[webkit-changes] [236827] trunk/Source/JavaScriptCore
Title: [236827] trunk/Source/_javascript_Core Revision 236827 Author ross.kirsl...@sony.com Date 2018-10-03 22:12:19 -0700 (Wed, 03 Oct 2018) Log Message [JSC] print() changes CRLF to CRCRLF on Windows https://bugs.webkit.org/show_bug.cgi?id=190228 Reviewed by Mark Lam. * jsc.cpp: (main): Ultimately, this is just the normal behavior of printf in text mode on Windows. Since we're reading in files as binary, we need to be printing out as binary too (just as we do in DumpRenderTree and ImageDiff.) Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/jsc.cpp Diff Modified: trunk/Source/_javascript_Core/ChangeLog (236826 => 236827) --- trunk/Source/_javascript_Core/ChangeLog 2018-10-04 04:57:35 UTC (rev 236826) +++ trunk/Source/_javascript_Core/ChangeLog 2018-10-04 05:12:19 UTC (rev 236827) @@ -1,3 +1,16 @@ +2018-10-03 Ross Kirsling + +[JSC] print() changes CRLF to CRCRLF on Windows +https://bugs.webkit.org/show_bug.cgi?id=190228 + +Reviewed by Mark Lam. + +* jsc.cpp: +(main): +Ultimately, this is just the normal behavior of printf in text mode on Windows. +Since we're reading in files as binary, we need to be printing out as binary too +(just as we do in DumpRenderTree and ImageDiff.) + 2018-10-03 Saam barati lowXYZ in FTLLower should always filter the type of the incoming edge Modified: trunk/Source/_javascript_Core/jsc.cpp (236826 => 236827) --- trunk/Source/_javascript_Core/jsc.cpp 2018-10-04 04:57:35 UTC (rev 236826) +++ trunk/Source/_javascript_Core/jsc.cpp 2018-10-04 05:12:19 UTC (rev 236827) @@ -90,6 +90,8 @@ #if OS(WINDOWS) #include +#include +#include #include #else #include @@ -2231,6 +2233,9 @@ // error mode here to work around Cygwin's behavior. See . ::SetErrorMode(0); +_setmode(_fileno(stdout), _O_BINARY); +_setmode(_fileno(stderr), _O_BINARY); + #if defined(_DEBUG) _CrtSetReportFile(_CRT_WARN, _CRTDBG_FILE_STDERR); _CrtSetReportMode(_CRT_WARN, _CRTDBG_MODE_FILE); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [236826] trunk/Source/WebKit
Title: [236826] trunk/Source/WebKit Revision 236826 Author m...@apple.com Date 2018-10-03 21:57:35 -0700 (Wed, 03 Oct 2018) Log Message Tried to fix non-Cocoa, ENABLE(ATTACHMENT_ELEMENT) builds after r236822. * UIProcess/PageClient.h: Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/PageClient.h Diff Modified: trunk/Source/WebKit/ChangeLog (236825 => 236826) --- trunk/Source/WebKit/ChangeLog 2018-10-04 03:55:12 UTC (rev 236825) +++ trunk/Source/WebKit/ChangeLog 2018-10-04 04:57:35 UTC (rev 236826) @@ -1,5 +1,11 @@ 2018-10-03 Dan Bernstein +Tried to fix non-Cocoa, ENABLE(ATTACHMENT_ELEMENT) builds after r236822. + +* UIProcess/PageClient.h: + +2018-10-03 Dan Bernstein + [Cocoa] Let clients specify an NSFileWrapper subclassed to be used for _WKAttachment https://bugs.webkit.org/show_bug.cgi?id=190270 Modified: trunk/Source/WebKit/UIProcess/PageClient.h (236825 => 236826) --- trunk/Source/WebKit/UIProcess/PageClient.h 2018-10-04 03:55:12 UTC (rev 236825) +++ trunk/Source/WebKit/UIProcess/PageClient.h 2018-10-04 04:57:35 UTC (rev 236826) @@ -444,8 +444,10 @@ #if ENABLE(ATTACHMENT_ELEMENT) virtual void didInsertAttachment(API::Attachment&, const String& source) { } virtual void didRemoveAttachment(API::Attachment&) { } +#if PLATFORM(COCOA) virtual NSFileWrapper *allocFileWrapperInstance() { return nullptr; } #endif +#endif }; } // namespace WebKit ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [236825] trunk/Source/WebCore
Title: [236825] trunk/Source/WebCore Revision 236825 Author rn...@webkit.org Date 2018-10-03 20:55:12 -0700 (Wed, 03 Oct 2018) Log Message Clear m_pendingTargets in MutationObserver::takeRecords https://bugs.webkit.org/show_bug.cgi?id=190240 Reviewed by Geoffrey Garen. In r236781, we delayed the clearing of m_pendingTargets until the end of microtask to avoid a race between mutation record's JS wrappers getting created and GC marking JS wrappers of elements in mutation records. This patch shortens this delay to until mutation record's JS wrappers are created. Specifically, we make MutationObserver::takeRecords() return a struct which has both pending targets hash set and the vector of mutation records so that the hash set survives through the creation of JS wrappers for mutation records. To do this, a new IDL extended attribute "ResultField" is introduced to specify the member variable in which the result is stored. No new tests. Unfortunately, this race condition appears to be impossible to capture in a regression test. * bindings/scripts/CodeGeneratorJS.pm: (GenerateOperationBodyDefinition): * bindings/scripts/IDLAttributes.json: * bindings/scripts/test/JS/JSTestInterface.cpp: (WebCore::jsTestInterfacePrototypeFunctionTakeNodesBody): (WebCore::jsTestInterfacePrototypeFunctionTakeNodes): * bindings/scripts/test/TestImplements.idl: Added a test case. * dom/MutationObserver.cpp: (WebCore::MutationObserver::takeRecords): (WebCore::MutationObserver::deliver): * dom/MutationObserver.h: * dom/MutationObserver.idl: Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm trunk/Source/WebCore/bindings/scripts/IDLAttributes.json trunk/Source/WebCore/bindings/scripts/test/JS/JSTestInterface.cpp trunk/Source/WebCore/bindings/scripts/test/TestImplements.idl trunk/Source/WebCore/dom/MutationObserver.cpp trunk/Source/WebCore/dom/MutationObserver.h trunk/Source/WebCore/dom/MutationObserver.idl Diff Modified: trunk/Source/WebCore/ChangeLog (236824 => 236825) --- trunk/Source/WebCore/ChangeLog 2018-10-04 03:29:57 UTC (rev 236824) +++ trunk/Source/WebCore/ChangeLog 2018-10-04 03:55:12 UTC (rev 236825) @@ -1,3 +1,35 @@ +2018-10-03 Ryosuke Niwa + +Clear m_pendingTargets in MutationObserver::takeRecords +https://bugs.webkit.org/show_bug.cgi?id=190240 + +Reviewed by Geoffrey Garen. + +In r236781, we delayed the clearing of m_pendingTargets until the end of microtask to avoid a race between +mutation record's JS wrappers getting created and GC marking JS wrappers of elements in mutation records. + +This patch shortens this delay to until mutation record's JS wrappers are created. Specifically, we make +MutationObserver::takeRecords() return a struct which has both pending targets hash set and the vector of +mutation records so that the hash set survives through the creation of JS wrappers for mutation records. + +To do this, a new IDL extended attribute "ResultField" is introduced to specify the member variable in +which the result is stored. + +No new tests. Unfortunately, this race condition appears to be impossible to capture in a regression test. + +* bindings/scripts/CodeGeneratorJS.pm: +(GenerateOperationBodyDefinition): +* bindings/scripts/IDLAttributes.json: +* bindings/scripts/test/JS/JSTestInterface.cpp: +(WebCore::jsTestInterfacePrototypeFunctionTakeNodesBody): +(WebCore::jsTestInterfacePrototypeFunctionTakeNodes): +* bindings/scripts/test/TestImplements.idl: Added a test case. +* dom/MutationObserver.cpp: +(WebCore::MutationObserver::takeRecords): +(WebCore::MutationObserver::deliver): +* dom/MutationObserver.h: +* dom/MutationObserver.idl: + 2018-10-03 Youenn Fablet Add VP8 support to WebRTC Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (236824 => 236825) --- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2018-10-04 03:29:57 UTC (rev 236824) +++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2018-10-04 03:55:12 UTC (rev 236825) @@ -5151,7 +5151,14 @@ GenerateArgumentsCountCheck($outputArray, $operation, $interface, $indent); my $functionString = GenerateParametersCheck($outputArray, $operation, $interface, $functionImplementationName, $indent); -GenerateImplementationFunctionCall($outputArray, $operation, $interface, $functionString, $indent); + +if ($operation->extendedAttributes->{ResultField}) { +my $resultName = $operation->extendedAttributes->{ResultField}; +push(@$outputArray, "auto implResult = $functionString;\n"); +GenerateImplementationFunctionCall($outputArray, $operation, $interface, "WTFMove(implResult.$resultName)", $indent); +} else { +GenerateImplementationFunctionCall($outputArray, $operation,
[webkit-changes] [236824] trunk
Title: [236824] trunk Revision 236824 Author sbar...@apple.com Date 2018-10-03 20:29:57 -0700 (Wed, 03 Oct 2018) Log Message lowXYZ in FTLLower should always filter the type of the incoming edge https://bugs.webkit.org/show_bug.cgi?id=189939 Reviewed by Michael Saboff. JSTests: * stress/ftl-should-always-filter-for-low-type-check-functions.js: Added. (foo): (test): Source/_javascript_Core: For example, the FTL may know more about data flow than AI in certain programs, and it needs to inform AI of these data flow properties to appease the assertion we have in AI that a node must perform type checks on its child nodes. For example, consider this program: ``` bb#1 a: Phi // Let's say it has an Int32 result, so it goes into the int32 hash table in FTLLower Branch(..., #2, #3) bb#2 ArrayifyToStructure(Cell:@a) // This modifies @a to have the its previous type union the type of some structure set. Jump(#3) bb#3 c: Add(Int32:@something, Int32:@a) ``` When the Add node does lowInt32() for @a, FTL lower used to just grab it from the int32 hash table without filtering the AbstractValue. However, the parent node is asking for a type check to happen, so we must inform AI of this "type check" if we want to appease the assertion that all nodes perform type checks for their edges that semantically perform type checks. This patch makes it so we filter the AbstractValue in the lowXYZ even if FTLLower proved the value must be XYZ. * ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compilePhi): (JSC::FTL::DFG::LowerDFGToB3::simulatedTypeCheck): (JSC::FTL::DFG::LowerDFGToB3::lowInt32): (JSC::FTL::DFG::LowerDFGToB3::lowCell): (JSC::FTL::DFG::LowerDFGToB3::lowBoolean): Modified Paths trunk/JSTests/ChangeLog trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp Added Paths trunk/JSTests/stress/ftl-should-always-filter-for-low-type-check-functions.js Diff Modified: trunk/JSTests/ChangeLog (236823 => 236824) --- trunk/JSTests/ChangeLog 2018-10-04 03:27:20 UTC (rev 236823) +++ trunk/JSTests/ChangeLog 2018-10-04 03:29:57 UTC (rev 236824) @@ -1,3 +1,15 @@ +2018-10-03 Saam barati + +lowXYZ in FTLLower should always filter the type of the incoming edge +https://bugs.webkit.org/show_bug.cgi?id=189939 + + +Reviewed by Michael Saboff. + +* stress/ftl-should-always-filter-for-low-type-check-functions.js: