[webkit-changes] [WebKit/WebKit] aa9025: Cherry-pick e633a9de382d. rdar://113298905

Jonathan Bedard noreply at github.com
Tue May 14 16:13:26 PDT 2024 

  Branch: refs/heads/safari-7617.1.6-branch
  Home:   https://github.com/WebKit/WebKit
  Commit: aa902502a97f9ed8895ca52a03ed5a86f4e19cc0
      https://github.com/WebKit/WebKit/commit/aa902502a97f9ed8895ca52a03ed5a86f4e19cc0
  Author: Myles C. Maxfield <mmaxfield at apple.com>
  Date:   2023-08-28 (Mon, 28 Aug 2023)

  Changed paths:
    A LayoutTests/http/tests/images/repaint-garbled-expected.html
    A LayoutTests/http/tests/images/repaint-garbled.html
    A LayoutTests/http/tests/images/resources/green-313x313.jxl
    M Source/WebCore/platform/graphics/cg/ImageBackingStoreCG.cpp

  Log Message:
  -----------
  Cherry-pick e633a9de382d. rdar://113298905

    [macOS Downlevels] AVIF and JPEG XL images can get corrupted
    https://bugs.webkit.org/show_bug.cgi?id=259698
    <rdar://problem/113007909>

    Reviewed by Said Abou-Hallawa.

    When we create a `NativeImage`, we call `ImageSource::frameAtIndexCacheIfNeeded()` with
    a caching mode of `MetadataAndImage`. This does 2 things:
    1. `auto platformImage = m_decoder->createFrameImageAtIndex(index, subsamplingLevelValue, decodingOptions);`
    2. `cachePlatformImageAtIndex(WTFMove(platformImage), index, subsamplingLevelValue, DecodingOptions(DecodingMode::Synchronous));`
    ImageSource owns its own cache of `Vector<ImageFrame, 1> m_frames;` whereas
    `ScalableImageDecoder` owns its own
    `Vector<ScalableImageDecoderFrame, 1> m_frameBufferCache`. Therefore, the output of
    `createFrameImageAtIndex()` may be expected to outlive the `ImageDecoder` it came from.
    However, `createFrameImageAtIndex()` indirectly calls into `ImageBackingStore::image()`
    which creates the `CGImage` with a `CGDataProvider` that points into the
    `ImageBackingStore`, which is owned by the `m_frameBufferCache` which is owned by the
    `ScalableImageDecoder`. So, when the `ImageSource` destroys its `ImageDecoder`, it blows
    away the contents of the `CGImage`s being cached, but the images themselves live on
    inside the `ImageSource` itself. That leads to this kind of corruption.

    The solution is to make the `CGImage` retain its backing data.

    * LayoutTests/http/tests/images/repaint-garbled-expected.html: Added.
    * LayoutTests/http/tests/images/repaint-garbled.html: Added.
    * LayoutTests/http/tests/images/resources/green-313x313.jxl: Added.
    * Source/WebCore/platform/graphics/cg/ImageBackingStoreCG.cpp:
    (WebCore::ImageBackingStore::image const):

    Canonical link: https://commits.webkit.org/265870.229@safari-7616-branch

Identifier: 267312.1 at safari-7617.1.6-branch


  Commit: 3047163aca7b381ebe8694a7b64ec9930ccccf77
      https://github.com/WebKit/WebKit/commit/3047163aca7b381ebe8694a7b64ec9930ccccf77
  Author: Timothy Hatcher <timothy at apple.com>
  Date:   2023-08-29 (Tue, 29 Aug 2023)

  Changed paths:
    M Source/WebKit/UIProcess/API/Cocoa/_WKWebExtensionMatchPattern.h
    M Source/WebKit/UIProcess/API/Cocoa/_WKWebExtensionMatchPattern.mm

  Log Message:
  -----------
  Cherry-pick 4bd7a7653518. rdar://114581149

    REGRESSION(267111 at main): Safari crash when tapping “allow for one day” Terminating app due to uncaught exception.
    https://webkit.org/b/260828
    rdar://114581149

    Reviewed by Chris Dumez.

    The matchesURL: and matchesURL:options: methods should take nil for the URL and always return NO.
    This was happening by accident before. Also mark the match methods as taking nullable URLs and patterns.

    * Source/WebKit/UIProcess/API/Cocoa/_WKWebExtensionMatchPattern.h:
    * Source/WebKit/UIProcess/API/Cocoa/_WKWebExtensionMatchPattern.mm:
    (-[_WKWebExtensionMatchPattern matchesURL:options:]): Return early if the URL is nil.

    Canonical link: https://commits.webkit.org/267373@main

Identifier: 266246.1068 at safari-7617.1.6-branch


  Commit: 49d771c59bb19c90059bc7b2ad034041f430ca9d
      https://github.com/WebKit/WebKit/commit/49d771c59bb19c90059bc7b2ad034041f430ca9d
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2023-08-29 (Tue, 29 Aug 2023)

  Changed paths:
    R LayoutTests/http/tests/images/repaint-garbled-expected.html
    R LayoutTests/http/tests/images/repaint-garbled.html
    R LayoutTests/http/tests/images/resources/green-313x313.jxl
    M Source/WebCore/platform/graphics/cg/ImageBackingStoreCG.cpp

  Log Message:
  -----------
  Revert "Cherry-pick e633a9de382d. rdar://113298905"

This reverts commit aa902502a97f9ed8895ca52a03ed5a86f4e19cc0.

Identifier: 267312.2 at safari-7617.1.6-branch


Compare: https://github.com/WebKit/WebKit/compare/aa902502a97f%5E...49d771c59bb1

To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list