[webkit-changes] [250202] releases/WebKitGTK/webkit-2.26
Title: [250202] releases/WebKitGTK/webkit-2.26 Revision 250202 Author carlo...@webkit.org Date 2019-09-23 01:20:50 -0700 (Mon, 23 Sep 2019) Log Message Merge r249810 - [GTK][WPE] webkit_settings_set_user_agent() allows content forbidden in HTTP headers https://bugs.webkit.org/show_bug.cgi?id=201077 Reviewed by Carlos Garcia Campos. Source/WebCore: Add a function to validate whether a string contains a valid value which can be used in a HTTP User-Agent header. Covered by new WebCore API test HTTPParsers.ValidateUserAgentValues. * platform/glib/UserAgentGLib.cpp: (WebCore::standardUserAgent): Assert that the returned string is a valid User-Agent. (WebCore::standardUserAgentForURL): Ditto. * platform/network/HTTPParsers.cpp: Added a series of helper functions which skip over characters of a string, which can be used to scan over the different elements of an User-Agent value; all of them receive the position from the input string where to start scanning, updating it to the position right after the scanned item (this follow the convention already in use by other functions in the source file). Each of them has been annotated with the RFC number and section which contains the definition of the scanned item, and the corresponding BNF rules to make the code easier to follow. (WebCore::skipWhile): Added. (WebCore::isVisibleCharacter): Added. (WebCore::isOctectInFieldContentCharacter): Added. (WebCore::isCommentTextCharacter): Added. (WebCore::isHTTPTokenCharacter): Added. (WebCore::isValidHTTPToken): Refactored to use the new isHTTPTokenCharacter() helper function instead of having the test inside the loop. (WebCore::skipCharacter): Added. (WebCore::skipQuotedPair): Added. (WebCore::skipComment): Added. (WebCore::skipHTTPToken): Added. (WebCore::skipUserAgentProduct): Added. (WebCore::isValidUserAgentHeaderValue): Added. * platform/network/HTTPParsers.h: Add prototype for isValidUserAgentHeaderValue(). Source/WebKit: * UIProcess/API/glib/WebKitSettings.cpp: (webkit_settings_set_user_agent): Check the passed string using the new WebCore::isValidUserAgentHeaderValue() function, and return early without changing the setting if the string is not usable in the User-Agent HTTP header. Tools: * TestWebKitAPI/CMakeLists.txt: Add missing HTTPParsers.cpp to be built into TestWebCore. * TestWebKitAPI/Tests/WebCore/HTTPParsers.cpp: (TestWebKitAPI::TEST): Add tests for WebCore::isValidUserAgentHeaderValue(). Modified Paths releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/glib/UserAgentGLib.cpp releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/network/HTTPParsers.cpp releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/network/HTTPParsers.h releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/API/glib/WebKitSettings.cpp releases/WebKitGTK/webkit-2.26/Tools/ChangeLog releases/WebKitGTK/webkit-2.26/Tools/TestWebKitAPI/CMakeLists.txt releases/WebKitGTK/webkit-2.26/Tools/TestWebKitAPI/Tests/WebCore/HTTPParsers.cpp Diff Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250201 => 250202) --- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 03:46:57 UTC (rev 250201) +++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:20:50 UTC (rev 250202) @@ -1,3 +1,40 @@ +2019-09-12 Adrian Perez de Castro + +[GTK][WPE] webkit_settings_set_user_agent() allows content forbidden in HTTP headers +https://bugs.webkit.org/show_bug.cgi?id=201077 + +Reviewed by Carlos Garcia Campos. + +Add a function to validate whether a string contains a valid value +which can be used in a HTTP User-Agent header. + +Covered by new WebCore API test HTTPParsers.ValidateUserAgentValues. + +* platform/glib/UserAgentGLib.cpp: +(WebCore::standardUserAgent): Assert that the returned string is a valid User-Agent. +(WebCore::standardUserAgentForURL): Ditto. +* platform/network/HTTPParsers.cpp: Added a series of helper functions which skip over +characters of a string, which can be used to scan over the different elements of an +User-Agent value; all of them receive the position from the input string where to start +scanning, updating it to the position right after the scanned item (this follow the +convention already in use by other functions in the source file). Each of them has +been annotated with the RFC number and section which contains the definition of the +scanned item, and the corresponding BNF rules to make the code easier to follow. +(WebCore::skipWhile): Added. +(WebCore::isVisibleCharacter): Added. +(WebCore::isOctectInFieldContentCharacter): Added. +(WebCore::isCommentTextCharacter): Added. +(WebCore::isHTTPTokenCharacter): Added. +(WebCore::isValidHTTPToken): Refactored to use the new i
[webkit-changes] [250205] releases/WebKitGTK/webkit-2.26/Source/WebCore
Title: [250205] releases/WebKitGTK/webkit-2.26/Source/WebCore Revision 250205 Author carlo...@webkit.org Date 2019-09-23 01:21:04 -0700 (Mon, 23 Sep 2019) Log Message Merge r249951 - [GTK] Cannot create EGL window surface: EGL_BAD_ALLOC https://bugs.webkit.org/show_bug.cgi?id=201505 Reviewed by Žan Doberšek. This happens because eglCreateWindowSurface() is called twice for the same window when not using the WPE renderer. New versions of Mesa fail the second time with a EGL_BAD_ALLOC. * platform/graphics/egl/GLContextEGL.cpp: (WebCore::GLContextEGL::createWindowContext): Check surface is nullptr before falling back to use eglCreateWindowSurface(). Modified Paths releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/egl/GLContextEGL.cpp Diff Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250204 => 250205) --- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:21:01 UTC (rev 250204) +++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:21:04 UTC (rev 250205) @@ -1,3 +1,17 @@ +2019-09-17 Carlos Garcia Campos + +[GTK] Cannot create EGL window surface: EGL_BAD_ALLOC +https://bugs.webkit.org/show_bug.cgi?id=201505 + +Reviewed by Žan Doberšek. + +This happens because eglCreateWindowSurface() is called