Added. +(foo): +(test): + 2018-10-03 Mark Lam Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX. Added: trunk/JSTests/stress/ftl-should-always-filter-for-low-type-check-functions.js (0 => 236824) --- trunk/JSTests/stress/ftl-should-always-filter-for-low-type-check-functions.js (rev 0) +++ trunk/JSTests/stress/ftl-should-always-filter-for-low-type-check-functions.js 2018-10-04 03:29:57 UTC (rev 236824) @@ -0,0 +1,31 @@ +//@ runDefault("--useConcurrentJIT=0", "--jitPolicyScale=0", "--maximumInliningDepth=2") + +function foo(x, y) { +var w = 0; +for (var i = 0; i < x.length; ++i) { +for (var j = 0; j < x.length; ++j) +w += foo(j, i); +y[i] = w; +} +} + +function test(x, a3) { + a1 = []; + a2 = []; + +for (i = 0; i < x; ++i) +a1[i] = 0; + +for (i = 0; i < 10; ++i) { +foo(a3, a2); +foo(a3, a1); +} +} +noDFG(test); + +a3 = []; +for (var i = 0; i < 3; ++i) +a3[i] = 0; + +for (var i = 3; i <= 12; i *= 2) +test(i, a3); Modified: trunk/Source/_javascript_Core/ChangeLog (236823 => 236824) --- trunk/Source/_javascript_Core/ChangeLog 2018-10-04 03:27:20 UTC (rev 236823) +++ trunk/Source/_javascript_Core/ChangeLog 2018-10-04 03:29:57 UTC (rev 236824) @@ -1,3 +1,45 @@ +2018-10-03 Saam barati + +lowXYZ in FTLLower should always filter the type of the incoming edge +https://bugs.webkit.org/show_bug.cgi?id=189939 + + +Reviewed by Michael Saboff. + +For example, the FTL may know more about data flow than AI in certain programs, +and it needs to inform AI of these data flow properties to appease the assertion +we have in AI that a node must perform type checks on its child nodes. + +For example, consider this program: + +``` +bb#1 +a: Phi // Let's say it has an Int32 result, so it goes into the int32 hash table in FTLLower +Branch(..., #2, #3) + +bb#2 +ArrayifyToStructure(Cell:@a) // This modifies @a to have the its previous type union the type of some structure set. +Jump(#3) + +bb#3 +c: Add(Int32:@something, Int32:@a) +``` + +When the Add node does lowInt32() for @a, FTL lower used to just grab it +from the int32 hash table without filtering the AbstractValue. However, +the parent node is asking for a type check to happen, so we must inform +
[webkit-changes] [236823] trunk/Source/ThirdParty/libwebrtc
Title: [236823] trunk/Source/ThirdParty/libwebrtc Revision 236823 Author m...@apple.com Date 2018-10-03 20:27:20 -0700 (Wed, 03 Oct 2018) Log Message Addressed the warning “no rule to process file 'Source/ThirdParty/libwebrtc/Source/third_party/yasm-1.3.0/modules/objfmts/macho/Makefile.inc' of type sourcecode.pascal for architecture x86_64” * libwebrtc.xcodeproj/project.pbxproj: Removed Makefile.inc from the yasm target’s Compile Sources build phase. Modified Paths trunk/Source/ThirdParty/libwebrtc/ChangeLog trunk/Source/ThirdParty/libwebrtc/libwebrtc.xcodeproj/project.pbxproj Diff Modified: trunk/Source/ThirdParty/libwebrtc/ChangeLog (236822 => 236823) --- trunk/Source/ThirdParty/libwebrtc/ChangeLog 2018-10-04 02:04:08 UTC (rev 236822) +++ trunk/Source/ThirdParty/libwebrtc/ChangeLog 2018-10-04 03:27:20 UTC (rev 236823) @@ -1,3 +1,10 @@ +2018-10-03 Dan Bernstein + +Addressed the warning “no rule to process file 'Source/ThirdParty/libwebrtc/Source/third_party/yasm-1.3.0/modules/objfmts/macho/Makefile.inc' of type sourcecode.pascal for architecture x86_64” + +* libwebrtc.xcodeproj/project.pbxproj: Removed Makefile.inc from the yasm target’s Compile + Sources build phase. + 2018-10-03 Youenn Fablet Add VP8 support to WebRTC Modified: trunk/Source/ThirdParty/libwebrtc/libwebrtc.xcodeproj/project.pbxproj (236822 => 236823) --- trunk/Source/ThirdParty/libwebrtc/libwebrtc.xcodeproj/project.pbxproj 2018-10-04 02:04:08 UTC (rev 236822) +++ trunk/Source/ThirdParty/libwebrtc/libwebrtc.xcodeproj/project.pbxproj 2018-10-04 03:27:20 UTC (rev 236823) @@ -971,7 +971,6 @@ 419C84C11FE31A0B0040C30F /* encoder_vcp.h in Headers */ = {isa = PBXBuildFile; fileRef = 419C849C1FE2FEC00040C30F /* encoder_vcp.h */; }; 419C84CB1FE3252E0040C30F /* curve25519.c in Sources */ = {isa = PBXBuildFile; fileRef = 419C847C1FE256B90040C30F /* curve25519.c */; }; 419EA1F3215C48C70082BFD2 /* macho-objfmt.c in Sources */ = {isa = PBXBuildFile; fileRef = 419EA1F2215C48C70082BFD2 /* macho-objfmt.c */; }; - 419EA1F6215C49590082BFD2 /* Makefile.inc in Sources */ = {isa = PBXBuildFile; fileRef = 419EA1F4215C49580082BFD2 /* Makefile.inc */; }; 419EA1F9215C4A9E0082BFD2 /* module.c in Sources */ = {isa = PBXBuildFile; fileRef = 419EA1F8215C4A9E0082BFD2 /* module.c */; }; 419EA201215C4B270082BFD2 /* x86expr.c in Sources */ = {isa = PBXBuildFile; fileRef = 419EA1FD215C4B260082BFD2 /* x86expr.c */; }; 419EA202215C4B270082BFD2 /* x86arch.c in Sources */ = {isa = PBXBuildFile; fileRef = 419EA1FE215C4B260082BFD2 /* x86arch.c */; }; @@ -15328,7 +15327,6 @@ 41BE717C215C459000A7B196 /* inttree.c in Sources */, 41BE71CC215C464800A7B196 /* linemap.c in Sources */, 419EA1F3215C48C70082BFD2 /* macho-objfmt.c in Sources */, -419EA1F6215C49590082BFD2 /* Makefile.inc in Sources */, 41BE717D215C459000A7B196 /* md5.c in Sources */, 41BE717E215C459000A7B196 /* mergesort.c in Sources */, 419EA1F9215C4A9E0082BFD2 /* module.c in Sources */, ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [236822] trunk
Title: [236822] trunk Revision 236822 Author m...@apple.com Date 2018-10-03 19:04:08 -0700 (Wed, 03 Oct 2018) Log Message [Cocoa] Let clients specify an NSFileWrapper subclassed to be used for _WKAttachment https://bugs.webkit.org/show_bug.cgi?id=190270 Reviewed by Wenson Hsieh. Source/WebKit: * UIProcess/API/Cocoa/WKWebViewConfiguration.mm: (-[WKWebViewConfiguration copyWithZone:]): Copy new _attachmentFileWrapperClass ivar. (-[WKWebViewConfiguration _attachmentFileWrapperClass]): Added this getter. (-[WKWebViewConfiguration _setAttachmentFileWrapperClass:]): Added this setter, which raises an exception if the argument is not an NSFileWrapper subclass. * UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h: Declared new property. * UIProcess/Cocoa/PageClientImplCocoa.h: * UIProcess/Cocoa/PageClientImplCocoa.mm: (WebKit::PageClientImplCocoa::allocFileWrapperInstance): Added. Allocates an instance of the class specified in the configuration, or NSFileWrapper if no custom class is specified. * UIProcess/Cocoa/WebPageProxyCocoa.mm: (WebKit::WebPageProxy::platformRegisterAttachment): Use PageClient::allocFileWrapperInstance instead of allocating an NSFileWrapper instance. * UIProcess/PageClient.h: (WebKit::PageClient::allocFileWrapperInstance): Defined new function. The default implementation returns nil. Tools: * TestWebKitAPI/Tests/WebKitCocoa/WKAttachmentTests.mm: (TestWebKitAPI::TEST): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h trunk/Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.h trunk/Source/WebKit/UIProcess/Cocoa/PageClientImplCocoa.mm trunk/Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm trunk/Source/WebKit/UIProcess/PageClient.h trunk/Tools/ChangeLog trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKAttachmentTests.mm Diff Modified: trunk/Source/WebKit/ChangeLog (236821 => 236822) --- trunk/Source/WebKit/ChangeLog 2018-10-04 01:53:27 UTC (rev 236821) +++ trunk/Source/WebKit/ChangeLog 2018-10-04 02:04:08 UTC (rev 236822) @@ -1,3 +1,31 @@ +2018-10-03 Dan Bernstein + +[Cocoa] Let clients specify an NSFileWrapper subclassed to be used for _WKAttachment +https://bugs.webkit.org/show_bug.cgi?id=190270 + +Reviewed by Wenson Hsieh. + +* UIProcess/API/Cocoa/WKWebViewConfiguration.mm: +(-[WKWebViewConfiguration copyWithZone:]): Copy new _attachmentFileWrapperClass ivar. +(-[WKWebViewConfiguration _attachmentFileWrapperClass]): Added this getter. +(-[WKWebViewConfiguration _setAttachmentFileWrapperClass:]): Added this setter, which raises + an exception if the argument is not an NSFileWrapper subclass. + +* UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h: Declared new property. + +* UIProcess/Cocoa/PageClientImplCocoa.h: +* UIProcess/Cocoa/PageClientImplCocoa.mm: +(WebKit::PageClientImplCocoa::allocFileWrapperInstance): Added. Allocates an instance of + the class specified in the configuration, or NSFileWrapper if no custom class is specified. + +* UIProcess/Cocoa/WebPageProxyCocoa.mm: +(WebKit::WebPageProxy::platformRegisterAttachment): Use PageClient::allocFileWrapperInstance + instead of allocating an NSFileWrapper instance. + +* UIProcess/PageClient.h: +(WebKit::PageClient::allocFileWrapperInstance): Defined new function. The default + implementation returns nil. + 2018-10-03 Youenn Fablet Add VP8 support to WebRTC Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm (236821 => 236822) --- trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm 2018-10-04 01:53:27 UTC (rev 236821) +++ trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm 2018-10-04 02:04:08 UTC (rev 236822) @@ -136,6 +136,7 @@ BOOL _invisibleAutoplayNotPermitted; BOOL _mediaDataLoadsAutomatically; BOOL _attachmentElementEnabled; +Class _attachmentFileWrapperClass; BOOL _mainContentUserGestureOverrideEnabled; #if PLATFORM(MAC) @@ -355,6 +356,7 @@ configuration->_invisibleAutoplayNotPermitted = self->_invisibleAutoplayNotPermitted; configuration->_mediaDataLoadsAutomatically = self->_mediaDataLoadsAutomatically; configuration->_attachmentElementEnabled = self->_attachmentElementEnabled; +configuration->_attachmentFileWrapperClass = self->_attachmentFileWrapperClass; configuration->_mediaTypesRequiringUserActionForPlayback = self->_mediaTypesRequiringUserActionForPlayback; configuration->_mainContentUserGestureOverrideEnabled = self->_mainContentUserGestureOverrideEnabled; configuration->_waitsForPaintAfterViewDidMoveToWindow = self->_waitsForPaintAfterViewDidMoveToWindow; @@ -746,6 +748,19 @@ _attachmentElementEnabled = attachmentElementEnabled; } +-
[webkit-changes] [236820] trunk
