[webkit-changes] [WebKit/WebKit] 14f762: Versioning.
Russell Epstein
noreply at github.com
Tue May 14 16:13:26 PDT 2024
Branch: refs/heads/safari-7617.1.16.11-branch
Home: https://github.com/WebKit/WebKit
Commit: 14f7620c1140a8b13de6d05a1e6af9042feb7545
https://github.com/WebKit/WebKit/commit/14f7620c1140a8b13de6d05a1e6af9042feb7545
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-11-07 (Tue, 07 Nov 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7617.1.16.11.1
Identifier: 267815.519 at safari-7617.1.16.11-branch
Commit: 35df4247fdaa424ed9a2f4b9b3756507295e096d
https://github.com/WebKit/WebKit/commit/35df4247fdaa424ed9a2f4b9b3756507295e096d
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-11-07 (Tue, 07 Nov 2023)
Changed paths:
M Source/WebCore/Modules/cache/WorkerCacheStorageConnection.cpp
M Source/WebCore/Modules/permissions/Permissions.cpp
M Source/WebCore/Modules/storage/WorkerStorageConnection.cpp
M Source/WebCore/Modules/webaudio/AudioWorkletGlobalScope.cpp
M Source/WebCore/Modules/webaudio/AudioWorkletMessagingProxy.cpp
M Source/WebCore/Modules/webaudio/AudioWorkletThread.cpp
M Source/WebCore/Modules/webaudio/AudioWorkletThread.h
M Source/WebCore/Modules/websockets/WebSocket.cpp
M Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp
M Source/WebCore/dom/BroadcastChannel.cpp
M Source/WebCore/dom/ScriptExecutionContext.cpp
M Source/WebCore/loader/WorkerThreadableLoader.cpp
M Source/WebCore/loader/WorkerThreadableLoader.h
M Source/WebCore/loader/cache/MemoryCache.cpp
M Source/WebCore/page/WorkerNavigator.cpp
M Source/WebCore/workers/WorkerGlobalScope.cpp
M Source/WebCore/workers/WorkerMessagingProxy.cpp
M Source/WebCore/workers/WorkerNotificationClient.cpp
M Source/WebCore/workers/WorkerOrWorkletThread.h
M Source/WebCore/workers/WorkerThread.cpp
M Source/WebCore/workers/WorkerThread.h
M Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.cpp
M Source/WebCore/workers/shared/context/SharedWorkerThreadProxy.cpp
Log Message:
-----------
Cherry-pick 4cae7c8ab138. rdar://117727810
Crash under WebCore::createMainThreadConnection(WebCore::WorkerGlobalScope&)
https://bugs.webkit.org/show_bug.cgi?id=264222
rdar://117727810
Reviewed by Darin Adler.
We're crashing when calling `createCacheStorageConnection()` on the WorkerLoaderProxy which
we got from the WorkerThread. I believe the WorkerLoaderProxy reference returned by the
WorkerThread is stale, which is possible since it keeps C++ references to its proxies.
To address the issue, I updated WorkerThread to keep raw pointers to its proxies instead of
C++ references. I am also adding a clearProxies() function to clear those raw pointers once
the proxies get destroyed. Finally, I added null checks are proxy use sites now that we null
them out.
In the future, we should convert this raw pointers into CheckedPtrs.
* Source/WebCore/Modules/badge/WorkerBadgeProxy.h:
* Source/WebCore/Modules/cache/WorkerCacheStorageConnection.cpp:
(WebCore::createMainThreadConnection):
* Source/WebCore/Modules/permissions/Permissions.cpp:
(WebCore::Permissions::query):
* Source/WebCore/Modules/storage/WorkerStorageConnection.cpp:
(WebCore::WorkerStorageConnection::getPersisted):
(WebCore::WorkerStorageConnection::getEstimate):
(WebCore::WorkerStorageConnection::fileSystemGetDirectory):
* Source/WebCore/Modules/webaudio/AudioWorkletGlobalScope.cpp:
(WebCore::AudioWorkletGlobalScope::registerProcessor):
* Source/WebCore/Modules/webaudio/AudioWorkletMessagingProxy.cpp:
(WebCore::AudioWorkletMessagingProxy::~AudioWorkletMessagingProxy):
* Source/WebCore/Modules/webaudio/AudioWorkletThread.cpp:
(WebCore::AudioWorkletThread::clearProxies):
(WebCore::AudioWorkletThread::workerLoaderProxy):
(WebCore::AudioWorkletThread::messagingProxy):
* Source/WebCore/Modules/webaudio/AudioWorkletThread.h:
(WebCore::AudioWorkletThread::messagingProxy): Deleted.
