[webkit-changes] [WebKit/WebKit] 6ae229: Versioning.

MyahCobbs noreply at github.com
Tue May 14 16:13:26 PDT 2024


  Branch: refs/heads/safari-7617.1.16.10-branch
  Home:   https://github.com/WebKit/WebKit
  Commit: 6ae229cc8de1cf1571c057fe282488406d83bf14
      https://github.com/WebKit/WebKit/commit/6ae229cc8de1cf1571c057fe282488406d83bf14
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-11-07 (Tue, 07 Nov 2023)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7617.1.16.10.1

Identifier: 267815.519 at safari-7617.1.16.10-branch


  Commit: 148583983724ef02e6d9be392737ecad37640d77
      https://github.com/WebKit/WebKit/commit/148583983724ef02e6d9be392737ecad37640d77
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-11-07 (Tue, 07 Nov 2023)

  Changed paths:
    M Source/WebCore/Modules/cache/WorkerCacheStorageConnection.cpp
    M Source/WebCore/Modules/permissions/Permissions.cpp
    M Source/WebCore/Modules/storage/WorkerStorageConnection.cpp
    M Source/WebCore/Modules/webaudio/AudioWorkletGlobalScope.cpp
    M Source/WebCore/Modules/webaudio/AudioWorkletMessagingProxy.cpp
    M Source/WebCore/Modules/webaudio/AudioWorkletThread.cpp
    M Source/WebCore/Modules/webaudio/AudioWorkletThread.h
    M Source/WebCore/Modules/websockets/WebSocket.cpp
    M Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp
    M Source/WebCore/dom/BroadcastChannel.cpp
    M Source/WebCore/dom/ScriptExecutionContext.cpp
    M Source/WebCore/loader/WorkerThreadableLoader.cpp
    M Source/WebCore/loader/WorkerThreadableLoader.h
    M Source/WebCore/loader/cache/MemoryCache.cpp
    M Source/WebCore/page/WorkerNavigator.cpp
    M Source/WebCore/workers/WorkerGlobalScope.cpp
    M Source/WebCore/workers/WorkerMessagingProxy.cpp
    M Source/WebCore/workers/WorkerNotificationClient.cpp
    M Source/WebCore/workers/WorkerOrWorkletThread.h
    M Source/WebCore/workers/WorkerThread.cpp
    M Source/WebCore/workers/WorkerThread.h
    M Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.cpp
    M Source/WebCore/workers/shared/context/SharedWorkerThreadProxy.cpp

  Log Message:
  -----------
  Cherry-pick 4cae7c8ab138. rdar://117727810

    Crash under WebCore::createMainThreadConnection(WebCore::WorkerGlobalScope&)
    https://bugs.webkit.org/show_bug.cgi?id=264222
    rdar://117727810

    Reviewed by Darin Adler.

    We're crashing when calling `createCacheStorageConnection()` on the WorkerLoaderProxy which
    we got from the WorkerThread. I believe the WorkerLoaderProxy reference returned by the
    WorkerThread is stale, which is possible since it keeps C++ references to its proxies.

    To address the issue, I updated WorkerThread to keep raw pointers to its proxies instead of
    C++ references. I am also adding a clearProxies() function to clear those raw pointers once
    the proxies get destroyed. Finally, I added null checks are proxy use sites now that we null
    them out.

    In the future, we should convert this raw pointers into CheckedPtrs.