Title: [236820] trunk Revision 236820 Author jiewen_...@apple.com Date 2018-10-03 18:32:02 -0700 (Wed, 03 Oct 2018) Log Message [WebCrypto] ECDSA could not deal with invalid signature inputs https://bugs.webkit.org/show_bug.cgi?id=189879 Reviewed by Brent Fulgham. Source/WebCore: Add some guards over detections of the start positions of r/s. Covered by improved existing tests. * crypto/mac/CryptoAlgorithmECDSAMac.cpp: (WebCore::verifyECDSA): LayoutTests: * crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt: * crypto/subtle/ecdsa-verify-malformed-parameters.html: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters.html trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/crypto/mac/CryptoAlgorithmECDSAMac.cpp Diff Modified: trunk/LayoutTests/ChangeLog (236819 => 236820) --- trunk/LayoutTests/ChangeLog 2018-10-04 01:17:20 UTC (rev 236819) +++ trunk/LayoutTests/ChangeLog 2018-10-04 01:32:02 UTC (rev 236820) @@ -1,3 +1,14 @@ +2018-09-28 Jiewen Tan + +[WebCrypto] ECDSA could not deal with invalid signature inputs +https://bugs.webkit.org/show_bug.cgi?id=189879 + + +Reviewed by Brent Fulgham. + +* crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt: +* crypto/subtle/ecdsa-verify-malformed-parameters.html: + 2018-10-03 Antoine Quint [Web Animations] REGRESSION: setting 'animation-name: none' after a 'fill: forwards' animation has completed does not revert to the unanimated style Modified: trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt (236819 => 236820) --- trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt 2018-10-04 01:17:20 UTC (rev 236819) +++ trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt 2018-10-04 01:32:02 UTC (rev 236820) @@ -5,6 +5,8 @@ PASS verified is false PASS verified is false +PASS verified is false +PASS verified is false PASS successfullyParsed is true TEST COMPLETE Modified: trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters.html (236819 => 236820) --- trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters.html 2018-10-04 01:17:20 UTC (rev 236819) +++ trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters.html 2018-10-04 01:32:02 UTC (rev 236820) @@ -27,6 +27,8 @@ var data = "" World!"); var corruptedSignature = hexStringToUint8Array("d60737267c707deb1f3547c85d3f49b167fb3b4fd7ed7d974c2adc4f89171f9884a2637d5d5a7c5d475dc13d37522b958d5bf333a06e9ad445e831f220900a1b"); var shortenSignature = hexStringToUint8Array("d60737267c707deb1f3547c85d3f49b167fb3b4fd7ed7d974c2adc4f89171f9884a2637d5d5a7c5d475dc13d37522b958d5bf333a06e9ad445e831f220900a"); +var invalidSignature1 = hexStringToUint8Array("84a2637d5d5a7c5d475dc13d37522b958d5bf333a06e9ad445e831f220900a1b"); +var invalidSignature2 = hexStringToUint8Array("84a2637d5d5a7c5d475dc13d37522b958d5bf333a06e9ad445e831f220900a1b"); crypto.subtle.importKey("jwk", jwkPublicKey, { name: "ECDSA", namedCurve: "P-256" }, extractable, ["verify"]).then(function(result) { key = result; @@ -37,12 +39,24 @@ shouldBeFalse("verified"); -return crypto.subtle.verify(ecdsaParams, key, corruptedSignature, data); +return crypto.subtle.verify(ecdsaParams, key, shortenSignature, data); }).then(function(result) { verified = result; shouldBeFalse("verified"); +return crypto.subtle.verify(ecdsaParams, key, invalidSignature1, data); +}).then(function(result) { +verified = result; + +shouldBeFalse("verified"); + +return crypto.subtle.verify(ecdsaParams, key, invalidSignature2, data); +}).then(function(result) { +verified = result; + +shouldBeFalse("verified"); + finishJSTest(); }, failAndFinishJSTest); Modified: trunk/Source/WebCore/ChangeLog (236819 => 236820) --- trunk/Source/WebCore/ChangeLog 2018-10-04 01:17:20 UTC (rev 236819) +++ trunk/Source/WebCore/ChangeLog 2018-10-04 01:32:02 UTC (rev 236820) @@ -1,3 +1,18 @@ +2018-09-28 Jiewen Tan + +[WebCrypto] ECDSA could not deal with invalid signature inputs +https://bugs.webkit.org/show_bug.cgi?id=189879 + + +Reviewed by Brent Fulgham. + +Add some guards over detections of the start positions of r/s. + +Covered by improved existing tests. + +* crypto/mac/CryptoAlgorithmECDSAMac.cpp: +(WebCore::verifyECDSA): + 2018-10-03 Jer Noble Add a quirk to disable Modern EME for sites which are broken with it enabled Modified: trunk/Source/WebCore/crypto/mac/CryptoAlgorithmECDSAMac.cpp (236819 => 236820) --- trunk/Source/WebCore/crypto/mac/CryptoAlgorithmECDSAMac.cpp 2018-10-04
[webkit-changes] [236819] branches/safari-606.2.104.2-branch/Source
Title: [236819] branches/safari-606.2.104.2-branch/Source Revision 236819 Author kocsen_ch...@apple.com Date 2018-10-03 18:17:20 -0700 (Wed, 03 Oct 2018) Log Message Versioning. Modified Paths branches/safari-606.2.104.2-branch/Source/_javascript_Core/Configurations/Version.xcconfig branches/safari-606.2.104.2-branch/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig branches/safari-606.2.104.2-branch/Source/WebCore/Configurations/Version.xcconfig branches/safari-606.2.104.2-branch/Source/WebCore/PAL/Configurations/Version.xcconfig branches/safari-606.2.104.2-branch/Source/WebInspectorUI/Configurations/Version.xcconfig branches/safari-606.2.104.2-branch/Source/WebKit/Configurations/Version.xcconfig branches/safari-606.2.104.2-branch/Source/WebKitLegacy/mac/Configurations/Version.xcconfig Diff Modified: branches/safari-606.2.104.2-branch/Source/_javascript_Core/Configurations/Version.xcconfig (236818 => 236819) --- branches/safari-606.2.104.2-branch/Source/_javascript_Core/Configurations/Version.xcconfig 2018-10-04 00:50:46 UTC (rev 236818) +++ branches/safari-606.2.104.2-branch/Source/_javascript_Core/Configurations/Version.xcconfig 2018-10-04 01:17:20 UTC (rev 236819) @@ -24,9 +24,9 @@ MAJOR_VERSION = 606; MINOR_VERSION = 2; TINY_VERSION = 104; -MICRO_VERSION = 0; -NANO_VERSION = 0; -FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION); +MICRO_VERSION = 2; +NANO_VERSION = 1; +FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION).$(NANO_VERSION); // The bundle version and short version string are set based on the current build configuration, see below. BUNDLE_VERSION = $(BUNDLE_VERSION_$(CONFIGURATION)); Modified: branches/safari-606.2.104.2-branch/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig (236818 => 236819) --- branches/safari-606.2.104.2-branch/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig 2018-10-04 00:50:46 UTC (rev 236818) +++ branches/safari-606.2.104.2-branch/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig 2018-10-04 01:17:20 UTC (rev 236819) @@ -24,9 +24,9 @@ MAJOR_VERSION = 606; MINOR_VERSION = 2; TINY_VERSION = 104; -MICRO_VERSION = 0; -NANO_VERSION = 0; -FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION); +MICRO_VERSION = 2; +NANO_VERSION = 1; +FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION).$(NANO_VERSION); // The bundle version and short version string are set based on the current build configuration, see below. BUNDLE_VERSION = $(BUNDLE_VERSION_$(CONFIGURATION)); Modified: branches/safari-606.2.104.2-branch/Source/WebCore/Configurations/Version.xcconfig (236818 => 236819) --- branches/safari-606.2.104.2-branch/Source/WebCore/Configurations/Version.xcconfig 2018-10-04 00:50:46 UTC (rev 236818) +++ branches/safari-606.2.104.2-branch/Source/WebCore/Configurations/Version.xcconfig 2018-10-04 01:17:20 UTC (rev 236819) @@ -24,9 +24,9 @@ MAJOR_VERSION = 606; MINOR_VERSION = 2; TINY_VERSION = 104; -MICRO_VERSION = 0; -NANO_VERSION = 0; -FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION); +MICRO_VERSION = 2; +NANO_VERSION = 1; +FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION).$(NANO_VERSION); // The bundle version and short version string are set based on the current build configuration, see below. BUNDLE_VERSION = $(BUNDLE_VERSION_$(CONFIGURATION)); Modified: branches/safari-606.2.104.2-branch/Source/WebCore/PAL/Configurations/Version.xcconfig (236818 => 236819) --- branches/safari-606.2.104.2-branch/Source/WebCore/PAL/Configurations/Version.xcconfig 2018-10-04 00:50:46 UTC (rev 236818) +++ branches/safari-606.2.104.2-branch/Source/WebCore/PAL/Configurations/Version.xcconfig 2018-10-04 01:17:20 UTC (rev 236819) @@ -24,9 +24,9 @@ MAJOR_VERSION = 606; MINOR_VERSION = 2; TINY_VERSION = 104; -MICRO_VERSION = 0; -NANO_VERSION = 0; -FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION); +MICRO_VERSION = 2; +NANO_VERSION = 1; +FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION).$(NANO_VERSION); // The bundle version and short version string are set based on the current build configuration, see below. BUNDLE_VERSION = $(BUNDLE_VERSION_$(CONFIGURATION)); Modified: branches/safari-606.2.104.2-branch/Source/WebInspectorUI/Configurations/Version.xcconfig (236818 => 236819) --- branches/safari-606.2.104.2-branch/Source/WebInspectorUI/Configurations/Version.xcconfig 2018-10-04 00:50:46 UTC (rev 236818) +++ branches/safari-606.2.104.2-branch/Source/WebInspectorUI/Configurations/Version.xcconfig 2018-10-04 01:17:20 UTC (rev 236819) @@ -1,9 +1,9 @@ MAJOR_VERSION = 606; MINOR_VERSION = 2; TINY_VERSION = 104; -MICRO_VERSION = 0; -NANO_VERSION = 0; -FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION); +MICRO_VERSION = 2; +NANO_VERSION = 1; +FULL_VERSION =
[webkit-changes] [236817] branches/safari-606.2.104.2-branch/
Title: [236817] branches/safari-606.2.104.2-branch/ Revision 236817 Author kocsen_ch...@apple.com Date 2018-10-03 17:49:48 -0700 (Wed, 03 Oct 2018) Log Message New branch. Added Paths branches/safari-606.2.104.2-branch/ Diff ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [236818] trunk/Source/WebCore