* Source/WebCore/Modules/websockets/WebSocket.cpp:
(WebCore::WebSocket::connect):
* Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
(WebCore::WorkerThreadableWebSocketChannel::Bridge::Bridge):
(WebCore::WorkerThreadableWebSocketChannel::Bridge::mainThreadInitialize):
* Source/WebCore/dom/BroadcastChannel.cpp:
(WebCore::BroadcastChannel::MainThreadBridge::ensureOnMainThread):
* Source/WebCore/dom/ScriptExecutionContext.cpp:
(WebCore::ScriptExecutionContext::postTaskToResponsibleDocument):
* Source/WebCore/loader/WorkerThreadableLoader.cpp:
(WebCore::WorkerThreadableLoader::WorkerThreadableLoader):
* Source/WebCore/loader/cache/MemoryCache.cpp:
(WebCore::MemoryCache::removeRequestFromSessionCaches):
* Source/WebCore/page/WorkerNavigator.cpp:
(WebCore::WorkerNavigator::setAppBadge):
* Source/WebCore/workers/WorkerDebuggerProxy.h:
* Source/WebCore/workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::~WorkerGlobalScope):
(WebCore::WorkerGlobalScope::createRTCDataChannelRemoteHandlerConnection):
(WebCore::WorkerGlobalScope::close):
(WebCore::WorkerGlobalScope::logExceptionToConsole):
(WebCore::WorkerGlobalScope::wrapCryptoKey):
(WebCore::WorkerGlobalScope::unwrapCryptoKey):
(WebCore::WorkerGlobalScope::reportErrorToWorkerObject):
* Source/WebCore/workers/WorkerLoaderProxy.h:
* Source/WebCore/workers/WorkerMessagingProxy.cpp:
(WebCore::WorkerMessagingProxy::WorkerMessagingProxy):
(WebCore::WorkerMessagingProxy::~WorkerMessagingProxy):
(WebCore::WorkerMessagingProxy::workerGlobalScopeDestroyedInternal):
* Source/WebCore/workers/WorkerNotificationClient.cpp:
(WebCore::WorkerNotificationClient::postToMainThread):
* Source/WebCore/workers/WorkerOrWorkletThread.h:
* Source/WebCore/workers/WorkerReportingProxy.h:
* Source/WebCore/workers/WorkerThread.cpp:
(WebCore::WorkerThread::workerBadgeProxy const):
(WebCore::WorkerThread::workerDebuggerProxy const):
(WebCore::WorkerThread::workerLoaderProxy):
(WebCore::WorkerThread::workerReportingProxy const):
(WebCore::WorkerThread::clearProxies):
* Source/WebCore/workers/WorkerThread.h:
(WebCore::WorkerThread::workerBadgeProxy const): Deleted.
(WebCore::WorkerThread::workerReportingProxy const): Deleted.
* Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.cpp:
(WebCore::ServiceWorkerThreadProxy::~ServiceWorkerThreadProxy):
* Source/WebCore/workers/shared/context/SharedWorkerThreadProxy.cpp:
(WebCore::SharedWorkerThreadProxy::~SharedWorkerThreadProxy):
Canonical link: https://commits.webkit.org/267815.537@safari-7617-branch
Identifier: 267815.520 at safari-7617.1.16.11-branch
Commit: 51e4074f0050ee0c60f612cd83b0b37e8265ee5d
https://github.com/WebKit/WebKit/commit/51e4074f0050ee0c60f612cd83b0b37e8265ee5d
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-11-08 (Wed, 08 Nov 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7617.1.16.11.2
Identifier: 267815.522 at safari-7617.1.16.11-branch
Commit: f2ab5410f273b48ee3ec3094d3e62725a1acb770
https://github.com/WebKit/WebKit/commit/f2ab5410f273b48ee3ec3094d3e62725a1acb770
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-11-08 (Wed, 08 Nov 2023)
Changed paths:
M Source/WebCore/platform/graphics/FontCascade.cpp
M Source/WebCore/platform/graphics/FontCascadeFonts.cpp
M Source/WebCore/platform/graphics/FontRanges.cpp
M Source/WebCore/platform/graphics/GlyphPage.h
Log Message:
-----------
Cherry-pick ef2295446d89. rdar://117905809
Use GlyphData.isValid() consistently for checking whether GlyphData is valid.
https://bugs.webkit.org/show_bug.cgi?id=264130
rdar://117905809
Reviewed by Tim Nguyen.
Replace GlyphData validity checks using .glyph and .font directly with .isValid().
Make .isValid() return false even if .glyph is non-zero and .font is null
(which should never happen) since a .font null check isn't expensive anyway.
* Source/WebCore/platform/graphics/FontCascade.cpp:
(WebCore::FontCascade::fontForCombiningCharacterSequence const):
* Source/WebCore/platform/graphics/FontCascadeFonts.cpp:
(WebCore::FontCascadeFonts::GlyphPageCacheEntry::setGlyphDataForCharacter):
(WebCore::FontCascadeFonts::glyphDataForSystemFallback):
(WebCore::FontCascadeFonts::glyphDataForVariant):
(WebCore::FontCascadeFonts::glyphDataForCharacter):
* Source/WebCore/platform/graphics/FontRanges.cpp:
(WebCore::FontRanges::glyphDataForCharacter const):
* Source/WebCore/platform/graphics/GlyphPage.h:
(WebCore::GlyphData::isValid const):
Canonical link: https://commits.webkit.org/270299@main
Identifier: 267815.523 at safari-7617.1.16.11-branch
Commit: a19c0af59f979ddd830f9bdbd057793f66d860e4
https://github.com/WebKit/WebKit/commit/a19c0af59f979ddd830f9bdbd057793f66d860e4
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-11-08 (Wed, 08 Nov 2023)
Changed paths:
M Source/WebCore/platform/graphics/FontRanges.cpp
Log Message:
-----------
Unreviewed fix. rdar://117905809
Identifier: 267815.524 at safari-7617.1.16.11-branch
Commit: f13898903d220a82005157dff756846be8c9a462
https://github.com/WebKit/WebKit/commit/f13898903d220a82005157dff756846be8c9a462
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-11-08 (Wed, 08 Nov 2023)
Changed paths:
A LayoutTests/storage/indexeddb/abort-index-rename-crash-expected.txt
A LayoutTests/storage/indexeddb/abort-index-rename-crash.html
M Source/WebCore/Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp
M Source/WebCore/Modules/indexeddb/server/MemoryIndex.cpp
M Source/WebCore/Modules/indexeddb/server/MemoryIndex.h
M Source/WebCore/Modules/indexeddb/server/MemoryIndexCursor.cpp
M Source/WebCore/Modules/indexeddb/server/MemoryObjectStore.h
Log Message:
-----------
Cherry-pick 64bcd93cbc55. rdar://117463447
jsc_fuz/wktr: heap-use-after-free in WebCore::IDBServer::MemoryObjectStore::takeIndexByIdentifier(unsigned long long) MemoryObjectStore.cpp:128.
https://bugs.webkit.org/show_bug.cgi?id=264180.
rdar://117463447.
Reviewed by Sihui Liu.
MemoryIndex now keeps WeakPtr to MemoryObjectStore 'm_objectStore' and checks it's validity before using it. Also RefPtr conversion from WekPtr using get() API as applicable.