twice for the same window when not using the WPE +renderer. New versions of Mesa fail the second time with a EGL_BAD_ALLOC. + +* platform/graphics/egl/GLContextEGL.cpp: +(WebCore::GLContextEGL::createWindowContext): Check surface is nullptr before falling back to use +eglCreateWindowSurface(). + 2019-09-12 Adrian Perez de Castro [GTK][WPE] webkit_settings_set_user_agent() allows content forbidden in HTTP headers Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/egl/GLContextEGL.cpp (250204 => 250205) --- releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/egl/GLContextEGL.cpp 2019-09-23 08:21:01 UTC (rev 250204) +++ releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/egl/GLContextEGL.cpp 2019-09-23 08:21:04 UTC (rev 250205) @@ -188,7 +188,8 @@ if (platformDisplay.type() == PlatformDisplay::Type::WPE) surface = createWindowSurfaceWPE(display, config, window); #else -surface = eglCreateWindowSurface(display, config, static_cast(window), nullptr); +if (surface == EGL_NO_SURFACE) +surface = eglCreateWindowSurface(display, config, static_cast(window), nullptr); #endif if (surface == EGL_NO_SURFACE) { WTFLogAlways("Cannot create EGL window surface: %s\n", lastErrorString()); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250207] releases/WebKitGTK/webkit-2.26
Title: [250207] releases/WebKitGTK/webkit-2.26 Revision 250207 Author carlo...@webkit.org Date 2019-09-23 01:21:10 -0700 (Mon, 23 Sep 2019) Log Message Merge r249883 - [GTK][WPE] Do not run the Bubblewrap executable when configuring for cross-compilation https://bugs.webkit.org/show_bug.cgi?id=201340 Reviewed by Konstantin Tokarev. * Source/cmake/BubblewrapSandboxChecks.cmake: Do not run the Bubblewrap executable when cross-compiling to guess its version. Emit a warning instead and trust that valid run-time paths will be set using the BWRAP_EXECUTABLE and DBUS_PROXY_EXECUTABLE variables. While at it, fix the regular _expression_ used to match the version string in the Bubblewrap output when not cross-compiling. Modified Paths releases/WebKitGTK/webkit-2.26/ChangeLog releases/WebKitGTK/webkit-2.26/Source/cmake/BubblewrapSandboxChecks.cmake Diff Modified: releases/WebKitGTK/webkit-2.26/ChangeLog (250206 => 250207) --- releases/WebKitGTK/webkit-2.26/ChangeLog 2019-09-23 08:21:08 UTC (rev 250206) +++ releases/WebKitGTK/webkit-2.26/ChangeLog 2019-09-23 08:21:10 UTC (rev 250207) @@ -1,3 +1,17 @@ +2019-09-15 Adrian Perez de Castro + +[GTK][WPE] Do not run the Bubblewrap executable when configuring for cross-compilation +https://bugs.webkit.org/show_bug.cgi?id=201340 + +Reviewed by Konstantin Tokarev. + +* Source/cmake/BubblewrapSandboxChecks.cmake: Do not run the +Bubblewrap executable when cross-compiling to guess its version. +Emit a warning instead and trust that valid run-time paths will +be set using the BWRAP_EXECUTABLE and DBUS_PROXY_EXECUTABLE +variables. While at it, fix the regular _expression_ used to match +the version string in the Bubblewrap output when not cross-compiling. + 2019-09-20 Adrian Perez de Castro Unreviewed. Update OptionsWPE.cmake and NEWS for the 2.26.0 release Modified: releases/WebKitGTK/webkit-2.26/Source/cmake/BubblewrapSandboxChecks.cmake (250206 => 250207) --- releases/WebKitGTK/webkit-2.26/Source/cmake/BubblewrapSandboxChecks.cmake 2019-09-23 08:21:08 UTC (rev 250206) +++ releases/WebKitGTK/webkit-2.26/Source/cmake/BubblewrapSandboxChecks.cmake 2019-09-23 08:21:10 UTC (rev 250207) @@ -3,21 +3,7 @@ if (NOT BWRAP_EXECUTABLE) message(FATAL_ERROR "bwrap executable is needed for ENABLE_BUBBLEWRAP_SANDBOX") endif () -add_definitions(-DBWRAP_EXECUTABLE="${BWRAP_EXECUTABLE}") -execute_process( -COMMAND "${BWRAP_EXECUTABLE}" --version -RESULT_VARIABLE BWRAP_RET -OUTPUT_VARIABLE BWRAP_OUTPUT -) -if (BWRAP_RET) -message(FATAL_ERROR "Failed to run ${BWRAP_EXECUTABLE}") -endif () -string(REGEX MATCH "([0-9]+.[0-9]+.[0-9]+)" BWRAP_VERSION "${BWRAP_OUTPUT}") -if (NOT "${BWRAP_VERSION}" VERSION_GREATER_EQUAL "0.3.1") -message(FATAL_ERROR "bwrap must be >= 0.3.1 but ${BWRAP_VERSION} found") -endif () - find_package(Libseccomp) if (NOT LIBSECCOMP_FOUND) message(FATAL_ERROR "libseccomp is needed for ENABLE_BUBBLEWRAP_SANDBOX") @@ -27,5 +13,32 @@ if (NOT DBUS_PROXY_EXECUTABLE) message(FATAL_ERROR "xdg-dbus-proxy not found and is needed for ENABLE_BUBBLEWRAP_SANDBOX") endif () + +if (NOT CMAKE_CROSSCOMPILING) +execute_process( +COMMAND "${BWRAP_EXECUTABLE}" --version +RESULT_VARIABLE BWRAP_RET +OUTPUT_VARIABLE BWRAP_OUTPUT +) +if (BWRAP_RET) +message(FATAL_ERROR "Failed to run ${BWRAP_EXECUTABLE}") +endif () +string(REGEX MATCH "[0-9]+\\.[0-9]+\\.[0-9]+" BWRAP_VERSION "${BWRAP_OUTPUT}") +if (NOT "${BWRAP_VERSION}" VERSION_GREATER_EQUAL "0.3.1") +message(FATAL_ERROR "bwrap must be >= 0.3.1 but ${BWRAP_VERSION} found") +endif () +elseif (NOT SILENCE_CROSS_COMPILATION_NOTICES) +message(NOTICE +"******\n" +"*** Cannot check Bubblewrap version when cross-compiling. ***\n" +"*** The target system MUST have version 0.3.1 or newer. ***\n" +"*** Use the BWRAP_EXECUTABLE and DBUS_PROXY_EXECUTABLE***\n" +"*** variables to set the run-time paths for the 'bwrap' ***\n" +"*** and 'xdg-dbus-proxy' programs.***\n" +"******" +) +endif () + +add_definitions(-DBWRAP_EXECUTABLE="${BWRAP_EXECUTABLE}") add_definitions(-DDBUS_PROXY_EXECUTABLE="${DBUS_PROXY_EXECUTABLE}") endif () ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250204] releases/WebKitGTK/webkit-2.26/Source/WebKit