Title: [236818] trunk/Source/WebCore Revision 236818 Author jer.no...@apple.com Date 2018-10-03 17:50:46 -0700 (Wed, 03 Oct 2018) Log Message Add a quirk to disable Modern EME for sites which are broken with it enabled https://bugs.webkit.org/show_bug.cgi?id=190051 Reviewed by Daniel Bates. Add a new class, parallel to Settings, to track quirk behavior. Extend the bindings generator to support a DisabledByQuirk attribute, and set this attribute for all the Modern EME types. Check whether the quirk is set inside HTMLMediaElement in addition to the existing Setting. * Modules/encryptedmedia/MediaKeyMessageEvent.idl: * Modules/encryptedmedia/MediaKeySession.idl: * Modules/encryptedmedia/MediaKeyStatusMap.idl: * Modules/encryptedmedia/MediaKeySystemAccess.idl: * Modules/encryptedmedia/MediaKeys.idl: * Modules/encryptedmedia/NavigatorEME.idl: * Sources.txt: * WebCore.xcodeproj/project.pbxproj: * bindings/scripts/CodeGenerator.pm: (WK_ucfirst): * bindings/scripts/CodeGeneratorJS.pm: (NeedsRuntimeCheck): (GenerateRuntimeEnableConditionalString): * bindings/scripts/IDLAttributes.json: * bindings/scripts/preprocess-idls.pl: (GenerateConstructorAttributes): * dom/Document.cpp: (WebCore::Document::Document): * dom/Document.h: (WebCore::Document::quirks const): * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::mediaPlayerKeyNeeded): (WebCore::HTMLMediaElement::mediaPlayerInitializationDataEncountered): * html/HTMLMediaElement.idl: * page/Quirks.cpp: Added. (Quirks::Quirks): (Quirks::disableEncryptedMediaAPIQuirk const): * page/Quirks.h: Added. Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Modules/encryptedmedia/MediaKeyMessageEvent.idl trunk/Source/WebCore/Modules/encryptedmedia/MediaKeySession.idl trunk/Source/WebCore/Modules/encryptedmedia/MediaKeyStatusMap.idl trunk/Source/WebCore/Modules/encryptedmedia/MediaKeySystemAccess.idl trunk/Source/WebCore/Modules/encryptedmedia/MediaKeys.idl trunk/Source/WebCore/Modules/encryptedmedia/NavigatorEME.idl trunk/Source/WebCore/Sources.txt trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm trunk/Source/WebCore/bindings/scripts/IDLAttributes.json trunk/Source/WebCore/bindings/scripts/preprocess-idls.pl trunk/Source/WebCore/dom/Document.cpp trunk/Source/WebCore/dom/Document.h trunk/Source/WebCore/html/HTMLMediaElement.cpp trunk/Source/WebCore/html/HTMLMediaElement.idl trunk/Source/WebCore/html/MediaEncryptedEvent.idl trunk/Source/WebCore/page/csp/ContentSecurityPolicySource.cpp Added Paths trunk/Source/WebCore/page/Quirks.cpp trunk/Source/WebCore/page/Quirks.h Diff Modified: trunk/Source/WebCore/ChangeLog (236817 => 236818) --- trunk/Source/WebCore/ChangeLog 2018-10-04 00:49:48 UTC (rev 236817) +++ trunk/Source/WebCore/ChangeLog 2018-10-04 00:50:46 UTC (rev 236818) @@ -1,3 +1,44 @@ +2018-10-03 Jer Noble + +Add a quirk to disable Modern EME for sites which are broken with it enabled +https://bugs.webkit.org/show_bug.cgi?id=190051 + +Reviewed by Daniel Bates. + +Add a new class, parallel to Settings, to track quirk behavior. Extend the bindings +generator to support a DisabledByQuirk attribute, and set this attribute for all +the Modern EME types. Check whether the quirk is set inside HTMLMediaElement in +addition to the existing Setting. + +* Modules/encryptedmedia/MediaKeyMessageEvent.idl: +* Modules/encryptedmedia/MediaKeySession.idl: +* Modules/encryptedmedia/MediaKeyStatusMap.idl: +* Modules/encryptedmedia/MediaKeySystemAccess.idl: +* Modules/encryptedmedia/MediaKeys.idl: +* Modules/encryptedmedia/NavigatorEME.idl: +* Sources.txt: +* WebCore.xcodeproj/project.pbxproj: +* bindings/scripts/CodeGenerator.pm: +(WK_ucfirst): +* bindings/scripts/CodeGeneratorJS.pm: +(NeedsRuntimeCheck): +(GenerateRuntimeEnableConditionalString): +* bindings/scripts/IDLAttributes.json: +* bindings/scripts/preprocess-idls.pl: +(GenerateConstructorAttributes): +* dom/Document.cpp: +(WebCore::Document::Document): +* dom/Document.h: +(WebCore::Document::quirks const): +* html/HTMLMediaElement.cpp: +(WebCore::HTMLMediaElement::mediaPlayerKeyNeeded): +(WebCore::HTMLMediaElement::mediaPlayerInitializationDataEncountered): +* html/HTMLMediaElement.idl: +* page/Quirks.cpp: Added. +(Quirks::Quirks): +(Quirks::disableEncryptedMediaAPIQuirk const): +* page/Quirks.h: Added. + 2018-10-03 Antoine Quint [Web Animations] REGRESSION: setting 'animation-name: none' after a 'fill: forwards' animation has completed does not revert to the unanimated style Modified: trunk/Source/WebCore/Modules/encryptedmedia/MediaKeyMessageEvent.idl (236817 => 236818) ---
[webkit-changes] [236816] tags/Safari-607.1.9/Source/WebCore
Title: [236816] tags/Safari-607.1.9/Source/WebCore Revision 236816 Author kocsen_ch...@apple.com Date 2018-10-03 17:13:40 -0700 (Wed, 03 Oct 2018) Log Message Cherry-pick r236796. rdar://problem/43949622 [macOS] Switching to discrete GPU should be done in the UI process https://bugs.webkit.org/show_bug.cgi?id=189361 Try to fix the IOSMAC build. * platform/graphics/GraphicsContext3D.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236796 268f45cc-cd09-0410-ab3c-d52691b4dbfc Modified Paths tags/Safari-607.1.9/Source/WebCore/ChangeLog tags/Safari-607.1.9/Source/WebCore/platform/graphics/GraphicsContext3D.h Diff Modified: tags/Safari-607.1.9/Source/WebCore/ChangeLog (236815 => 236816) --- tags/Safari-607.1.9/Source/WebCore/ChangeLog 2018-10-03 23:34:25 UTC (rev 236815) +++ tags/Safari-607.1.9/Source/WebCore/ChangeLog 2018-10-04 00:13:40 UTC (rev 236816) @@ -1,3 +1,27 @@ +2018-10-03 Kocsen Chung + +Cherry-pick r236796. rdar://problem/43949622 + +[macOS] Switching to discrete GPU should be done in the UI process +https://bugs.webkit.org/show_bug.cgi?id=189361 + + +Try to fix the IOSMAC build. + +* platform/graphics/GraphicsContext3D.h: + +git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236796 268f45cc-cd09-0410-ab3c-d52691b4dbfc + +2018-10-03 Dean Jackson + +[macOS] Switching to discrete GPU should be done in the UI process +https://bugs.webkit.org/show_bug.cgi?id=189361 + + +Try to fix the IOSMAC build. + +* platform/graphics/GraphicsContext3D.h: + 2018-10-03 Youenn Fablet Enable H264 simulcast Modified: tags/Safari-607.1.9/Source/WebCore/platform/graphics/GraphicsContext3D.h (236815 => 236816) --- tags/Safari-607.1.9/Source/WebCore/platform/graphics/GraphicsContext3D.h 2018-10-03 23:34:25 UTC (rev 236815) +++ tags/Safari-607.1.9/Source/WebCore/platform/graphics/GraphicsContext3D.h 2018-10-04 00:13:40 UTC (rev 236816) @@ -1520,7 +1520,7 @@ Platform3DObject m_vao { 0 }; #endif -#if PLATFORM(MAC) +#if PLATFORM(COCOA) && USE(OPENGL) bool m_hasSwitchedToHighPerformanceGPU { false }; #endif }; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [236815] trunk/Source/WebKit
Title: [236815] trunk/Source/WebKit Revision 236815 Author commit-qu...@webkit.org Date 2018-10-03 16:34:25 -0700 (Wed, 03 Oct 2018) Log Message Search does not cancel after number of matching terms exceed set max limit https://bugs.webkit.org/show_bug.cgi?id=190020 Patch by Zamiul Haque on 2018-10-03 Reviewed by Andy Estes. When searching a PDF document on MobileSafari, the maximum number of matching terms are limited to a set constant. Beyond this limit, a PDF document should not be searched, since the UI will not be updated correspondingly. To this effect, a new SPI was made to cancel a search when the maximum limit of matching terms is reached. This is done without clearing the highlighting for the all the terms that were found under the limit. This bug was a result of not having implemented the new SPI in WKPDFView. This will be tested in a follow-up patch, after re-enabling WKPDFView tests on iOS 12. * UIProcess/ios/WKPDFView.mm: (-[WKPDFView pdfHostViewController:findStringUpdate:done:]): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/Platform/spi/ios/PDFKitSPI.h trunk/Source/WebKit/UIProcess/ios/WKPDFView.mm Diff Modified: trunk/Source/WebKit/ChangeLog (236814 => 236815) --- trunk/Source/WebKit/ChangeLog 2018-10-03 23:24:10 UTC (rev 236814) +++ trunk/Source/WebKit/ChangeLog 2018-10-03 23:34:25 UTC (rev 236815) @@ -1,3 +1,25 @@ +2018-10-03 Zamiul Haque + +Search does not cancel after number of matching terms exceed set max limit +https://bugs.webkit.org/show_bug.cgi?id=190020 + + +Reviewed by Andy Estes. + +When searching a PDF document on MobileSafari, the maximum number of matching +terms are limited to a set constant. Beyond this limit, a PDF document should not +be searched, since the UI will not be updated correspondingly. To this effect, +a new SPI was made to cancel a search when the maximum limit of matching terms +is reached. This is done without clearing the highlighting for the all the terms +that were found under the limit. This bug was a result of not having implemented +the new SPI in WKPDFView. + +This will be tested in a follow-up patch, after re-enabling WKPDFView tests +on iOS 12. + +* UIProcess/ios/WKPDFView.mm: +(-[WKPDFView pdfHostViewController:findStringUpdate:done:]): + 2018-10-03 Brian Burg [Cocoa] REGRESSION: web content process paused in debugger is considered to be unresponsive if WebKit client is sandboxed Modified: trunk/Source/WebKit/Platform/spi/ios/PDFKitSPI.h (236814 => 236815) --- trunk/Source/WebKit/Platform/spi/ios/PDFKitSPI.h 2018-10-03 23:24:10 UTC (rev 236814) +++ trunk/Source/WebKit/Platform/spi/ios/PDFKitSPI.h 2018-10-03 23:34:25 UTC (rev 236815) @@ -45,6 +45,7 @@ - (void) findString:(NSString*) string withOptions:(NSStringCompareOptions) options; - (void) cancelFindString; +- (void) cancelFindStringWithHighlightsCleared:(BOOL)cleared; - (void) focusOnSearchResultAtIndex:(NSUInteger) searchIndex; - (NSInteger) currentPageIndex; Modified: trunk/Source/WebKit/UIProcess/ios/WKPDFView.mm (236814 => 236815) --- trunk/Source/WebKit/UIProcess/ios/WKPDFView.mm 2018-10-03 23:24:10 UTC (rev 236814) +++ trunk/Source/WebKit/UIProcess/ios/WKPDFView.mm 2018-10-03 23:34:25 UTC (rev 236815) @@ -392,14 +392,18 @@ - (void)pdfHostViewController:(PDFHostViewController *)controller findStringUpdate:(NSUInteger)numFound done:(BOOL)done { -// FIXME: We should stop searching once numFound exceeds _findStringMaxCount, but PDFKit doesn't -// allow us to stop the search without also clearing the search highlights. See . +if (numFound > _findStringMaxCount && !done) { +[controller cancelFindStringWithHighlightsCleared:NO]; +done = YES; +} + if (!done) return; - -_findStringCount = numFound; -if (auto findCompletion = std::exchange(_findCompletion, nil)) + +if (auto findCompletion = std::exchange(_findCompletion, nil)) { +_findStringCount = numFound; findCompletion(); +} } - (NSURL *)_URLWithPageIndex:(NSInteger)pageIndex ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [236814] trunk/Source/JavaScriptCore
Title: [236814] trunk/Source/_javascript_Core Revision 236814 Author msab...@apple.com Date 2018-10-03 16:24:10 -0700 (Wed, 03 Oct 2018) Log Message Command line jsc should report memory footprint in bytes https://bugs.webkit.org/show_bug.cgi?id=190267 Reviewed by Mark Lam. Change to leave the footprint values from the system unmodified. * jsc.cpp: (JSCMemoryFootprint::finishCreation): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/jsc.cpp Diff Modified: trunk/Source/_javascript_Core/ChangeLog (236813 => 236814) --- trunk/Source/_javascript_Core/ChangeLog 2018-10-03 22:02:44 UTC (rev 236813) +++ trunk/Source/_javascript_Core/ChangeLog 2018-10-03 23:24:10 UTC (rev 236814) @@ -1,3 +1,15 @@ +2018-10-03 Michael Saboff + +Command line jsc should report memory footprint in bytes +https://bugs.webkit.org/show_bug.cgi?id=190267 + +Reviewed by Mark Lam. + +Change to leave the footprint values from the system unmodified. + +* jsc.cpp: +(JSCMemoryFootprint::finishCreation): + 2018-10-03 Mark Lam Suppress unreachable code warning for LLIntAssembly.h code. Modified: trunk/Source/_javascript_Core/jsc.cpp (236813 => 236814) --- trunk/Source/_javascript_Core/jsc.cpp 2018-10-03 22:02:44 UTC (rev 236813) +++ trunk/Source/_javascript_Core/jsc.cpp 2018-10-03 23:24:10 UTC (rev 236814) @@ -1231,9 +1231,8 @@ MemoryFootprint footprint = MemoryFootprint::now(); -// Report sizes in KBytes so that values up to GB are still integers. -addProperty(vm, "current", jsNumber(footprint.current / 1024)); -addProperty(vm, "peak", jsNumber(footprint.peak / 1024)); +addProperty(vm, "current", jsNumber(footprint.current)); +addProperty(vm, "peak", jsNumber(footprint.peak)); } DECLARE_INFO; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [236813] trunk/Source/JavaScriptCore