* LayoutTests/storage/indexeddb/abort-index-rename-crash-expected.txt: Added the test expected file.
* LayoutTests/storage/indexeddb/abort-index-rename-crash.html: Added the test case.
* Source/WebCore/Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp: Checks the validity of MemoryObjectStore pointer before using.
(WebCore::IDBServer::MemoryBackingStoreTransaction::objectStoreDeleted):
(WebCore::IDBServer::MemoryBackingStoreTransaction::indexRenamed):
(WebCore::IDBServer::MemoryBackingStoreTransaction::abort):
* Source/WebCore/Modules/indexeddb/server/MemoryIndex.cpp: Changed direct reference to WeakPtr. Also used RefPtr conversion using get() API as applicable.
(WebCore::IDBServer::MemoryIndex::objectStoreCleared):
(WebCore::IDBServer::MemoryIndex::clearIndexValueStore):
(WebCore::IDBServer::MemoryIndex::replaceIndexValueStore):
(WebCore::IDBServer::MemoryIndex::getResultForKeyRange const):
(WebCore::IDBServer::MemoryIndex::getAllRecords const):
* Source/WebCore/Modules/indexeddb/server/MemoryIndex.h: Changed direct reference to WeakPtr.
(WebCore::IDBServer::MemoryIndex::objectStore):
* Source/WebCore/Modules/indexeddb/server/MemoryIndexCursor.cpp: Used RefPtr conversion using get() API for MemoryIndex based MemoryObjectStore object.
(WebCore::IDBServer::MemoryIndexCursor::currentData):
* Source/WebCore/Modules/indexeddb/server/MemoryObjectStore.h:
Canonical link: https://commits.webkit.org/267815.545@safari-7617-branch
Identifier: 267815.525 at safari-7617.1.16.11-branch
Commit: b405a3bcdc2a9d632d54af45b55a2e8b29e84be7
https://github.com/WebKit/WebKit/commit/b405a3bcdc2a9d632d54af45b55a2e8b29e84be7
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-11-08 (Wed, 08 Nov 2023)
Changed paths:
M LayoutTests/TestExpectations
A LayoutTests/fast/multicol/last-set-crash-expected.txt
A LayoutTests/fast/multicol/last-set-crash.html
M Source/WebCore/rendering/RenderMultiColumnFlow.cpp
M Source/WebCore/rendering/RenderMultiColumnFlow.h
Log Message:
-----------
Cherry-pick f524a15d0633. rdar://114559559
WTFCrashWithSecurityImplication in WebCore::RenderFragmentedFlow::removeLineFragmentInfo()
https://bugs.webkit.org/show_bug.cgi?id=264327
rdar://114559559
Reviewed by Alan Baradlay.
* LayoutTests/TestExpectations:
Skip test on debug due to some assertion failures.
* LayoutTests/fast/multicol/last-set-crash-expected.txt: Added.
* LayoutTests/fast/multicol/last-set-crash.html: Added.
* Source/WebCore/rendering/RenderMultiColumnFlow.cpp:
(WebCore::RenderMultiColumnFlow::fragmentAtBlockOffset const):
Tree mutations may have made m_lastSetWorkedOn cache invalid by moving the multicolumn set under a different multicolumn flow.
Check for this.
* Source/WebCore/rendering/RenderMultiColumnFlow.h:
Also make it use WeakPtr.
Canonical link: https://commits.webkit.org/267815.546@safari-7617-branch
Identifier: 267815.526 at safari-7617.1.16.11-branch
Commit: c19828cb5ccc9e56aa44cb885cb4f3402fa8fc3d
https://github.com/WebKit/WebKit/commit/c19828cb5ccc9e56aa44cb885cb4f3402fa8fc3d
Author: Russell Epstein <repstein at apple.com>
Date: 2023-11-10 (Fri, 10 Nov 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7617.1.16.11.3
Canonical link: https://commits.webkit.org/267815.526@safari-7617.1.16.11-branch
Compare: https://github.com/WebKit/WebKit/compare/14f7620c1140%5E...c19828cb5ccc
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list