Title: [250204] releases/WebKitGTK/webkit-2.26/Source/WebKit Revision 250204 Author carlo...@webkit.org Date 2019-09-23 01:21:01 -0700 (Mon, 23 Sep 2019) Log Message Merge r249947 - [GTK] Crash closing web view while hardware acceleration is enabled https://bugs.webkit.org/show_bug.cgi?id=200856 Reviewed by Michael Catanzaro. The crash happens when destroying the WaylandCompositor::Surface because the web view GL context is used to release the texture, but the GL context is no longer valid after web view unrealize. AcceleratedBackingStoreWayland should handle the web view unrealize to destroy the GL context. It will be created on demand again after the web view is realized. * UIProcess/API/gtk/WebKitWebViewBase.cpp: (webkitWebViewBaseRealize): Notify AcceleratedBackingStore. (webkitWebViewBaseUnrealize): Ditto. * UIProcess/gtk/AcceleratedBackingStore.h: (WebKit::AcceleratedBackingStore::realize): Added. (WebKit::AcceleratedBackingStore::unrealize): Added. * UIProcess/gtk/AcceleratedBackingStoreWayland.cpp: (WebKit::AcceleratedBackingStoreWayland::realize): In case of using WaylandCompositor, call WaylandCompositor::bindWebPage() to bind the WebPageProxy to the Wayland surface. (WebKit::AcceleratedBackingStoreWayland::unrealize): Destroy GL resources and the GL context. (WebKit::AcceleratedBackingStoreWayland::tryEnsureGLContext): Do not try to create the GL context if the web view is not realized. (WebKit::AcceleratedBackingStoreWayland::displayBuffer): Remove the code to initialize the texture. (WebKit::AcceleratedBackingStoreWayland::paint): And add it here. * UIProcess/gtk/AcceleratedBackingStoreWayland.h: * UIProcess/gtk/WaylandCompositor.cpp: (WebKit::WaylandCompositor::Surface::setWebPage): Return early if given page is the current one already. (WebKit::WaylandCompositor::bindWebPage): Set the surface WebPageProxy. (WebKit::WaylandCompositor::unbindWebPage): Unset the surface WebPageProxy. * UIProcess/gtk/WaylandCompositor.h: * WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp: (WebKit::DrawingAreaCoordinatedGraphics::enterAcceleratedCompositingMode): When restoring a previous layer tree host, always call resumeRendering() to balance the suspendRendering() called in exitAcceleratedCompositingMode(). Modified Paths releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/gtk/AcceleratedBackingStore.h releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/gtk/AcceleratedBackingStoreWayland.cpp releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/gtk/AcceleratedBackingStoreWayland.h releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/gtk/WaylandCompositor.cpp releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/gtk/WaylandCompositor.h releases/WebKitGTK/webkit-2.26/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp Diff Modified: releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog (250203 => 250204) --- releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:20:55 UTC (rev 250203) +++ releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:21:01 UTC (rev 250204) @@ -1,3 +1,39 @@ +2019-09-17 Carlos Garcia Campos + +[GTK] Crash closing web view while hardware acceleration is enabled +https://bugs.webkit.org/show_bug.cgi?id=200856 + +Reviewed by Michael Catanzaro. + +The crash happens when destroying the WaylandCompositor::Surface because the web view GL context is used to +release the texture, but the GL context is no longer valid after web view +unrealize. AcceleratedBackingStoreWayland should handle the web view unrealize to destroy the GL context. It +will be created on demand again after the web view is realized. + +* UIProcess/API/gtk/WebKitWebViewBase.cpp: +(webkitWebViewBaseRealize): Notify AcceleratedBackingStore. +(webkitWebViewBaseUnrealize): Ditto. +* UIProcess/gtk/AcceleratedBackingStore.h: +(WebKit::AcceleratedBackingStore::realize): Added. +(WebKit::AcceleratedBackingStore::unrealize): Added. +* UIProcess/gtk/AcceleratedBackingStoreWayland.cpp: +(WebKit::AcceleratedBackingStoreWayland::realize): In case of using WaylandCompositor, call +WaylandCompositor::bindWebPage() to bind the WebPageProxy to the Wayland surface. +(WebKit::AcceleratedBackingStoreWayland::unrealize): Destroy GL resources and the GL context. +(WebKit::AcceleratedBackingStoreWayland::tryEnsureGLContext): Do not try to create the GL context if the web +view is not realized. +(WebKit::AcceleratedBackingStoreWayland::displayBuffer): Remove the code to initialize the texture. +(WebKit::AcceleratedBackingStoreWayland::paint): And add it here. +* UIProcess/gtk/AcceleratedBackingStoreWayland.h: +
[webkit-changes] [250203] releases/WebKitGTK/webkit-2.26
Title: [250203] releases/WebKitGTK/webkit-2.26 Revision 250203 Author carlo...@webkit.org Date 2019-09-23 01:20:55 -0700 (Mon, 23 Sep 2019) Log Message Merge r249890 - REGRESSION(r249142): [GTK] Epiphany delayed page loads continue indefinitely https://bugs.webkit.org/show_bug.cgi?id=201544 Reviewed by Michael Catanzaro. Source/WebKit: WebPageProxy::loadAlternateHTML() is an exception, because it's an API request but always sets the navigationID to 0. We always want to reset the pending API request URL when alternate HTML load starts. * UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::didStartProvisionalLoadForFrameShared): Check also that it's an API alternate HTML load to reset the pending API request URL. Tools: Add new test cases. * TestWebKitAPI/Tests/WebKitGLib/TestLoaderClient.cpp: (testWebViewActiveURI): (testWebViewIsLoading): * TestWebKitAPI/glib/WebKitGLib/LoadTrackingTest.cpp: (loadChangedCallback): (LoadTrackingTest::loadAlternateHTML): (LoadTrackingTest::reset): * TestWebKitAPI/glib/WebKitGLib/LoadTrackingTest.h: Modified Paths releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/WebPageProxy.cpp releases/WebKitGTK/webkit-2.26/Tools/ChangeLog releases/WebKitGTK/webkit-2.26/Tools/TestWebKitAPI/Tests/WebKitGLib/TestLoaderClient.cpp releases/WebKitGTK/webkit-2.26/Tools/TestWebKitAPI/glib/WebKitGLib/LoadTrackingTest.cpp releases/WebKitGTK/webkit-2.26/Tools/TestWebKitAPI/glib/WebKitGLib/LoadTrackingTest.h Diff Modified: releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog (250202 => 250203) --- releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:20:50 UTC (rev 250202) +++ releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:20:55 UTC (rev 250203) @@ -1,3 +1,17 @@ +2019-09-16 Carlos Garcia Campos + +REGRESSION(r249142): [GTK] Epiphany delayed page loads continue indefinitely +https://bugs.webkit.org/show_bug.cgi?id=201544 + +Reviewed by Michael