Title: [236813] trunk/Source/_javascript_Core Revision 236813 Author mark@apple.com Date 2018-10-03 15:02:44 -0700 (Wed, 03 Oct 2018) Log Message Suppress unreachable code warning for LLIntAssembly.h code. https://bugs.webkit.org/show_bug.cgi?id=190263 Reviewed by Saam Barati. This is needed because LLIntAssembly.h is template generated from LowLevelInterpreter asm files, and may contain dead code which are harmless, but will trip up the warning. We should suppress the warning so that it doesn't break builds. * llint/LowLevelInterpreter.cpp: (JSC::CLoop::execute): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/llint/LowLevelInterpreter.cpp Diff Modified: trunk/Source/_javascript_Core/ChangeLog (236812 => 236813) --- trunk/Source/_javascript_Core/ChangeLog 2018-10-03 21:09:42 UTC (rev 236812) +++ trunk/Source/_javascript_Core/ChangeLog 2018-10-03 22:02:44 UTC (rev 236813) @@ -1,3 +1,18 @@ +2018-10-03 Mark Lam + +Suppress unreachable code warning for LLIntAssembly.h code. +https://bugs.webkit.org/show_bug.cgi?id=190263 + + +Reviewed by Saam Barati. + +This is needed because LLIntAssembly.h is template generated from LowLevelInterpreter +asm files, and may contain dead code which are harmless, but will trip up the warning. +We should suppress the warning so that it doesn't break builds. + +* llint/LowLevelInterpreter.cpp: +(JSC::CLoop::execute): + 2018-10-03 Dan Bernstein _javascript_Core part of [Xcode] Update some build settings as recommended by Xcode 10 Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter.cpp (236812 => 236813) --- trunk/Source/_javascript_Core/llint/LowLevelInterpreter.cpp 2018-10-03 21:09:42 UTC (rev 236812) +++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter.cpp 2018-10-03 22:02:44 UTC (rev 236813) @@ -446,7 +446,9 @@ // bytecode handlers for the interpreter, as compiled from // LowLevelInterpreter.asm and its peers. +IGNORE_CLANG_WARNINGS_BEGIN("unreachable-code") #include "LLIntAssembly.h" +IGNORE_CLANG_WARNINGS_END OFFLINE_ASM_GLUE_LABEL(llint_return_to_host) { ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [236812] branches/safari-606.2.104.0-branch/Source/WebCore
Title: [236812] branches/safari-606.2.104.0-branch/Source/WebCore Revision 236812 Author kocsen_ch...@apple.com Date 2018-10-03 14:09:42 -0700 (Wed, 03 Oct 2018) Log Message Cherry-pick r236806. rdar://problem/44855484 CRASH in CVPixelBufferGetBytePointerCallback() https://bugs.webkit.org/show_bug.cgi?id=190092 Reviewed by Eric Carlson. Speculative fix for crash that occurs when callers of CVPixelBufferGetBytePointerCallback() attempt to read the last byte of a CVPixelBuffer (as a pre-flight check) and crash due to a memory access error. It's speculated that mismatching CVPixelBufferLockBytePointer / CVPixelBufferUnlockBytePointer calls could result in an incorrect state inside the CVPixelBuffer. Add log count checks, locking, and release logging to try to pinpoint if mismatch lock counts are occurring in this code path. * platform/graphics/cv/PixelBufferConformerCV.cpp: (WebCore::CVPixelBufferGetBytePointerCallback): (WebCore::CVPixelBufferReleaseBytePointerCallback): (WebCore::CVPixelBufferReleaseInfoCallback): (WebCore::PixelBufferConformerCV::createImageFromPixelBuffer): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236806 268f45cc-cd09-0410-ab3c-d52691b4dbfc Modified Paths branches/safari-606.2.104.0-branch/Source/WebCore/ChangeLog branches/safari-606.2.104.0-branch/Source/WebCore/platform/graphics/cv/PixelBufferConformerCV.cpp Diff Modified: branches/safari-606.2.104.0-branch/Source/WebCore/ChangeLog (236811 => 236812) --- branches/safari-606.2.104.0-branch/Source/WebCore/ChangeLog 2018-10-03 21:08:53 UTC (rev 236811) +++ branches/safari-606.2.104.0-branch/Source/WebCore/ChangeLog 2018-10-03 21:09:42 UTC (rev 236812) @@ -1,3 +1,46 @@ +2018-10-03 Kocsen Chung + +Cherry-pick r236806. rdar://problem/44855484 + +CRASH in CVPixelBufferGetBytePointerCallback() +https://bugs.webkit.org/show_bug.cgi?id=190092 + +Reviewed by Eric Carlson. + +Speculative fix for crash that occurs when callers of CVPixelBufferGetBytePointerCallback() attempt +to read the last byte of a CVPixelBuffer (as a pre-flight check) and crash due to a memory access +error. It's speculated that mismatching CVPixelBufferLockBytePointer / CVPixelBufferUnlockBytePointer +calls could result in an incorrect state inside the CVPixelBuffer. Add log count checks, locking, and +release logging to try to pinpoint if mismatch lock counts are occurring in this code path. + +* platform/graphics/cv/PixelBufferConformerCV.cpp: +(WebCore::CVPixelBufferGetBytePointerCallback): +(WebCore::CVPixelBufferReleaseBytePointerCallback): +(WebCore::CVPixelBufferReleaseInfoCallback): +(WebCore::PixelBufferConformerCV::createImageFromPixelBuffer): + + +git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236806 268f45cc-cd09-0410-ab3c-d52691b4dbfc + +2018-10-03 Jer Noble + +CRASH in CVPixelBufferGetBytePointerCallback() +https://bugs.webkit.org/show_bug.cgi?id=190092 + +Reviewed by Eric Carlson. + +Speculative fix for crash that occurs when callers of CVPixelBufferGetBytePointerCallback() attempt +to read the last byte of a CVPixelBuffer (as a pre-flight check) and crash due to a memory access +error. It's speculated that mismatching CVPixelBufferLockBytePointer / CVPixelBufferUnlockBytePointer +calls could result in an incorrect state inside the CVPixelBuffer. Add log count checks, locking, and +release logging to try to pinpoint if mismatch lock counts are occurring in this code path. + +* platform/graphics/cv/PixelBufferConformerCV.cpp: +(WebCore::CVPixelBufferGetBytePointerCallback): +(WebCore::CVPixelBufferReleaseBytePointerCallback): +(WebCore::CVPixelBufferReleaseInfoCallback): +(WebCore::PixelBufferConformerCV::createImageFromPixelBuffer): + 2018-09-28 Babak Shafiei Cherry-pick r236615. rdar://problem/44883290 Modified: branches/safari-606.2.104.0-branch/Source/WebCore/platform/graphics/cv/PixelBufferConformerCV.cpp (236811 => 236812) --- branches/safari-606.2.104.0-branch/Source/WebCore/platform/graphics/cv/PixelBufferConformerCV.cpp 2018-10-03 21:08:53 UTC (rev 236811) +++ branches/safari-606.2.104.0-branch/Source/WebCore/platform/graphics/cv/PixelBufferConformerCV.cpp 2018-10-03 21:09:42 UTC (rev 236812) @@ -29,6 +29,7 @@ #if HAVE(CORE_VIDEO) #include "GraphicsContextCG.h" +#include "Logging.h" #include #include "CoreVideoSoftLink.h" @@ -55,23 +56,87 @@ #endif } -static const void* CVPixelBufferGetBytePointerCallback(void* info) +struct CVPixelBufferInfo { +RetainPtr pixelBuffer; +int lockCount { 0 }; +}; + +static const void* CVPixelBufferGetBytePointerCallback(void* refcon) { -CVPixelBufferRef pixelBuffer = static_cast(info); -
[webkit-changes] [236811] trunk/Source/ThirdParty
Title: [236811] trunk/Source/ThirdParty Revision 236811 Author m...@apple.com Date 2018-10-03 14:08:53 -0700 (Wed, 03 Oct 2018) Log Message ANGLE and libwebrtc parts of [Xcode] Update some build settings as recommended by Xcode 10 https://bugs.webkit.org/show_bug.cgi?id=190250 Reviewed by Andy Estes. Source/ThirdParty/ANGLE: * ANGLE.xcodeproj/project.pbxproj: Kept the unreachable code warning off for four files that were generated by tools: glslang_lex.cpp, glslang_tab.cpp, Tokenizer.cpp, and ExpressionParser.cpp. Let Xcode update LastUpgradeCheck. * Configurations/Base.xcconfig: Enabled CLANG_WARN_COMMA, CLANG_WARN_INFINITE_RECURSION, CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS, CLANG_WARN_SUSPICIOUS_MOVE, CLANG_WARN_UNREACHABLE_CODE, CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF, and CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED. Source/ThirdParty/libwebrtc: * Configurations/Base.xcconfig: Removed a duplicate reference to x_all.c and let Xcode update LastUpgradeCheck. * libwebrtc.xcodeproj/project.pbxproj: Enabled CLANG_WARN_INFINITE_RECURSION, CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF, CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED, and CLANG_WARN_SUSPICIOUS_MOVE. Other warnings that Xcode 10 recommended were incompatible with one or more source files in the project. Modified Paths trunk/Source/ThirdParty/ANGLE/ANGLE.xcodeproj/project.pbxproj trunk/Source/ThirdParty/ANGLE/ChangeLog trunk/Source/ThirdParty/ANGLE/Configurations/Base.xcconfig trunk/Source/ThirdParty/libwebrtc/ChangeLog trunk/Source/ThirdParty/libwebrtc/Configurations/Base.xcconfig trunk/Source/ThirdParty/libwebrtc/libwebrtc.xcodeproj/project.pbxproj Diff Modified: trunk/Source/ThirdParty/ANGLE/ANGLE.xcodeproj/project.pbxproj (236810 => 236811) --- trunk/Source/ThirdParty/ANGLE/ANGLE.xcodeproj/project.pbxproj 2018-10-03 21:02:19 UTC (rev 236810) +++ trunk/Source/ThirdParty/ANGLE/ANGLE.xcodeproj/project.pbxproj 2018-10-03 21:08:53 UTC (rev 236811) @@ -20,8 +20,8 @@ 31012E2918B97B9B0039062F /* DirectiveHandler.h in Headers */ = {isa = PBXBuildFile; fileRef = 31012DB818B97B9B0039062F /* DirectiveHandler.h */; }; 31012E2A18B97B9B0039062F /* ExtensionBehavior.h in Headers */ = {isa = PBXBuildFile; fileRef = 31012DB918B97B9B0039062F /* ExtensionBehavior.h */; }; 31012E2D18B97B9B0039062F /* glslang.h in Headers */ = {isa = PBXBuildFile; fileRef = 31012DBD18B97B9B0039062F /* glslang.h */; }; - 31012E3018B97B9B0039062F /* glslang_lex.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 31012DC018B97B9B0039062F /* glslang_lex.cpp */; }; - 31012E3118B97B9B0039062F /* glslang_tab.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 31012DC118B97B9B0039062F /* glslang_tab.cpp */; }; + 31012E3018B97B9B0039062F /* glslang_lex.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 31012DC018B97B9B0039062F /* glslang_lex.cpp */; settings = {COMPILER_FLAGS = "-Wno-unreachable-code"; }; }; + 31012E3118B97B9B0039062F /* glslang_tab.