ee1bfad0d8aa15283d6d1ab7092aa58
https://github.com/WebKit/WebKit/commit/629d941b3ee1bfad0d8aa15283d6d1ab7092aa58
Author: Adrian Perez de Castro <aperez at igalia.com>
Date: 2024-03-15 (Fri, 15 Mar 2024)
Changed paths:
M Source/WebKit/PlatformGTK.cmake
Log Message:
-----------
Cherry-pick 276019 at main (3a1c08120188). https://bugs.webkit.org/show_bug.cgi?id=269377
REGRESSION(276012 at main): CMake fails with GObject-Introspection disabled
https://bugs.webkit.org/show_bug.cgi?id=269377
Reviewed by Michael Catanzaro and Philippe Normand.
* Source/WebKit/PlatformGTK.cmake: Quote the expansion of ${GI_VERSION}
to ensure VERSION_GREATER_EQUAL has at least an empty string as value
to compare against; otherwise when the variable is undefined there was
no left-hand side of the comparison, which resulted in CMake erroring
due to wrong syntax.
Canonical link: https://commits.webkit.org/276019@main
Canonical link: https://commits.webkit.org/274313.88@webkitglib/2.44
Commit: b67becf51ef32112a6a5ad03f36f943253dfbebe
https://github.com/WebKit/WebKit/commit/b67becf51ef32112a6a5ad03f36f943253dfbebe
Author: Fujii Hironori <Hironori.Fujii at sony.com>
Date: 2024-03-15 (Fri, 15 Mar 2024)
Changed paths:
M Source/WebKit/Scripts/generate-serializers.py
Log Message:
-----------
Cherry-pick 275934 at main (ca6b301ae49e). https://bugs.webkit.org/show_bug.cgi?id=270770
[Clang] GeneratedSerializers.cpp(3716,11): error: offset of on non-standard-layout type 'WebKit::AudioTrackPrivateRemoteConfiguration' [-Werror,-Winvalid-offsetof]
https://bugs.webkit.org/show_bug.cgi?id=270770
Reviewed by Alex Christensen.
Clang 18.1.1 reports a warning for GeneratedSerializers.cpp:
> DerivedSources\GeneratedSerializers.cpp(3716,11): error: offset of on non-standard-layout type 'WebKit::AudioTrackPrivateRemoteConfiguration' [-Werror,-Winvalid-offsetof]
> 3716 | , offsetof(WebKit::AudioTrackPrivateRemoteConfiguration, enabled)
> | ^ ~~~~~~~
generate-serializers.py already suppresses the warning for GCC.
* Source/WebKit/Scripts/generate-serializers.py:
Ignore `invalid-offsetof` warning both for GCC and Clang.
Canonical link: https://commits.webkit.org/275934@main
Canonical link: https://commits.webkit.org/274313.89@webkitglib/2.44
Commit: 76f4db11d9982ef76ec8758fd6c62c3d5f146379
https://github.com/WebKit/WebKit/commit/76f4db11d9982ef76ec8758fd6c62c3d5f146379
Author: Fujii Hironori <Hironori.Fujii at sony.com>
Date: 2024-03-15 (Fri, 15 Mar 2024)
Changed paths:
M Source/JavaScriptCore/runtime/DatePrototype.cpp
Log Message:
-----------
Cherry-pick 275926 at main (65fd9be34cc1). https://bugs.webkit.org/show_bug.cgi?id=270769
[JSC][Clang] DatePrototype.cpp(337,29): error: 'snprintf' will always be truncated; specified size is 28, but format string expands to at least 29 [-Werror,-Wformat-truncation]
https://bugs.webkit.org/show_bug.cgi?id=270769
Reviewed by Don Olmstead.
Clang 18 reports a false warning:
> JavaScriptCore/runtime/DatePrototype.cpp(337,29): error: 'snprintf' will always be truncated; specified size is 28, but format string expands to at least 29 [-Werror,-Wformat-truncation]
This problem is tracked by <https://github.com/llvm/llvm-project/issues/71320>.
* Source/JavaScriptCore/runtime/DatePrototype.cpp:
Ignore the warning for Clang.