Catanzaro. + +WebPageProxy::loadAlternateHTML() is an exception, because it's an API request but always sets the navigationID +to 0. We always want to reset the pending API request URL when alternate HTML load starts. + +* UIProcess/WebPageProxy.cpp: +(WebKit::WebPageProxy::didStartProvisionalLoadForFrameShared): Check also that it's an API alternate HTML load +to reset the pending API request URL. + 2019-09-12 Adrian Perez de Castro [GTK][WPE] webkit_settings_set_user_agent() allows content forbidden in HTTP headers Modified: releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/WebPageProxy.cpp (250202 => 250203) --- releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/WebPageProxy.cpp 2019-09-23 08:20:50 UTC (rev 250202) +++ releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/WebPageProxy.cpp 2019-09-23 08:20:55 UTC (rev 250203) @@ -4008,8 +4008,8 @@ RELEASE_LOG_IF_ALLOWED(Loading, "didStartProvisionalLoadForFrame: webPID = %i, pageID = %" PRIu64 ", frameID = %" PRIu64, process->processIdentifier(), m_pageID.toUInt64(), frameID.toUInt64()); auto transaction = m_pageLoadState.transaction(); - -if (navigation) +bool fromAlternateHTMLAPI = !unreachableURL.isEmpty() && unreachableURL == m_pageLoadState.pendingAPIRequestURL(); +if (navigation || fromAlternateHTMLAPI) m_pageLoadState.clearPendingAPIRequest(transaction); if (frame->isMainFrame()) { Modified: releases/WebKitGTK/webkit-2.26/Tools/ChangeLog (250202 => 250203) --- releases/WebKitGTK/webkit-2.26/Tools/ChangeLog 2019-09-23 08:20:50 UTC (rev 250202) +++ releases/WebKitGTK/webkit-2.26/Tools/ChangeLog 2019-09-23 08:20:55 UTC (rev 250203) @@ -1,3 +1,21 @@ +2019-09-16 Carlos Garcia Campos + +REGRESSION(r249142): [GTK] Epiphany delayed page loads continue indefinitely +https://bugs.webkit.org/show_bug.cgi?id=201544 + +Reviewed by Michael Catanzaro. + +Add new test cases. + +* TestWebKitAPI/Tests/WebKitGLib/TestLoaderClient.cpp: +(testWebViewActiveURI): +(testWebViewIsLoading): +* TestWebKitAPI/glib/WebKitGLib/LoadTrackingTest.cpp: +(loadChangedCallback): +(LoadTrackingTest::loadAlternateHTML): +(LoadTrackingTest::reset): +* TestWebKitAPI/glib/WebKitGLib/LoadTrackingTest.h: + 2019-09-12 Adrian Perez de Castro [GTK][WPE] webkit_settings_set_user_agent() allows content forbidden in HTTP headers Modified: releases/WebKitGTK/webkit-2.26/Tools/TestWebKitAPI/Tests/WebKitGLib/TestLoaderClient.cpp (250202 => 250203) --- releases/WebKitGTK/webkit-2.26/Tools/TestWebKitAPI/Tests/WebKitGLib/TestLoaderClient.cpp 2019-09-23 08:20:50 UTC (rev 250202) +++ releases/WebKitGTK/webkit-2.26/Tools/TestWebKitAPI/Tests/WebKitGLib/TestLoaderClient.cpp 2019-09-23 08:20:55 UTC (rev 250203) @@ -294,6 +294,13 @@ LoadTrackingTest::loadURI(uri); } +void lo
[webkit-changes] [250206] releases/WebKitGTK/webkit-2.26/Source/WebKit
Title: [250206] releases/WebKitGTK/webkit-2.26/Source/WebKit Revision 250206 Author carlo...@webkit.org Date 2019-09-23 01:21:08 -0700 (Mon, 23 Sep 2019) Log Message Merge r250036 - [GTK][WPE] bubblewrap sandbox should be disabled when running inside docker https://bugs.webkit.org/show_bug.cgi?id=201914 Reviewed by Michael Catanzaro. Detect if running inside Docker by checking the file /.dockerenv In that case, disable the sandbox. * UIProcess/Launcher/glib/ProcessLauncherGLib.cpp: (WebKit::isInsideDocker): (WebKit::ProcessLauncher::launchProcess): Modified Paths releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp Diff Modified: releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog (250205 => 250206) --- releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:21:04 UTC (rev 250205) +++ releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:21:08 UTC (rev 250206) @@ -1,3 +1,17 @@ +2019-09-18 Carlos Alberto Lopez Perez + +[GTK][WPE] bubblewrap sandbox should be disabled when running inside docker +https://bugs.webkit.org/show_bug.cgi?id=201914 + +Reviewed by Michael Catanzaro. + +Detect if running inside Docker by checking the file /.dockerenv +In that case, disable the sandbox. + +* UIProcess/Launcher/glib/ProcessLauncherGLib.cpp: +(WebKit::isInsideDocker): +(WebKit::ProcessLauncher::launchProcess): + 2019-09-17 Carlos Garcia Campos [GTK] Crash closing web view while hardware acceleration is enabled Modified: releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp (250205 => 250206) --- releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp 2019-09-23 08:21:04 UTC (rev 250205) +++ releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp 2019-09-23 08:21:08 UTC (rev 250206) @@ -50,6 +50,16 @@ } #if ENABLE(BUBBLEWRAP_SANDBOX) +static bool isInsideDocker() +{ +static Optional ret; +if (ret) +return *ret; + +ret = g_file_test("/.dockerenv", G_FILE_TEST_EXISTS); +return *ret; +} + static bool isInsideFlatpak() { static Optional ret; @@ -146,9 +156,9 @@ if (sandboxEnv) sandboxEnabled = !strcmp(sandboxEnv, "1"); -// You cannot use bubblewrap within Flatpak so lets ensure it never happens. +// You cannot use bubblewrap within Flatpak or Docker so lets ensure it never happens. // Snap can allow it but has its own limitations that require workarounds. -if (sandboxEnabled && !isInsideFlatpak() && !isInsideSnap()) +if (sandboxEnabled && !isInsideFlatpak() && !isInsideSnap() && !isInsideDocker()) process = bubblewrapSpawn(launcher.get(), m_launchOptions, argv, &error.outPtr()); else #endif ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250210] releases/WebKitGTK/webkit-2.26/Source/WebCore