    * Source/WebCore/Modules/badge/WorkerBadgeProxy.h:
    * Source/WebCore/Modules/cache/WorkerCacheStorageConnection.cpp:
    (WebCore::createMainThreadConnection):
    * Source/WebCore/Modules/permissions/Permissions.cpp:
    (WebCore::Permissions::query):
    * Source/WebCore/Modules/storage/WorkerStorageConnection.cpp:
    (WebCore::WorkerStorageConnection::getPersisted):
    (WebCore::WorkerStorageConnection::getEstimate):
    (WebCore::WorkerStorageConnection::fileSystemGetDirectory):
    * Source/WebCore/Modules/webaudio/AudioWorkletGlobalScope.cpp:
    (WebCore::AudioWorkletGlobalScope::registerProcessor):
    * Source/WebCore/Modules/webaudio/AudioWorkletMessagingProxy.cpp:
    (WebCore::AudioWorkletMessagingProxy::~AudioWorkletMessagingProxy):
    * Source/WebCore/Modules/webaudio/AudioWorkletThread.cpp:
    (WebCore::AudioWorkletThread::clearProxies):
    (WebCore::AudioWorkletThread::workerLoaderProxy):
    (WebCore::AudioWorkletThread::messagingProxy):
    * Source/WebCore/Modules/webaudio/AudioWorkletThread.h:
    (WebCore::AudioWorkletThread::messagingProxy): Deleted.
    * Source/WebCore/Modules/websockets/WebSocket.cpp:
    (WebCore::WebSocket::connect):
    * Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
    (WebCore::WorkerThreadableWebSocketChannel::Bridge::Bridge):
    (WebCore::WorkerThreadableWebSocketChannel::Bridge::mainThreadInitialize):
    * Source/WebCore/dom/BroadcastChannel.cpp:
    (WebCore::BroadcastChannel::MainThreadBridge::ensureOnMainThread):
    * Source/WebCore/dom/ScriptExecutionContext.cpp:
    (WebCore::ScriptExecutionContext::postTaskToResponsibleDocument):
    * Source/WebCore/loader/WorkerThreadableLoader.cpp:
    (WebCore::WorkerThreadableLoader::WorkerThreadableLoader):
    * Source/WebCore/loader/cache/MemoryCache.cpp:
    (WebCore::MemoryCache::removeRequestFromSessionCaches):
    * Source/WebCore/page/WorkerNavigator.cpp:
    (WebCore::WorkerNavigator::setAppBadge):
    * Source/WebCore/workers/WorkerDebuggerProxy.h:
    * Source/WebCore/workers/WorkerGlobalScope.cpp:
    (WebCore::WorkerGlobalScope::~WorkerGlobalScope):
    (WebCore::WorkerGlobalScope::createRTCDataChannelRemoteHandlerConnection):
    (WebCore::WorkerGlobalScope::close):
    (WebCore::WorkerGlobalScope::logExceptionToConsole):
    (WebCore::WorkerGlobalScope::wrapCryptoKey):
    (WebCore::WorkerGlobalScope::unwrapCryptoKey):
    (WebCore::WorkerGlobalScope::reportErrorToWorkerObject):
    * Source/WebCore/workers/WorkerLoaderProxy.h:
    * Source/WebCore/workers/WorkerMessagingProxy.cpp:
    (WebCore::WorkerMessagingProxy::WorkerMessagingProxy):
    (WebCore::WorkerMessagingProxy::~WorkerMessagingProxy):
    (WebCore::WorkerMessagingProxy::workerGlobalScopeDestroyedInternal):
    * Source/WebCore/workers/WorkerNotificationClient.cpp:
    (WebCore::WorkerNotificationClient::postToMainThread):
    * Source/WebCore/workers/WorkerOrWorkletThread.h:
    * Source/WebCore/workers/WorkerReportingProxy.h:
    * Source/WebCore/workers/WorkerThread.cpp:
    (WebCore::WorkerThread::workerBadgeProxy const):
    (WebCore::WorkerThread::workerDebuggerProxy const):
    (WebCore::WorkerThread::workerLoaderProxy):
    (WebCore::WorkerThread::workerReportingProxy const):
    (WebCore::WorkerThread::clearProxies):
    * Source/WebCore/workers/WorkerThread.h:
    (WebCore::WorkerThread::workerBadgeProxy const): Deleted.
    (WebCore::WorkerThread::workerReportingProxy const): Deleted.
    * Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.cpp:
    (WebCore::ServiceWorkerThreadProxy::~ServiceWorkerThreadProxy):
    * Source/WebCore/workers/shared/context/SharedWorkerThreadProxy.cpp:
    (WebCore::SharedWorkerThreadProxy::~SharedWorkerThreadProxy):