Canonical link: https://commits.webkit.org/275926@main
Canonical link: https://commits.webkit.org/274313.90@webkitglib/2.44
Commit: 8a13624c27b86a4c10ecc50f988991a0ffcaca80
https://github.com/WebKit/WebKit/commit/8a13624c27b86a4c10ecc50f988991a0ffcaca80
Author: Ryosuke Niwa <rniwa at webkit.org>
Date: 2024-03-15 (Fri, 15 Mar 2024)
Changed paths:
M Source/WebCore/dom/ActiveDOMObject.cpp
M Source/WebCore/dom/ActiveDOMObject.h
M Source/WebCore/html/HTMLCanvasElement.cpp
M Source/WebCore/html/HTMLImageElement.cpp
M Source/WebCore/html/HTMLMarqueeElement.cpp
M Source/WebCore/html/HTMLMarqueeElement.h
M Source/WebCore/html/HTMLMediaElement.cpp
M Source/WebCore/html/HTMLSourceElement.cpp
M Source/WebCore/html/HTMLSourceElement.h
M Source/WebCore/html/HTMLTrackElement.cpp
M Source/WebCore/html/HTMLTrackElement.h
M Source/WebCore/html/track/TextTrack.cpp
M Source/WebCore/html/track/TextTrack.h
M Source/WebCore/html/track/TextTrackCue.cpp
M Source/WebCore/html/track/TextTrackCue.h
M Source/WebCore/html/track/TextTrackCueList.cpp
M Source/WebCore/html/track/TextTrackCueList.h
M Source/WebCore/html/track/TrackBase.cpp
M Source/WebCore/html/track/TrackBase.h
M Source/WebCore/html/track/TrackListBase.cpp
M Source/WebCore/html/track/TrackListBase.h
Log Message:
-----------
Cherry-pick 272448.471 at safari-7618-branch (f2f5469a4376). https://bugs.webkit.org/show_bug.cgi?id=268494
[ Monterey+ wk2 Release ] media/track/media-element-enqueue-event-crash.html is a flaky crash
https://bugs.webkit.org/show_bug.cgi?id=268494
Reviewed by Chris Dumez.
This PR introduces ActiveDOMObject::didMoveToNewDocument, which migrates ActiveDOMObject from
one document to another, and deploys it in every ActiveDOMObject owned by Node subclasses such
as HTMLImageElement and TextTrackCue.
* Source/WebCore/dom/ActiveDOMObject.cpp:
(WebCore::ActiveDOMObject::didMoveToNewDocument):
* Source/WebCore/dom/ActiveDOMObject.h:
* Source/WebCore/html/HTMLCanvasElement.cpp:
(WebCore::HTMLCanvasElement::didMoveToNewDocument):
* Source/WebCore/html/HTMLImageElement.cpp:
(WebCore::HTMLImageElement::didMoveToNewDocument):
* Source/WebCore/html/HTMLMarqueeElement.cpp:
(WebCore::HTMLMarqueeElement::HTMLMarqueeElement):
(WebCore::HTMLMarqueeElement::didMoveToNewDocument):
* Source/WebCore/html/HTMLMarqueeElement.h:
* Source/WebCore/html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::didMoveToNewDocument):
(WebCore::HTMLMediaElement::ensureMediaControls): Fixed a bug whereby which this code tries
to initialize CSSFontSelector object, which is an active DOM object, in the middle of
Document trying to stop itself.
(WebCore::HTMLMediaElement::isSuspended const): Added a debug assertion that the script
execution context associated with Node superclass and ActiveDOMObject superclass match.
* Source/WebCore/html/HTMLSourceElement.cpp:
(WebCore::HTMLSourceElement::HTMLSourceElement):
(WebCore::HTMLSourceElement::didMoveToNewDocument):
* Source/WebCore/html/HTMLSourceElement.h:
* Source/WebCore/html/HTMLTrackElement.cpp:
(WebCore::HTMLTrackElement::HTMLTrackElement):
(WebCore::HTMLTrackElement::didMoveToNewDocument):
* Source/WebCore/html/HTMLTrackElement.h:
* Source/WebCore/html/track/TextTrack.cpp:
(WebCore::TextTrack::protectedCues const):
(WebCore::TextTrack::didMoveToNewDocument):
* Source/WebCore/html/track/TextTrack.h:
* Source/WebCore/html/track/TextTrackCue.cpp:
(WebCore::TextTrackCue::didMoveToNewDocument):
* Source/WebCore/html/track/TextTrackCue.h:
* Source/WebCore/html/track/TextTrackCueList.cpp:
(WebCore::TextTrackCueList::didMoveToNewDocument):
* Source/WebCore/html/track/TextTrackCueList.h:
* Source/WebCore/html/track/TrackBase.cpp:
(WebCore::TrackBase::didMoveToNewDocument):
* Source/WebCore/html/track/TrackBase.h:
* Source/WebCore/html/track/TrackListBase.cpp:
(WebCore::TrackListBase::didMoveToNewDocument):
* Source/WebCore/html/track/TrackListBase.h:
Canonical link: https://commits.webkit.org/272448.471@safari-7618-branch
Canonical link: https://commits.webkit.org/274313.91@webkitglib/2.44
Commit: 7d9536886116bc2db98bd74875151238a4005c77
https://github.com/WebKit/WebKit/commit/7d9536886116bc2db98bd74875151238a4005c77
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2024-03-15 (Fri, 15 Mar 2024)
Changed paths:
M Source/WebCore/bindings/js/SerializedScriptValue.cpp
M Source/WebCore/bindings/js/SerializedScriptValue.h
Log Message:
-----------
Cherry-pick c3c2a42ade13. https://bugs.webkit.org/show_bug.cgi?id=266806
Safari's IndexedDB data may not be deserialized correctly after system upgrades
https://bugs.webkit.org/show_bug.cgi?id=266806
rdar://120031024
Reviewed by NOBODY (OOPS!).