Title: [250210] releases/WebKitGTK/webkit-2.26/Source/WebCore Revision 250210 Author carlo...@webkit.org Date 2019-09-23 01:39:16 -0700 (Mon, 23 Sep 2019) Log Message Revert r249160 - "InlineTextBox::end() should return first-past-end offset" Modified Paths releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebCore/dom/Position.cpp releases/WebKitGTK/webkit-2.26/Source/WebCore/layout/Verification.cpp releases/WebKitGTK/webkit-2.26/Source/WebCore/rendering/InlineFlowBox.cpp releases/WebKitGTK/webkit-2.26/Source/WebCore/rendering/InlineTextBox.cpp releases/WebKitGTK/webkit-2.26/Source/WebCore/rendering/InlineTextBox.h releases/WebKitGTK/webkit-2.26/Source/WebCore/rendering/RenderText.cpp releases/WebKitGTK/webkit-2.26/Source/WebCore/rendering/RenderTextLineBoxes.cpp Diff Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250209 => 250210) --- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:39:11 UTC (rev 250209) +++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:39:16 UTC (rev 250210) @@ -1642,47 +1642,6 @@ * testing/InternalSettings.h: * testing/InternalSettings.idl: -2019-08-27 Antti Koivisto - -InlineTextBox::end() should return first-past-end offset -https://bugs.webkit.org/show_bug.cgi?id=201181 - -Reviewed by Zalan Bujtas. - -It currently points to the last character, except for empty text boxes. -This is awkward in itself and also inconsistent, as we use first-past-end offset everywhere else. - -* dom/Position.cpp: -(WebCore::Position::downstream const): - -Add a check for zero length case to avoid changing behavior. - -* layout/Verification.cpp: -(WebCore::Layout::checkForMatchingTextRuns): -(WebCore::Layout::outputMismatchingComplexLineInformationIfNeeded): -* rendering/InlineFlowBox.cpp: -(WebCore::InlineFlowBox::placeBoxRangeInInlineDirection): -* rendering/InlineTextBox.cpp: -(WebCore::InlineTextBox::paint): -(WebCore::InlineTextBox::calculateDocumentMarkerBounds const): -(WebCore::InlineTextBox::collectMarkedTextsForDocumentMarkers const): -(WebCore::InlineTextBox::paintCompositionUnderlines const): -(WebCore::InlineTextBox::paintCompositionUnderline const): -* rendering/InlineTextBox.h: -(WebCore::InlineTextBox::end const): - -end = start + len - -* rendering/RenderText.cpp: -(WebCore::RenderText::setTextWithOffset): -* rendering/RenderTextLineBoxes.cpp: -(WebCore::localQuadForTextBox): -(WebCore::RenderTextLineBoxes::absoluteRectsForRange const): -(WebCore::RenderTextLineBoxes::absoluteQuadsForRange const): -(WebCore::RenderTextLineBoxes::dirtyRange): - -Here the incoming 'end' used linebox style too, move that to the new definition too. - 2019-08-27 Chris Dumez Crash under WebCore::jsNotificationConstructorPermission Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/dom/Position.cpp (250209 => 250210) --- releases/WebKitGTK/webkit-2.26/Source/WebCore/dom/Position.cpp 2019-09-23 08:39:11 UTC (rev 250209) +++ releases/WebKitGTK/webkit-2.26/Source/WebCore/dom/Position.cpp 2019-09-23 08:39:16 UTC (rev 250210) @@ -873,10 +873,7 @@ unsigned textOffset = currentPosition.offsetInLeafNode(); auto lastTextBox = textRenderer.lastTextBox(); for (auto* box = textRenderer.firstTextBox(); box; box = box->nextTextBox()) { -if (!box->len() && textOffset == box->start()) -return currentPosition; - -if (textOffset < box->end()) { +if (textOffset <= box->end()) { if (textOffset >= box->start()) return currentPosition; continue; Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/layout/Verification.cpp (250209 => 250210) --- releases/WebKitGTK/webkit-2.26/Source/WebCore/layout/Verification.cpp 2019-09-23 08:39:11 UTC (rev 250209) +++ releases/WebKitGTK/webkit-2.26/Source/WebCore/layout/Verification.cpp 2019-09-23 08:39:16 UTC (rev 250210) @@ -120,7 +120,7 @@ && areEssentiallyEqual(inlineTextBox.logicalTop(), inlineRun.logicalTop()) && areEssentiallyEqual(inlineTextBox.logicalBottom(), inlineRun.logicalBottom()) && inlineTextBox.start() == inlineRun.textContext()->start() -&& inlineTextBox.end() == inlineRun.textContext()->end(); +&& (inlineTextBox.end() + 1) == inlineRun.textContext()->end(); } static void collectFlowBoxSubtree(const InlineFlowBox& flowbox, Vector& inlineBoxes) @@ -184,7 +184,7 @@ stream << "Mismatching: run"; if (inlineTextBox) -stream << " (" << inlineTextBox->start() << ", " << inlineTextBox->end() << ")"; +
[webkit-changes] [250209] releases/WebKitGTK/webkit-2.26/Source/WebKit
Title: [250209] releases/WebKitGTK/webkit-2.26/Source/WebKit Revision 250209 Author carlo...@webkit.org Date 2019-09-23 01:39:11 -0700 (Mon, 23 Sep 2019) Log Message Merge r249953 - [GTK] Initial view loading is slow https://bugs.webkit.org/show_bug.cgi?id=201451 Reviewed by Sergio Villar Senin. The problem is that now we are always calling DrawingAreaProxy::waitForBackingStoreUpdateOnNextPaint() after a new process is launched and we used to do that only when launching a new process after a crash. This makes m_hasReceivedFirstUpdate useless, because it's always set to true right after a process is launched. Then, we wait up to half a second (which is usually the case for the initial load) until the first update. We only want to do that when recovering from a crash or when swapping processes to avoid flashing effect. * UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::launchProcess): Add ProcessLaunchReason parameter and pass it to finishAttachingToWebProcess instead of IsProcessSwap. (WebKit::WebPageProxy::swapToWebProcess): Pass ProcessLaunchReason::ProcessSwap to finishAttachingToWebProcess(). (WebKit::WebPageProxy::finishAttachingToWebProcess): Do not call DrawingAreaProxy::waitForBackingStoreUpdateOnNextPaint() when process launch reason is ProcessLaunchReason::InitialProcess. (WebKit::WebPageProxy::launchProcessForReload): Pass ProcessLaunchReason::Reload to launchProcess(). * UIProcess/WebPageProxy.h: Remove IsProcessSwap and add ProcessLaunchReason instead that is passed to launchProcess and finishAttachingToWebProcess. Modified Paths releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/WebPageProxy.cpp releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/WebPageProxy.h Diff Modified: releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog (250208 => 250209) --- releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:39:08 UTC (rev 250208) +++ releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:39:11 UTC (rev 250209) @@ -1,3 +1,27 @@ +2019-09-17 Carlos Garcia Campos + +[GTK] Initial view loading is slow +https://bugs.webkit.org/show_bug.cgi?id=201451 + +Reviewed by Sergio Villar