    Canonical link: https://commits.webkit.org/267815.537@safari-7617-branch

Identifier: 267815.520 at safari-7617.1.16.10-branch


  Commit: 53b4f7dafd773a864861da6586e2846b52048a6b
      https://github.com/WebKit/WebKit/commit/53b4f7dafd773a864861da6586e2846b52048a6b
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-11-08 (Wed, 08 Nov 2023)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7617.1.16.10.2

Identifier: 267815.521 at safari-7617.1.16.10-branch


  Commit: dc970450a8d03977a3b40bc7c8ba4d8d9e54f0c4
      https://github.com/WebKit/WebKit/commit/dc970450a8d03977a3b40bc7c8ba4d8d9e54f0c4
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-11-08 (Wed, 08 Nov 2023)

  Changed paths:
    M Source/WebCore/platform/graphics/FontCascade.cpp
    M Source/WebCore/platform/graphics/FontCascadeFonts.cpp
    M Source/WebCore/platform/graphics/FontRanges.cpp
    M Source/WebCore/platform/graphics/GlyphPage.h

  Log Message:
  -----------
  Cherry-pick ef2295446d89. rdar://117905809

    Use GlyphData.isValid() consistently for checking whether GlyphData is valid.
    https://bugs.webkit.org/show_bug.cgi?id=264130
    rdar://117905809

    Reviewed by Tim Nguyen.

    Replace GlyphData validity checks using .glyph and .font directly with .isValid().
    Make .isValid() return false even if .glyph is non-zero and .font is null
    (which should never happen) since a .font null check isn't expensive anyway.

    * Source/WebCore/platform/graphics/FontCascade.cpp:
    (WebCore::FontCascade::fontForCombiningCharacterSequence const):
    * Source/WebCore/platform/graphics/FontCascadeFonts.cpp:
    (WebCore::FontCascadeFonts::GlyphPageCacheEntry::setGlyphDataForCharacter):
    (WebCore::FontCascadeFonts::glyphDataForSystemFallback):
    (WebCore::FontCascadeFonts::glyphDataForVariant):
    (WebCore::FontCascadeFonts::glyphDataForCharacter):
    * Source/WebCore/platform/graphics/FontRanges.cpp:
    (WebCore::FontRanges::glyphDataForCharacter const):
    * Source/WebCore/platform/graphics/GlyphPage.h:
    (WebCore::GlyphData::isValid const):

    Canonical link: https://commits.webkit.org/270299@main

Identifier: 267815.522 at safari-7617.1.16.10-branch


  Commit: e7e6ce5d47ae45ba74b1b2d6a48c30c5717218fa
      https://github.com/WebKit/WebKit/commit/e7e6ce5d47ae45ba74b1b2d6a48c30c5717218fa
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-11-08 (Wed, 08 Nov 2023)

  Changed paths:
    M Source/WebCore/platform/graphics/FontRanges.cpp

  Log Message:
  -----------
  Unreviewed fix.  rdar://117905809

Identifier: 267815.523 at safari-7617.1.16.10-branch


  Commit: c9941f3a13740e86f14cf5e8306bd5b4ef2c760a
      https://github.com/WebKit/WebKit/commit/c9941f3a13740e86f14cf5e8306bd5b4ef2c760a
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-11-08 (Wed, 08 Nov 2023)

  Changed paths:
    A LayoutTests/storage/indexeddb/abort-index-rename-crash-expected.txt
    A LayoutTests/storage/indexeddb/abort-index-rename-crash.html
    M Source/WebCore/Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp
    M Source/WebCore/Modules/indexeddb/server/MemoryIndex.cpp
    M Source/WebCore/Modules/indexeddb/server/MemoryIndex.h
    M Source/WebCore/Modules/indexeddb/server/MemoryIndexCursor.cpp
    M Source/WebCore/Modules/indexeddb/server/MemoryObjectStore.h

  Log Message:
  -----------
  Cherry-pick 64bcd93cbc55. rdar://117463447

    jsc_fuz/wktr: heap-use-after-free in WebCore::IDBServer::MemoryObjectStore::takeIndexByIdentifier(unsigned long long) MemoryObjectStore.cpp:128.
    https://bugs.webkit.org/show_bug.cgi?id=264180.
    rdar://117463447.