To fix rdar://119834827, we introduce version 12.1 to SerializeScriptValue, which changed the terminator of the indexed
property section in array compared to version 12. To make sure deserializer knows to deserialize version 12.1, we encode
the minor version in the highest 8 bits of version number. We keep the lowest 24 bit as major version number for
backward compatibility (the previously stored 32-bit major version number can be intepreted as major version with minor
version 0).
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::majorVersionFor):
(WebCore::minorVersionFor):
(WebCore::makeVersion):
(WebCore::currentVersion):
(WebCore::CloneSerializer::serialize):
(WebCore::CloneSerializer::CloneSerializer):
(WebCore::CloneDeserializer::deserializeString):
(WebCore::CloneDeserializer::deserialize):
(WebCore::CloneDeserializer::isValid const):
(WebCore::CloneDeserializer::shouldRetryWithVersionUpgrade):
(WebCore::CloneDeserializer::upgradeVersion):
(WebCore::CloneDeserializer::read):
(WebCore::CloneDeserializer::readFile):
(WebCore::CloneDeserializer::readArrayBuffer):
(WebCore::CloneDeserializer::readArrayBufferView):
(WebCore::CloneDeserializer::readImageBitmap):
(WebCore::CloneDeserializer::readTerminal):
(WebCore::CloneDeserializer::version const): Deleted.
(WebCore::SerializedScriptValue::wireFormatVersion): Deleted.
* Source/WebCore/bindings/js/SerializedScriptValue.h:
Canonical link: https://commits.webkit.org/267815.665@safari-7617.2.4.10-branch
Identifier: 270272.2255 at safari-7618-branch
Canonical link: https://commits.webkit.org/274313.92@webkitglib/2.44
Commit: 6789d169e841c6c69cf4fc778fd139a3a2b1ac10
https://github.com/WebKit/WebKit/commit/6789d169e841c6c69cf4fc778fd139a3a2b1ac10
Author: Justin Michaud <justin_michaud at apple.com>
Date: 2024-03-15 (Fri, 15 Mar 2024)
Changed paths:
A JSTests/wasm/stress/repro_1289.js
A JSTests/wasm/stress/repro_1289.wasm
A JSTests/wasm/stress/repro_1289.wat
M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
M Source/JavaScriptCore/wasm/WasmBBQJIT.h
M Source/JavaScriptCore/wasm/WasmCallee.h
M Source/JavaScriptCore/wasm/WasmInstance.h
M Source/JavaScriptCore/wasm/WasmOperations.cpp
M Source/JavaScriptCore/wasm/WasmOperations.h
M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp
M Source/JavaScriptCore/wasm/WasmThunks.cpp
M Source/JavaScriptCore/wasm/WasmThunks.h
Log Message:
-----------
Cherry-pick 272448.466 at safari-7618-branch (a08ba6e8c208). https://bugs.webkit.org/show_bug.cgi?id=268424
BBQJIT OSR Entry throws stack overflow from invalid frame
https://bugs.webkit.org/show_bug.cgi?id=268424
rdar://121251778
Reviewed by Yusuke Suzuki.
In this test case, we end up in a situation where the current LLInt frame is
above the soft stack limit. We then loop osr entry into BBQ, where we
perform a stack check and fail, but before we finish writing the OSR
entry buffer into our stack frame. The stack unwinder sees the BBQ callee
and we jump to that, but the frame is uninitialized.
The fix is two fold; we first make BBQ crash in this case to avoid a
security issue. We do the same for OMG, just in case this bug is
exploitable there too.
Second, we do a stack check before performing OSR entry, and fail early.
* JSTests/wasm/stress/repro_1289.js: Added.
(debuggingHelper):
(instantiateJsc):
(async let):
* JSTests/wasm/stress/repro_1289.wasm: Added.
* JSTests/wasm/stress/repro_1289.wat: Added.
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJIT::stackCheckSize const):
(JSC::Wasm::BBQJIT::addLoopOSREntrypoint):
(JSC::Wasm::parseAndCompileBBQ):
* Source/JavaScriptCore/wasm/WasmCallee.h:
* Source/JavaScriptCore/wasm/WasmInstance.h:
(JSC::Wasm::Instance::softStackLimit const):
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/wasm/WasmOperations.h:
* Source/JavaScriptCore/wasm/WasmSlowPaths.cpp:
(JSC::LLInt::WASM_SLOW_PATH_DECL):
* Source/JavaScriptCore/wasm/WasmThunks.cpp:
(JSC::Wasm::crashDueToBBQStackOverflow):
* Source/JavaScriptCore/wasm/WasmThunks.h:
Canonical link: https://commits.webkit.org/272448.466@safari-7618-branch
Canonical link: https://commits.webkit.org/274313.93@webkitglib/2.44
Compare: https://github.com/WebKit/WebKit/compare/3cf2b08d49dd...6789d169e841
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list