Senin. + +The problem is that now we are always calling DrawingAreaProxy::waitForBackingStoreUpdateOnNextPaint() after a +new process is launched and we used to do that only when launching a new process after a crash. This makes +m_hasReceivedFirstUpdate useless, because it's always set to true right after a process is launched. Then, we +wait up to half a second (which is usually the case for the initial load) until the first update. We only want +to do that when recovering from a crash or when swapping processes to avoid flashing effect. + +* UIProcess/WebPageProxy.cpp: +(WebKit::WebPageProxy::launchProcess): Add ProcessLaunchReason parameter and pass it to +finishAttachingToWebProcess instead of IsProcessSwap. +(WebKit::WebPageProxy::swapToWebProcess): Pass ProcessLaunchReason::ProcessSwap to +finishAttachingToWebProcess(). +(WebKit::WebPageProxy::finishAttachingToWebProcess): Do not call +DrawingAreaProxy::waitForBackingStoreUpdateOnNextPaint() when process launch reason is ProcessLaunchReason::InitialProcess. +(WebKit::WebPageProxy::launchProcessForReload): Pass ProcessLaunchReason::Reload to launchProcess(). +* UIProcess/WebPageProxy.h: Remove IsProcessSwap and add ProcessLaunchReason instead that is passed to +launchProcess and finishAttachingToWebProcess. + 2019-09-18 Carlos Alberto Lopez Perez [GTK][WPE] bubblewrap sandbox should be disabled when running inside docker Modified: releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/WebPageProxy.cpp (250208 => 250209) --- releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/WebPageProxy.cpp 2019-09-23 08:39:08 UTC (rev 250208) +++ releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/WebPageProxy.cpp 2019-09-23 08:39:11 UTC (rev 250209) @@ -718,7 +718,7 @@ }); } -void WebPageProxy::launchProcess(const RegistrableDomain& registrableDomain) +void WebPageProxy::launchProcess(const RegistrableDomain& registrableDomain, ProcessLaunchReason reason) { ASSERT(!m_isClosed); ASSERT(!hasRunningProcess()); @@ -740,7 +740,7 @@ m_process->addExistingWebPage(*this, WebProcessProxy::BeginsUsingDataStore::Yes); m_process->addMessageReceiver(Messages::WebPageProxy::messageReceiverName(), m_pageID, *this); -finishAttachingToWebProcess(IsProcessSwap::No); +finishAttachingToWebProcess(reason); } bool WebPageProxy::suspendCurrentPageIfPossible(API::Navigation& navigation, Optional mainFrameID, ProcessSwapRequestedByClient processSwapRequestedByClient, ShouldDelayClosingUntilEnteringAcceleratedCompositingMode shouldDelayClosingUntilEnteringAcceleratedCompositingMode) @@ -81
[webkit-changes] [250211] releases/WebKitGTK/webkit-2.26/Source/WebKit
Title: [250211] releases/WebKitGTK/webkit-2.26/Source/WebKit Revision 250211 Author carlo...@webkit.org Date 2019-09-23 01:46:32 -0700 (Mon, 23 Sep 2019) Log Message Merge r249882 - [GTK][WPE] Check for a Snap sandbox a bit harder https://bugs.webkit.org/show_bug.cgi?id=201793 Reviewed by Michael Catanzaro. * UIProcess/Launcher/glib/ProcessLauncherGLib.cpp: (WebKit::isInsideSnap): Check whether the SNAP_NAME and SNAP_REVISION environment variables are defined as well. Modified Paths releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp Diff Modified: releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog (250210 => 250211) --- releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:39:16 UTC (rev 250210) +++ releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:46:32 UTC (rev 250211) @@ -1,3 +1,14 @@ +2019-09-14 Adrian Perez de Castro + +[GTK][WPE] Check for a Snap sandbox a bit harder +https://bugs.webkit.org/show_bug.cgi?id=201793 + +Reviewed by Michael Catanzaro. + +* UIProcess/Launcher/glib/ProcessLauncherGLib.cpp: +(WebKit::isInsideSnap): Check whether the SNAP_NAME and SNAP_REVISION +environment variables are defined as well. + 2019-09-17 Carlos Garcia Campos [GTK] Initial view loading is slow Modified: releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp (250210 => 250211) --- releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp 2019-09-23 08:39:16 UTC (rev 250210) +++ releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp 2019-09-23 08:46:32 UTC (rev 250211) @@ -76,7 +76,10 @@ if (ret) return *ret; -ret = g_getenv("SNAP"); +// The "SNAP" environment variable is not unlikely to be set for/by something other +// than Snap, so check a couple of additional variables to avoid false positives. +// See: https://snapcraft.io/docs/environment-variables +ret = g_getenv("SNAP") && g_getenv("SNAP_NAME") && g_getenv("SNAP_REVISION"); return *ret; } #endif ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250212] releases/WebKitGTK/webkit-2.26/Source/WebCore
Title: [250212] releases/WebKitGTK/webkit-2.26/Source/WebCore Revision 250212 Author carlo...@webkit.org Date 2019-09-23 01:46:35 -0700 (Mon, 23 Sep 2019) Log Message Merge r249477 - [GStreamer] Sound is down-pitched when playing video from YLE Areena https://bugs.webkit.org/show_bug.cgi?id=201399 Reviewed by Xabier Rodriguez-Calvar. If the FDK-AAC decoder is available, promote it and downrank the libav AAC decoders, due to their broken LC support, as reported in: https://ffmpeg.org/pipermail/ffmpeg-devel/2019-July/247063.html * platform/graphics/gstreamer/GStreamerCommon.cpp: (WebCore::initializeGStreamer): Modified Paths releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp Diff Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250211 => 250212) --- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:46:32 UTC (rev 250211) +++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:46:35 UTC (rev 250212) @@ -1,3 +1,17 @@ +2019-09-04 Philippe Normand + +[GStreamer] Sound is down-pitched when playing video from YLE Areena +https://bugs.webkit.org/show_bug.cgi?id=201399 + +Reviewed by Xabier Rodriguez-Calvar. + +If the FDK-AAC decoder is available, promote it and downrank the +libav AAC decoders, due to their broken LC support, as reported in: +https://ffmpeg.org/pipermail/ffmpeg-devel/2019-July/247063.html + +* platform/graphics/gstreamer/GStreamerCommon.cpp: +(WebCore::initializeGStreamer): + 2019-09-17 Carlos Garcia Campos [GTK] Cannot create EGL window surface: EGL_BAD_ALLOC Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp (250211 => 250212) --- releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp 2019-09-23 08:46:32 UTC (rev 250211) +++ releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp 2019-09-23 08:46:35 UTC (rev 250212) @@ -253,6 +253,23 @@ if (isGStreamerInitialized) gst_mpegts_initialize(); #endif + +// If the FDK-AAC decoder is available, promote it and downrank the +// libav AAC decoders, due to their broken LC support, as reported in: +// https://ffmpeg.org/pipermail/ffmpeg-devel/2019-July/247063.html +GRefPtr aacDecoder = adoptGRef(gst_element_factory_make("fdkaacdec", nullptr)); +if (aacDecoder) { +GstElementFactory* factory = gst_element_get_factory(aacDecoder.get()); +gst_plugin_feature_set_rank(GST_PLUGIN_FEATURE_CAST(factory), GST_RANK_PRIMARY); + +const char* const elementNames[] = {"avdec_aac", "avdec_aac_fixed", "avdec_aac_latm"}; +for (unsigned i = 0; i < G_N_ELEMENTS(elementNames); i++) { +GRefPtr avAACDecoder = adoptGRef(gst_element_factory_make(elementNames[i], nullptr)); +if (avAACDecoder) +gst_plugin_feature_set_rank(GST_PLUGIN_FEATURE_CAST(gst_element_get_factory(avAACDecoder.get())), GST_RANK_MARGINAL); +} +} + #endif }); return isGStreamerInitialized; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250214] releases/WebKitGTK/webkit-2.26/Source/WebCore
Title: [250214] releases/WebKitGTK/webkit-2.26/Source/WebCore Revision 250214 Author carlo...@webkit.org Date 2019-09-23 01:46:42 -0700 (Mon, 23 Sep 2019) Log Message Merge r249937 - [Cairo] Image::drawTiled → Cairo::drawSurface → cairo_paint_with_alpha → segfault happens in pixman https://bugs.webkit.org/show_bug.cgi?id=201755 Reviewed by Don Olmstead. Segmentation faults happened in pixman while painting a image. In Cairo::drawSurface, originalSrcRect can be slightly larger than the surface size because of floating number calculations. Cairo::drawSurface created a subsurface which is running over the parent surface boundaries. * platform/graphics/cairo/CairoOperations.cpp: (WebCore::Cairo::drawSurface): Calculated a intersection with expandedSrcRect and the parent surface size for subsurface size. Modified Paths releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/CairoOperations.cpp Diff Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250213 => 250214) --- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:46:39 UTC (rev 250213) +++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:46:42 UTC (rev 250214) @@ -1,3 +1,20 @@ +2019-09-16 Fujii Hironori + +[Cairo] Image::drawTiled → Cairo::drawSurface → cairo_paint_with_alpha → segfault happens in pixman +https://bugs.webkit.org/show_bug.cgi?id=201755 + +Reviewed by Don Olmstead. + +Segmentation faults happened in pixman while painting a image. In +Cairo::drawSurface, originalSrcRect can be slightly larger than +the surface size because of floating number calculations. +Cairo::drawSurface created a subsurface which is running over the +parent surface boundaries. + +* platform/graphics/cairo/CairoOperations.cpp: +(WebCore::Cairo::drawSurface): Calculated a intersection with +expandedSrcRect and the parent surface size for subsurface size. + 2019-09-11 Charlie Turner [GStreamer] Do not adopt floating references. Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/CairoOperations.cpp (250213 => 250214) --- releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/CairoOperations.cpp 2019-09-23 08:46:39 UTC (rev 250213) +++ releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/CairoOperations.cpp 2019-09-23 08:46:42 UTC (rev 250214) @@ -933,6 +933,7 @@ if (srcRect.x() || srcRect.y() || srcRect.size() != cairoSurfaceSize(surface)) { // Cairo subsurfaces don't support floating point boundaries well, so we expand the rectangle. IntRect expandedSrcRect(enclosingIntRect(srcRect)); +expandedSrcRect.intersect({ { }, cairoSurfaceSize(surface) }); // We use a subsurface here so that we don't end up sampling outside the originalSrcRect rectangle. // See https://bugs.webkit.org/show_bug.cgi?id=58309 ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250215] releases/WebKitGTK/webkit-2.26/Source/WebCore
Title: [250215] releases/WebKitGTK/webkit-2.26/Source/WebCore Revision 250215 Author carlo...@webkit.org Date 2019-09-23 01:46:46 -0700 (Mon, 23 Sep 2019) Log Message Merge r250027 - [cairo] Incorrect targetRect in BackingStoreBackendCairoImpl::scroll https://bugs.webkit.org/show_bug.cgi?id=201895 Reviewed by Carlos Garcia Campos. In BackingStoreBackendCairoImpl::scroll, targetRect is calculated wrongly by shifting maxX and maxY. Bug 59655 fixed the issue by removing the shifting, but only for BackingStoreBackendCairoX11::scroll. No new tests, no behavior change. * platform/graphics/cairo/BackingStoreBackendCairoImpl.cpp: (WebCore::BackingStoreBackendCairoImpl::scroll): Take intersection of targetRect and scrollRect. Modified Paths releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/BackingStoreBackendCairoImpl.cpp Diff Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250214 => 250215) --- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:46:42 UTC (rev 250214) +++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:46:46 UTC (rev 250215) @@ -1,3 +1,19 @@ +2019-09-18 Fujii Hironori + +[cairo] Incorrect targetRect in BackingStoreBackendCairoImpl::scroll +https://bugs.webkit.org/show_bug.cgi?id=201895 + +Reviewed by Carlos Garcia Campos. + +In BackingStoreBackendCairoImpl::scroll, targetRect is calculated +wrongly by shifting maxX and maxY. Bug 59655 fixed the issue by +removing the shifting, but only for BackingStoreBackendCairoX11::scroll. + +No new tests, no behavior change. + +* platform/graphics/cairo/BackingStoreBackendCairoImpl.cpp: +(WebCore::BackingStoreBackendCairoImpl::scroll): Take intersection of targetRect and scrollRect. + 2019-09-16 Fujii Hironori [Cairo] Image::drawTiled → Cairo::drawSurface → cairo_paint_with_alpha → segfault happens in pixman Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/BackingStoreBackendCairoImpl.cpp (250214 => 250215) --- releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/BackingStoreBackendCairoImpl.cpp 2019-09-23 08:46:42 UTC (rev 250214) +++ releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/BackingStoreBackendCairoImpl.cpp 2019-09-23 08:46:46 UTC (rev 250215) @@ -54,8 +54,7 @@ { IntRect targetRect = scrollRect; targetRect.move(scrollOffset); -targetRect.shiftMaxXEdgeTo(targetRect.maxX() - scrollOffset.width()); -targetRect.shiftMaxYEdgeTo(targetRect.maxY() - scrollOffset.height()); +targetRect.intersect(scrollRect); if (targetRect.isEmpty()) return; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250213] releases/WebKitGTK/webkit-2.26/Source/WebCore