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 31012DC118B97B9B0039062F /* glslang_tab.cpp */; settings = {COMPILER_FLAGS = "-Wno-unreachable-code"; }; }; 31012E3218B97B9B0039062F /* glslang_tab.h in Headers */ = {isa = PBXBuildFile; fileRef = 31012DC218B97B9B0039062F /* glslang_tab.h */; }; 31012E3318B97B9B0039062F /* HashNames.h in Headers */ = {isa = PBXBuildFile; fileRef = 31012DC318B97B9B0039062F /* HashNames.h */; }; 31012E3418B97B9B0039062F /* InfoSink.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 31012DC418B97B9B0039062F /* InfoSink.cpp */; }; @@ -516,8 +516,8 @@ 5CCD81C01DBFEA5C006066B8 /* UseInterfaceBlockFields.h in Headers */ = {isa = PBXBuildFile; fileRef = 5CCD81A91DBFEA5C006066B8 /* UseInterfaceBlockFields.h */; }; 5CCD81C31DBFEAD9006066B8 /* EmulateGLFragColorBroadcast.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5CCD81C11DBFEAD9006066B8 /* EmulateGLFragColorBroadcast.cpp */; }; 5CCD81C41DBFEAD9006066B8 /* EmulateGLFragColorBroadcast.h in Headers */ = {isa = PBXBuildFile; fileRef = 5CCD81C21DBFEAD9006066B8 /* EmulateGLFragColorBroadcast.h */; }; - 72309A56183C27DE00370B93 /* Tokenizer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 72309A55183C27DB00370B93 /* Tokenizer.cpp */; }; - 72309A58183C27F300370B93 /* ExpressionParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 72309A57183C27F100370B93 /* ExpressionParser.cpp */; }; + 72309A56183C27DE00370B93 /* Tokenizer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 72309A55183C27DB00370B93 /* Tokenizer.cpp */; settings = {COMPILER_FLAGS = "-Wno-unreachable-code"; }; }; + 72309A58183C27F300370B93 /* ExpressionParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 72309A57183C27F100370B93 /* ExpressionParser.cpp */; settings = {COMPILER_FLAGS = "-Wno-unreachable-code"; }; }; A08C3CDC16D6CB61003F0B83 /* ArrayBoundsClamper.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A08C3CDA16D6CB61003F0B83 /* ArrayBoundsClamper.cpp */; }; A08C3CDD16D6CB61003F0B83 /* ArrayBoundsClamper.h in Headers */
[webkit-changes] [236810] trunk/Source/WebKit
Title: [236810] trunk/Source/WebKit Revision 236810 Author bb...@apple.com Date 2018-10-03 14:02:19 -0700 (Wed, 03 Oct 2018) Log Message [Cocoa] REGRESSION: web content process paused in debugger is considered to be unresponsive if WebKit client is sandboxed https://bugs.webkit.org/show_bug.cgi?id=190256 Reviewed by Alexey Proskuryakov. Instead of giving up when the client is sandboxed, check whether it has the exception that's necessary to get process information. If it is possible, proceed to check whether the web content process has a debugger attached. * UIProcess/Cocoa/WebProcessProxyCocoa.mm: (WebKit::WebProcessProxy::platformIsBeingDebugged const): Check 'process-info-pidinfo' to see if the sysctl call would be allowed. Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm Diff Modified: trunk/Source/WebKit/ChangeLog (236809 => 236810) --- trunk/Source/WebKit/ChangeLog 2018-10-03 20:54:17 UTC (rev 236809) +++ trunk/Source/WebKit/ChangeLog 2018-10-03 21:02:19 UTC (rev 236810) @@ -1,3 +1,19 @@ +2018-10-03 Brian Burg + +[Cocoa] REGRESSION: web content process paused in debugger is considered to be unresponsive if WebKit client is sandboxed +https://bugs.webkit.org/show_bug.cgi?id=190256 + + +Reviewed by Alexey Proskuryakov. + +Instead of giving up when the client is sandboxed, check whether it has the +exception that's necessary to get process information. If it is possible, +proceed to check whether the web content process has a debugger attached. + +* UIProcess/Cocoa/WebProcessProxyCocoa.mm: +(WebKit::WebProcessProxy::platformIsBeingDebugged const): +Check 'process-info-pidinfo' to see if the sysctl call would be allowed. + 2018-10-03 Michael Catanzaro [WPE][GTK] Enable MSE by default Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm (236809 => 236810) --- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm 2018-10-03 20:54:17 UTC (rev 236809) +++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm 2018-10-03 21:02:19 UTC (rev 236810) @@ -37,6 +37,7 @@ #import "WebProcessPool.h" #import #import +#import namespace WebKit { @@ -135,8 +136,8 @@ bool WebProcessProxy::platformIsBeingDebugged() const { -// If the UI process is sandboxed, it cannot find out whether other processes are being debugged. -if (currentProcessIsSandboxed()) +// If the UI process is sandboxed and lacks 'process-info-pidinfo', it cannot find out whether other processes are being debugged. +if (currentProcessIsSandboxed() && !!sandbox_check(getpid(), "process-info-pidinfo", SANDBOX_CHECK_NO_REPORT)) return false; struct kinfo_proc info; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [236809] trunk
Title: [236809] trunk Revision 236809 Author grao...@webkit.org Date 2018-10-03 13:54:17 -0700 (Wed, 03 Oct 2018) Log Message [Web Animations] REGRESSION: setting 'animation-name: none' after a 'fill: forwards' animation has completed does not revert to the unanimated style https://bugs.webkit.org/show_bug.cgi?id=190257 Reviewed by Dean Jackson. Source/WebCore: Test: animations/animation-fill-forwards-removal.html While we removed a declarative animation that was no longer targetting its element, we were not removing it from the declarative animation maps on the timeline, which means that the animation would still be picked up when resolving styles. We now notify the timeline that the animation was detached from the element. This preserves the DeclarativeAnimation relationship returning the element as its effect's target and the document timeline as its timeline, but the document timeline will no longer see this animation as targeting this element. * animation/AnimationTimeline.cpp: (WebCore::AnimationTimeline::cancelOrRemoveDeclarativeAnimation): * animation/DeclarativeAnimation.h: (WebCore::DeclarativeAnimation::target const): LayoutTests: Add a test that checks that an animation with fill: forwards no longer applies to an element once it's been removed. * animations/animation-fill-forwards-removal-expected.txt: Added. * animations/animation-fill-forwards-removal.html: Added. Modified Paths trunk/LayoutTests/ChangeLog trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/animation/AnimationTimeline.cpp trunk/Source/WebCore/animation/DeclarativeAnimation.h Added Paths trunk/LayoutTests/animations/animation-fill-forwards-removal-expected.txt trunk/LayoutTests/animations/animation-fill-forwards-removal.html Diff Modified: trunk/LayoutTests/ChangeLog (236808 => 236809) --- trunk/LayoutTests/ChangeLog 2018-10-03 20:19:37 UTC (rev 236808) +++ trunk/LayoutTests/ChangeLog 2018-10-03 20:54:17 UTC (rev 236809) @@ -1,3 +1,16 @@ +2018-10-03 Antoine Quint + +[Web Animations] REGRESSION: setting 'animation-name: none' after a 'fill: forwards' animation has completed does not revert to the unanimated style +https://bugs.webkit.org/show_bug.cgi?id=190257 + + +Reviewed by Dean Jackson. + +Add a test that checks that an animation with fill: forwards no longer applies to an element once it's been removed. + +* animations/animation-fill-forwards-removal-expected.txt: Added. +* animations/animation-fill-forwards-removal.html: Added. + 2018-10-03 Chris Dumez Regression(r236779): Crash when changing the input element type from inside an 'input' event listener Added: trunk/LayoutTests/animations/animation-fill-forwards-removal-expected.txt (0 => 236809) --- trunk/LayoutTests/animations/animation-fill-forwards-removal-expected.txt (rev 0) +++ trunk/LayoutTests/animations/animation-fill-forwards-removal-expected.txt 2018-10-03 20:54:17 UTC (rev 236809) @@ -0,0 +1,3 @@ + +PASS Setting 'animation-name: none' after a 'fill: forwards' animation has completed reverts to the unanimated style. + Added: trunk/LayoutTests/animations/animation-fill-forwards-removal.html (0 => 236809) --- trunk/LayoutTests/animations/animation-fill-forwards-removal.html (rev 0) +++ trunk/LayoutTests/animations/animation-fill-forwards-removal.html 2018-10-03 20:54:17 UTC (rev 236809) @@ -0,0 +1,28 @@ + + + +@keyframes animation { +to { margin-left: 100px } +} + + + + +'use strict'; + +async_test(t => { +const target = document.body.appendChild(document.createElement("div")); +target.style.animation = "animation 10ms forwards"; + +target.addEventListener("animationend", () => { +assert_equals(getComputedStyle(target).marginLeft, "100px", "The target element has style values from the final keyframe of its animation."); +target.style.animation = "none"; +assert_equals(getComputedStyle(target).marginLeft, "0px", "The target element has no animation after setting 'animation-name: none'."); +t.done(); +}); +}, "Setting 'animation-name: none' after a 'fill: forwards' animation has completed reverts to the unanimated style."); + + + \ No newline at end of file Modified: trunk/Source/WebCore/ChangeLog (236808 => 236809) --- trunk/Source/WebCore/ChangeLog 2018-10-03 20:19:37 UTC (rev 236808) +++ trunk/Source/WebCore/ChangeLog 2018-10-03 20:54:17 UTC (rev 236809) @@ -1,3 +1,23 @@ +2018-10-03 Antoine Quint + +[Web Animations] REGRESSION: setting 'animation-name: none' after a 'fill: forwards' animation has completed does not revert to the unanimated style +https://bugs.webkit.org/show_bug.cgi?id=190257 + + +Reviewed by Dean Jackson. + +Test: animations/animation-fill-forwards-removal.html + +While we removed a declarative animation that was no longer targetting its element, we were not removing it
[webkit-changes] [236808] tags/Safari-607.1.8.2/Source