    Reviewed by Sihui Liu.

    MemoryIndex now keeps WeakPtr to MemoryObjectStore 'm_objectStore' and checks it's validity before using it. Also RefPtr conversion from WekPtr using get() API as applicable.

    * LayoutTests/storage/indexeddb/abort-index-rename-crash-expected.txt: Added the test expected file.
    * LayoutTests/storage/indexeddb/abort-index-rename-crash.html: Added the test case.
    * Source/WebCore/Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp: Checks the validity of MemoryObjectStore pointer before using.
    (WebCore::IDBServer::MemoryBackingStoreTransaction::objectStoreDeleted):
    (WebCore::IDBServer::MemoryBackingStoreTransaction::indexRenamed):
    (WebCore::IDBServer::MemoryBackingStoreTransaction::abort):
    * Source/WebCore/Modules/indexeddb/server/MemoryIndex.cpp: Changed direct reference to WeakPtr. Also used RefPtr conversion using get() API as applicable.
    (WebCore::IDBServer::MemoryIndex::objectStoreCleared):
    (WebCore::IDBServer::MemoryIndex::clearIndexValueStore):
    (WebCore::IDBServer::MemoryIndex::replaceIndexValueStore):
    (WebCore::IDBServer::MemoryIndex::getResultForKeyRange const):
    (WebCore::IDBServer::MemoryIndex::getAllRecords const):
    * Source/WebCore/Modules/indexeddb/server/MemoryIndex.h: Changed direct reference to WeakPtr.
    (WebCore::IDBServer::MemoryIndex::objectStore):
    * Source/WebCore/Modules/indexeddb/server/MemoryIndexCursor.cpp: Used RefPtr conversion using get() API for MemoryIndex based MemoryObjectStore object.
    (WebCore::IDBServer::MemoryIndexCursor::currentData):
    * Source/WebCore/Modules/indexeddb/server/MemoryObjectStore.h:

    Canonical link: https://commits.webkit.org/267815.545@safari-7617-branch


  Commit: 6d130a627befff27108f046b1e31eb039a1920e7
      https://github.com/WebKit/WebKit/commit/6d130a627befff27108f046b1e31eb039a1920e7
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-11-08 (Wed, 08 Nov 2023)

  Changed paths:
    M LayoutTests/TestExpectations
    A LayoutTests/fast/multicol/last-set-crash-expected.txt
    A LayoutTests/fast/multicol/last-set-crash.html
    M Source/WebCore/rendering/RenderMultiColumnFlow.cpp
    M Source/WebCore/rendering/RenderMultiColumnFlow.h

  Log Message:
  -----------
  Cherry-pick f524a15d0633. rdar://114559559

    WTFCrashWithSecurityImplication in WebCore::RenderFragmentedFlow::removeLineFragmentInfo()
    https://bugs.webkit.org/show_bug.cgi?id=264327
    rdar://114559559

    Reviewed by Alan Baradlay.

    * LayoutTests/TestExpectations:

    Skip test on debug due to some assertion failures.

    * LayoutTests/fast/multicol/last-set-crash-expected.txt: Added.
    * LayoutTests/fast/multicol/last-set-crash.html: Added.
    * Source/WebCore/rendering/RenderMultiColumnFlow.cpp:
    (WebCore::RenderMultiColumnFlow::fragmentAtBlockOffset const):

    Tree mutations may have made m_lastSetWorkedOn cache invalid by moving the multicolumn set under a different multicolumn flow.
    Check for this.

    * Source/WebCore/rendering/RenderMultiColumnFlow.h:

    Also make it use WeakPtr.

    Canonical link: https://commits.webkit.org/267815.546@safari-7617-branch


Compare: https://github.com/WebKit/WebKit/compare/6ae229cc8de1%5E...6d130a627bef

To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications


More information about the webkit-changes mailing list