Title: [236808] tags/Safari-607.1.8.2/Source Revision 236808 Author kocsen_ch...@apple.com Date 2018-10-03 13:19:37 -0700 (Wed, 03 Oct 2018) Log Message Versioning. Modified Paths tags/Safari-607.1.8.2/Source/_javascript_Core/Configurations/Version.xcconfig tags/Safari-607.1.8.2/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig tags/Safari-607.1.8.2/Source/WebCore/Configurations/Version.xcconfig tags/Safari-607.1.8.2/Source/WebCore/PAL/Configurations/Version.xcconfig tags/Safari-607.1.8.2/Source/WebInspectorUI/Configurations/Version.xcconfig tags/Safari-607.1.8.2/Source/WebKit/Configurations/Version.xcconfig tags/Safari-607.1.8.2/Source/WebKitLegacy/mac/Configurations/Version.xcconfig Diff Modified: tags/Safari-607.1.8.2/Source/_javascript_Core/Configurations/Version.xcconfig (236807 => 236808) --- tags/Safari-607.1.8.2/Source/_javascript_Core/Configurations/Version.xcconfig 2018-10-03 20:13:30 UTC (rev 236807) +++ tags/Safari-607.1.8.2/Source/_javascript_Core/Configurations/Version.xcconfig 2018-10-03 20:19:37 UTC (rev 236808) @@ -24,7 +24,7 @@ MAJOR_VERSION = 607; MINOR_VERSION = 1; TINY_VERSION = 8; -MICRO_VERSION = 1; +MICRO_VERSION = 2; NANO_VERSION = 0; FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION); Modified: tags/Safari-607.1.8.2/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig (236807 => 236808) --- tags/Safari-607.1.8.2/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig 2018-10-03 20:13:30 UTC (rev 236807) +++ tags/Safari-607.1.8.2/Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig 2018-10-03 20:19:37 UTC (rev 236808) @@ -24,7 +24,7 @@ MAJOR_VERSION = 607; MINOR_VERSION = 1; TINY_VERSION = 8; -MICRO_VERSION = 1; +MICRO_VERSION = 2; NANO_VERSION = 0; FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION); Modified: tags/Safari-607.1.8.2/Source/WebCore/Configurations/Version.xcconfig (236807 => 236808) --- tags/Safari-607.1.8.2/Source/WebCore/Configurations/Version.xcconfig 2018-10-03 20:13:30 UTC (rev 236807) +++ tags/Safari-607.1.8.2/Source/WebCore/Configurations/Version.xcconfig 2018-10-03 20:19:37 UTC (rev 236808) @@ -24,7 +24,7 @@ MAJOR_VERSION = 607; MINOR_VERSION = 1; TINY_VERSION = 8; -MICRO_VERSION = 1; +MICRO_VERSION = 2; NANO_VERSION = 0; FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION); Modified: tags/Safari-607.1.8.2/Source/WebCore/PAL/Configurations/Version.xcconfig (236807 => 236808) --- tags/Safari-607.1.8.2/Source/WebCore/PAL/Configurations/Version.xcconfig 2018-10-03 20:13:30 UTC (rev 236807) +++ tags/Safari-607.1.8.2/Source/WebCore/PAL/Configurations/Version.xcconfig 2018-10-03 20:19:37 UTC (rev 236808) @@ -24,7 +24,7 @@ MAJOR_VERSION = 607; MINOR_VERSION = 1; TINY_VERSION = 8; -MICRO_VERSION = 1; +MICRO_VERSION = 2; NANO_VERSION = 0; FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION); Modified: tags/Safari-607.1.8.2/Source/WebInspectorUI/Configurations/Version.xcconfig (236807 => 236808) --- tags/Safari-607.1.8.2/Source/WebInspectorUI/Configurations/Version.xcconfig 2018-10-03 20:13:30 UTC (rev 236807) +++ tags/Safari-607.1.8.2/Source/WebInspectorUI/Configurations/Version.xcconfig 2018-10-03 20:19:37 UTC (rev 236808) @@ -1,7 +1,7 @@ MAJOR_VERSION = 607; MINOR_VERSION = 1; TINY_VERSION = 8; -MICRO_VERSION = 1; +MICRO_VERSION = 2; NANO_VERSION = 0; FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION); Modified: tags/Safari-607.1.8.2/Source/WebKit/Configurations/Version.xcconfig (236807 => 236808) --- tags/Safari-607.1.8.2/Source/WebKit/Configurations/Version.xcconfig 2018-10-03 20:13:30 UTC (rev 236807) +++ tags/Safari-607.1.8.2/Source/WebKit/Configurations/Version.xcconfig 2018-10-03 20:19:37 UTC (rev 236808) @@ -24,7 +24,7 @@ MAJOR_VERSION = 607; MINOR_VERSION = 1; TINY_VERSION = 8; -MICRO_VERSION = 1; +MICRO_VERSION = 2; NANO_VERSION = 0; FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION); Modified: tags/Safari-607.1.8.2/Source/WebKitLegacy/mac/Configurations/Version.xcconfig (236807 => 236808) --- tags/Safari-607.1.8.2/Source/WebKitLegacy/mac/Configurations/Version.xcconfig 2018-10-03 20:13:30 UTC (rev 236807) +++ tags/Safari-607.1.8.2/Source/WebKitLegacy/mac/Configurations/Version.xcconfig 2018-10-03 20:19:37 UTC (rev 236808) @@ -24,7 +24,7 @@ MAJOR_VERSION = 607; MINOR_VERSION = 1; TINY_VERSION = 8; -MICRO_VERSION = 1; +MICRO_VERSION = 2; NANO_VERSION = 0; FULL_VERSION = $(MAJOR_VERSION).$(MINOR_VERSION).$(TINY_VERSION).$(MICRO_VERSION); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [236807] tags/Safari-607.1.8.2/
Title: [236807] tags/Safari-607.1.8.2/ Revision 236807 Author kocsen_ch...@apple.com Date 2018-10-03 13:13:30 -0700 (Wed, 03 Oct 2018) Log Message New tag. Added Paths tags/Safari-607.1.8.2/ Diff ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [236806] trunk/Source/WebCore
Title: [236806] trunk/Source/WebCore Revision 236806 Author jer.no...@apple.com Date 2018-10-03 12:28:31 -0700 (Wed, 03 Oct 2018) Log Message CRASH in CVPixelBufferGetBytePointerCallback() https://bugs.webkit.org/show_bug.cgi?id=190092 Reviewed by Eric Carlson. Speculative fix for crash that occurs when callers of CVPixelBufferGetBytePointerCallback() attempt to read the last byte of a CVPixelBuffer (as a pre-flight check) and crash due to a memory access error. It's speculated that mismatching CVPixelBufferLockBytePointer / CVPixelBufferUnlockBytePointer calls could result in an incorrect state inside the CVPixelBuffer. Add log count checks, locking, and release logging to try to pinpoint if mismatch lock counts are occurring in this code path. * platform/graphics/cv/PixelBufferConformerCV.cpp: (WebCore::CVPixelBufferGetBytePointerCallback): (WebCore::CVPixelBufferReleaseBytePointerCallback): (WebCore::CVPixelBufferReleaseInfoCallback): (WebCore::PixelBufferConformerCV::createImageFromPixelBuffer): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/platform/graphics/cv/PixelBufferConformerCV.cpp Diff Modified: trunk/Source/WebCore/ChangeLog (236805 => 236806) --- trunk/Source/WebCore/ChangeLog 2018-10-03 18:38:11 UTC (rev 236805) +++ trunk/Source/WebCore/ChangeLog 2018-10-03 19:28:31 UTC (rev 236806) @@ -1,3 +1,22 @@ +2018-10-03 Jer Noble + +CRASH in CVPixelBufferGetBytePointerCallback() +https://bugs.webkit.org/show_bug.cgi?id=190092 + +Reviewed by Eric Carlson. + +Speculative fix for crash that occurs when callers of CVPixelBufferGetBytePointerCallback() attempt +to read the last byte of a CVPixelBuffer (as a pre-flight check) and crash due to a memory access +error. It's speculated that mismatching CVPixelBufferLockBytePointer / CVPixelBufferUnlockBytePointer +calls could result in an incorrect state inside the CVPixelBuffer. Add log count checks, locking, and +release logging to try to pinpoint if mismatch lock counts are occurring in this code path. + +* platform/graphics/cv/PixelBufferConformerCV.cpp: +(WebCore::CVPixelBufferGetBytePointerCallback): +(WebCore::CVPixelBufferReleaseBytePointerCallback): +(WebCore::CVPixelBufferReleaseInfoCallback): +(WebCore::PixelBufferConformerCV::createImageFromPixelBuffer): + 2018-10-03 Chris Dumez Regression(r236779): Crash when changing the input element type from inside an 'input' event listener Modified: trunk/Source/WebCore/platform/graphics/cv/PixelBufferConformerCV.cpp (236805 => 236806) --- trunk/Source/WebCore/platform/graphics/cv/PixelBufferConformerCV.cpp 2018-10-03 18:38:11 UTC (rev 236805) +++ trunk/Source/WebCore/platform/graphics/cv/PixelBufferConformerCV.cpp 2018-10-03 19:28:31 UTC (rev 236806) @@ -29,6 +29,7 @@ #if HAVE(CORE_VIDEO) #include "GraphicsContextCG.h" +#include "Logging.h" #include #include "CoreVideoSoftLink.h" @@ -55,23 +56,87 @@ #endif } -static const void* CVPixelBufferGetBytePointerCallback(void* info) +struct CVPixelBufferInfo { +RetainPtr pixelBuffer; +int lockCount { 0 }; +}; + +static const void* CVPixelBufferGetBytePointerCallback(void* refcon) { -CVPixelBufferRef pixelBuffer = static_cast(info); -CVPixelBufferLockBaseAddress(pixelBuffer, kCVPixelBufferLock_ReadOnly); -return CVPixelBufferGetBaseAddress(pixelBuffer); +ASSERT(refcon); +if (!refcon) { +RELEASE_LOG_ERROR(Media, "CVPixelBufferGetBytePointerCallback() called with NULL refcon"); +RELEASE_LOG_STACKTRACE(Media); +return nullptr; +} +auto info = static_cast(refcon); + +CVReturn result = CVPixelBufferLockBaseAddress(info->pixelBuffer.get(), kCVPixelBufferLock_ReadOnly); + +ASSERT(result == kCVReturnSuccess); +if (result != kCVReturnSuccess) { +RELEASE_LOG_ERROR(Media, "CVPixelBufferLockBaseAddress() returned error code %d", result); +RELEASE_LOG_STACKTRACE(Media); +return nullptr; +} + +++info->lockCount; +void* address = CVPixelBufferGetBaseAddress(info->pixelBuffer.get()); +RELEASE_LOG_INFO(Media, "CVPixelBufferGetBytePointerCallback() returning bytePointer: %p, size: %zu", address, CVPixelBufferGetDataSize(info->pixelBuffer.get())); +return address; } -static void CVPixelBufferReleaseBytePointerCallback(void* info, const void*) +static void CVPixelBufferReleaseBytePointerCallback(void* refcon, const void*) { -CVPixelBufferRef pixelBuffer = static_cast(info); -CVPixelBufferUnlockBaseAddress(pixelBuffer, kCVPixelBufferLock_ReadOnly); +ASSERT(refcon); +if (!refcon) { +RELEASE_LOG_ERROR(Media, "CVPixelBufferReleaseBytePointerCallback() called with NULL refcon"); +RELEASE_LOG_STACKTRACE(Media); +return; +} +auto info = static_cast(refcon); + +CVReturn result = CVPixelBufferUnlockBaseAddress(info->pixelBuffer.get(),
[webkit-changes] [236805] trunk
Title: [236805] trunk Revision 236805 Author m...@apple.com Date 2018-10-03 11:38:11 -0700 (Wed, 03 Oct 2018) Log Message bmalloc, WTF and _javascript_Core parts of [Xcode] Update some build settings as recommended by Xcode 10 https://bugs.webkit.org/show_bug.cgi?id=190250 Reviewed by Alex Christensen. Source/bmalloc: * Configurations/Base.xcconfig: Enabled CLANG_WARN_COMMA, CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS, and CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF. * bmalloc.xcodeproj/project.pbxproj: Let Xcode update LastUpgradeCheck. Source/_javascript_Core: * API/tests/Regress141275.mm: (-[JSTEvaluator _sourcePerform]): Addressed newly-enabled CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF by making the self-retaining explicit. * API/tests/testapi.cpp: (testCAPIViaCpp): Addressed newly-enabled CLANG_WARN_UNREACHABLE_CODE by breaking out of the loop instead of returning from the lambda. * Configurations/Base.xcconfig: Enabled CLANG_WARN_COMMA, CLANG_WARN_UNREACHABLE_CODE, CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS, CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF, and CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED. * _javascript_Core.xcodeproj/project.pbxproj: Removed a duplicate reference to UnlinkedFunctionExecutable.h, and let Xcode update the project file. * assembler/MacroAssemblerPrinter.cpp: (JSC::Printer::printAllRegisters): Addressed newly-enabled CLANG_WARN_COMMA by replacing some commas with semicolons. Source/WTF: * Configurations/Base.xcconfig: Enabled CLANG_WARN_COMMA, CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS, and CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF. * WTF.xcodeproj/project.pbxproj: Let Xcode update LastUpgradeCheck. * wtf/MathExtras.h: (WTF::fastLog2): Addressed newly-enabled CLANG_WARN_COMMA by splitting some comma-separated expressions into individual statements. Modified Paths trunk/Source/_javascript_Core/API/tests/Regress141275.mm trunk/Source/_javascript_Core/API/tests/testapi.cpp trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/Configurations/Base.xcconfig trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj trunk/Source/_javascript_Core/assembler/MacroAssemblerPrinter.cpp trunk/Source/WTF/ChangeLog trunk/Source/WTF/Configurations/Base.xcconfig trunk/Source/WTF/WTF.xcodeproj/project.pbxproj trunk/Source/WTF/wtf/MathExtras.h trunk/Source/bmalloc/ChangeLog trunk/Source/bmalloc/Configurations/Base.xcconfig trunk/Source/bmalloc/bmalloc.xcodeproj/project.pbxproj trunk/Tools/MobileMiniBrowser/MobileMiniBrowser.xcodeproj/xcshareddata/xcschemes/MobileMiniBrowserUITests.xcscheme trunk/WebKit.xcworkspace/xcshareddata/xcschemes/All Source.xcscheme trunk/WebKit.xcworkspace/xcshareddata/xcschemes/All Tools.xcscheme Diff Modified: trunk/Source/_javascript_Core/API/tests/Regress141275.mm (236804 => 236805) --- trunk/Source/_javascript_Core/API/tests/Regress141275.mm 2018-10-03 18:28:55 UTC (rev 236804) +++ trunk/Source/_javascript_Core/API/tests/Regress141275.mm 2018-10-03 18:38:11 UTC (rev 236805) @@ -306,12 +306,12 @@ NSError* error = nil; if (task.evaluateBlock) { [self _setupEvaluatorThreadContextIfNeeded]; -task.evaluateBlock(_jsContext); -if (_jsContext.exception) { -NSLog(@"Did fail on JSContext: %@", _jsContext.name); -NSDictionary* userInfo = @{ NSLocalizedDescriptionKey : [_jsContext.exception[@"message"] toString] }; +task.evaluateBlock(self->_jsContext); +if (self->_jsContext.exception) { +NSLog(@"Did fail on JSContext: %@", self->_jsContext.name); +NSDictionary* userInfo = @{ NSLocalizedDescriptionKey : [self->_jsContext.exception[@"message"] toString] }; error = [NSError errorWithDomain:@"JSTEvaluator" code:1 userInfo:userInfo]; -_jsContext.exception = nil; +self->_jsContext.exception = nil; } } [self _callCompletionHandler:task.completionHandler ifNeededWithError:error]; @@ -324,8 +324,8 @@ } dispatch_barrier_sync(_jsSourcePerformQueue, ^{ -if ([_jsContext[@"counter"] toInt32] == scriptToEvaluate) -dispatch_semaphore_signal(_allScriptsDone); +if ([self->_jsContext[@"counter"] toInt32] == scriptToEvaluate) +dispatch_semaphore_signal(self->_allScriptsDone); }); } } Modified: trunk/Source/_javascript_Core/API/tests/testapi.cpp (236804 => 236805) --- trunk/Source/_javascript_Core/API/tests/testapi.cpp 2018-10-03 18:28:55 UTC (rev 236804) +++ trunk/Source/_javascript_Core/API/tests/testapi.cpp 2018-10-03 18:38:11 UTC (rev 236805) @@ -520,7 +520,7 @@ { LockHolder locker(lock); if (tasks.isEmpty()) -
[webkit-changes] [236804] trunk
Title: [236804] trunk Revision 236804 Author mark@apple.com Date 2018-10-03 11:28:55 -0700 (Wed, 03 Oct 2018) Log Message Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX. https://bugs.webkit.org/show_bug.cgi?id=190187 Reviewed by Michael Saboff. JSTests: * stress/regress-190187.js: Added. Source/_javascript_Core: Allowing different max string lengths at each level opens up opportunities for bugs to creep in. With 2 different max length values, it is more difficult to keep the story straight on how we do overflow / bounds checks at each place in the code. It's also difficult to tell if a seemingly valid check at the WTF level will have bad ramifications at the JSC level. Also, it's also not meaningful to support a max length > INT_MAX. To eliminate this class of bugs, we'll standardize on a MaxLength of INT_MAX at all levels. We'll also standardize the way we do length overflow checks on using CheckedArithmetic, and add some asserts to document the assumptions of the code. * runtime/FunctionConstructor.cpp: (JSC::constructFunctionSkippingEvalEnabledCheck): - Fix OOM error handling which crashed a test after the new MaxLength was applied. * runtime/JSString.h: (JSC::JSString::finishCreation): (JSC::JSString::createHasOtherOwner): (JSC::JSString::setLength): * runtime/JSStringInlines.h: (JSC::jsMakeNontrivialString): * runtime/Operations.h: (JSC::jsString): Source/WTF: * wtf/text/StringConcatenate.h: (WTF::tryMakeStringFromAdapters): (WTF::sumWithOverflow): Deleted. * wtf/text/StringImpl.h: * wtf/text/WTFString.h: Modified Paths trunk/JSTests/ChangeLog trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/runtime/FunctionConstructor.cpp trunk/Source/_javascript_Core/runtime/JSString.h trunk/Source/_javascript_Core/runtime/JSStringInlines.h trunk/Source/_javascript_Core/runtime/Operations.h trunk/Source/WTF/ChangeLog trunk/Source/WTF/wtf/text/StringConcatenate.h trunk/Source/WTF/wtf/text/StringImpl.h trunk/Source/WTF/wtf/text/WTFString.h Added Paths trunk/JSTests/stress/regress-190187.js Diff Modified: trunk/JSTests/ChangeLog (236803 => 236804) --- trunk/JSTests/ChangeLog 2018-10-03 18:26:29 UTC (rev 236803) +++ trunk/JSTests/ChangeLog 2018-10-03 18:28:55 UTC (rev 236804) @@ -1,3 +1,13 @@ +2018-10-03 Mark Lam + +Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX. +https://bugs.webkit.org/show_bug.cgi?id=190187 + + +Reviewed by Michael Saboff. + +* stress/regress-190187.js: Added. + 2018-10-02 Caio Lima [BigInt] BigInt.proptotype.toString is broken when radix is power of 2 Added: trunk/JSTests/stress/regress-190187.js (0 => 236804) --- trunk/JSTests/stress/regress-190187.js (rev 0) +++ trunk/JSTests/stress/regress-190187.js 2018-10-03 18:28:55 UTC (rev 236804) @@ -0,0 +1,18 @@ +//@ runDefault +//@ skip if $memoryLimited or $buildType == "debug" +//@ slow! + +try { +var v1 = "AAA"; +for(var i = 0; i < 27; i++) + v1 = v1 + v1; +var v2; +var v3 = RegExp.prototype.toString.call({source:v1,flags:v1}); +v3 += v1; +v2 += v3.localeCompare(v1); +} catch (e) { +exception = e; +} + +if (exception != "Error: Out of memory") +throw "FAILED"; Modified: trunk/Source/_javascript_Core/ChangeLog (236803 => 236804) --- trunk/Source/_javascript_Core/ChangeLog 2018-10-03 18:26:29 UTC (rev 236803) +++ trunk/Source/_javascript_Core/ChangeLog 2018-10-03 18:28:55 UTC (rev 236804) @@ -1,3 +1,34 @@ +2018-10-03 Mark Lam + +Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX. +https://bugs.webkit.org/show_bug.cgi?id=190187 + + +Reviewed by Michael Saboff. + +Allowing different max string lengths at each level opens up opportunities for +bugs to creep in. With 2 different max length values, it is more difficult to +keep the story straight on how we do overflow / bounds checks at each place in +the code. It's also difficult to tell if a seemingly valid check at the WTF level +will have bad ramifications at the JSC level. Also, it's also not meaningful to +support a max length > INT_MAX. To eliminate this class of bugs, we'll +standardize on a MaxLength of INT_MAX at all levels. + +We'll also standardize the way we do length overflow checks on using +CheckedArithmetic, and add some asserts to document the assumptions of the code. + +* runtime/FunctionConstructor.cpp: +(JSC::constructFunctionSkippingEvalEnabledCheck): +- Fix OOM error handling which crashed a test after the new MaxLength was applied. +* runtime/JSString.h: +(JSC::JSString::finishCreation): +(JSC::JSString::createHasOtherOwner): +(JSC::JSString::setLength): +* runtime/JSStringInlines.h: +(JSC::jsMakeNontrivialString): +*
[webkit-changes] [236803] trunk
Title: [236803] trunk Revision 236803 Author cdu...@apple.com Date 2018-10-03 11:26:29 -0700 (Wed, 03 Oct 2018) Log Message Regression(r236779): Crash when changing the input element type from inside an 'input' event listener https://bugs.webkit.org/show_bug.cgi?id=190252 Reviewed by Alex Christensen. Source/WebCore: Add a null check for element() after firing the 'input' event and before firing the 'change' event in case the input event listener changes the input type. Tests: fast/dom/HTMLInputElement/change-type-in-click-event-listener.html fast/dom/HTMLInputElement/change-type-in-input-event-listener.html * html/BaseCheckableInputType.cpp: (WebCore::BaseCheckableInputType::fireInputAndChangeEvents): LayoutTests: Add layout test coverage. * fast/dom/HTMLInputElement/change-type-in-click-event-listener-expected.txt: Added. * fast/dom/HTMLInputElement/change-type-in-click-event-listener.html: Added. * fast/dom/HTMLInputElement/change-type-in-input-event-listener-expected.txt: Added. * fast/dom/HTMLInputElement/change-type-in-input-event-listener.html: Added. Modified Paths trunk/LayoutTests/ChangeLog trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/html/BaseCheckableInputType.cpp Added Paths trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-click-event-listener-expected.txt trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-click-event-listener.html trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-input-event-listener-expected.txt trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-input-event-listener.html Diff Modified: trunk/LayoutTests/ChangeLog (236802 => 236803) --- trunk/LayoutTests/ChangeLog 2018-10-03 18:23:53 UTC (rev 236802) +++ trunk/LayoutTests/ChangeLog 2018-10-03 18:26:29 UTC (rev 236803) @@ -1,3 +1,17 @@ +2018-10-03 Chris Dumez + +Regression(r236779): Crash when changing the input element type from inside an 'input' event listener +https://bugs.webkit.org/show_bug.cgi?id=190252 + +Reviewed by Alex Christensen. + +Add layout test coverage. + +* fast/dom/HTMLInputElement/change-type-in-click-event-listener-expected.txt: Added. +* fast/dom/HTMLInputElement/change-type-in-click-event-listener.html: Added. +* fast/dom/HTMLInputElement/change-type-in-input-event-listener-expected.txt: Added. +* fast/dom/HTMLInputElement/change-type-in-input-event-listener.html: Added. + 2018-10-03 Matt Lewis Unreviewed, rolling out r236781. Added: trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-click-event-listener-expected.txt (0 => 236803) --- trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-click-event-listener-expected.txt (rev 0) +++ trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-click-event-listener-expected.txt 2018-10-03 18:26:29 UTC (rev 236803) @@ -0,0 +1,10 @@ +Make sure we do not crash if the 'click' event listener changes the input type. + +On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". + + +PASS Click event was fired +PASS successfullyParsed is true + +TEST COMPLETE + Added: trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-click-event-listener.html (0 => 236803) --- trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-click-event-listener.html (rev 0) +++ trunk/LayoutTests/fast/dom/HTMLInputElement/change-type-in-click-event-listener.html 2018-10-03 18:26:29 UTC (rev 236803) @@ -0,0 +1,28 @@ + + + + + +