Title: [250213] releases/WebKitGTK/webkit-2.26/Source/WebCore Revision 250213 Author carlo...@webkit.org Date 2019-09-23 01:46:39 -0700 (Mon, 23 Sep 2019) Log Message Merge r249761 - [GStreamer] Do not adopt floating references. https://bugs.webkit.org/show_bug.cgi?id=201685 Reviewed by Carlos Garcia Campos. Covered by existing tests. * platform/graphics/gstreamer/GStreamerCommon.cpp: (WebCore::initializeGStreamer): gst_element_factory_make returns floating references, you do not adopt such references, rather you sink them. Modified Paths releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp Diff Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250212 => 250213) --- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:46:35 UTC (rev 250212) +++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:46:39 UTC (rev 250213) @@ -1,3 +1,17 @@ +2019-09-11 Charlie Turner + +[GStreamer] Do not adopt floating references. +https://bugs.webkit.org/show_bug.cgi?id=201685 + +Reviewed by Carlos Garcia Campos. + +Covered by existing tests. + +* platform/graphics/gstreamer/GStreamerCommon.cpp: +(WebCore::initializeGStreamer): gst_element_factory_make returns +floating references, you do not adopt such references, rather you +sink them. + 2019-09-04 Philippe Normand [GStreamer] Sound is down-pitched when playing video from YLE Areena Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp (250212 => 250213) --- releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp 2019-09-23 08:46:35 UTC (rev 250212) +++ releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp 2019-09-23 08:46:39 UTC (rev 250213) @@ -257,7 +257,7 @@ // If the FDK-AAC decoder is available, promote it and downrank the // libav AAC decoders, due to their broken LC support, as reported in: // https://ffmpeg.org/pipermail/ffmpeg-devel/2019-July/247063.html -GRefPtr aacDecoder = adoptGRef(gst_element_factory_make("fdkaacdec", nullptr)); +GRefPtr aacDecoder = gst_element_factory_make("fdkaacdec", nullptr); if (aacDecoder) { GstElementFactory* factory = gst_element_get_factory(aacDecoder.get()); gst_plugin_feature_set_rank(GST_PLUGIN_FEATURE_CAST(factory), GST_RANK_PRIMARY); @@ -264,7 +264,7 @@ const char* const elementNames[] = {"avdec_aac", "avdec_aac_fixed", "avdec_aac_latm"}; for (unsigned i = 0; i < G_N_ELEMENTS(elementNames); i++) { -GRefPtr avAACDecoder = adoptGRef(gst_element_factory_make(elementNames[i], nullptr)); +GRefPtr avAACDecoder = gst_element_factory_make(elementNames[i], nullptr); if (avAACDecoder) gst_plugin_feature_set_rank(GST_PLUGIN_FEATURE_CAST(gst_element_get_factory(avAACDecoder.get())), GST_RANK_MARGINAL); } ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250216] trunk
Title: [250216] trunk Revision 250216 Author commit-qu...@webkit.org Date 2019-09-23 01:49:11 -0700 (Mon, 23 Sep 2019) Log Message Sync operator dictionary https://bugs.webkit.org/show_bug.cgi?id=201974 Patch by Rob Buis on 2019-09-23 Reviewed by Frédéric Wang. LayoutTests/imported/w3c: Update improved test results. * web-platform-tests/mathml/presentation-markup/operators/operator-dictionary-001-expected.txt: Source/WebCore: Sync with operator dictionary list from https://mathml-refresh.github.io/mathml-core/#operator-dictionary Test: imported/w3c/web-platform-tests/mathml/presentation-markup/operators/operator-dictionary-001.html * mathml/MathMLOperatorDictionary.cpp: LayoutTests: * platform/ios-wk2/imported/w3c/web-platform-tests/mathml/relations/css-styling/ignored-properties-001-expected.txt: Added. * platform/win/TestExpectations: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/imported/w3c/ChangeLog trunk/LayoutTests/imported/w3c/web-platform-tests/mathml/presentation-markup/operators/operator-dictionary-001-expected.txt trunk/LayoutTests/platform/win/TestExpectations trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/mathml/MathMLOperatorDictionary.cpp Added Paths trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/mathml/ trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/mathml/relations/ trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/mathml/relations/css-styling/ trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/mathml/relations/css-styling/ignored-properties-001-expected.txt Removed Paths trunk/LayoutTests/platform/gtk/imported/w3c/web-platform-tests/mathml/presentation-markup/operators/operator-dictionary-001-expected.txt Diff Modified: trunk/LayoutTests/ChangeLog (250215 => 250216) --- trunk/LayoutTests/ChangeLog 2019-09-23 08:46:46 UTC (rev 250215) +++ trunk/LayoutTests/ChangeLog 2019-09-23 08:49:11 UTC (rev 250216) @@ -1,3 +1,13 @@ +2019-09-23 Rob Buis + +Sync operator dictionary +https://bugs.webkit.org/show_bug.cgi?id=201974 + +Reviewed by Frédéric Wang. + +* platform/ios-wk2/imported/w3c/web-platform-tests/mathml/relations/css-styling/ignored-properties-001-expected.txt: Added. +* platform/win/TestExpectations: + 2019-09-21 Antoine Quint [Pointer Events] touch-action set to pan-x or pan-y alone should disable scrolling altogether if the intial gesture is in the disallowed direction Modified: trunk/LayoutTests/imported/w3c/ChangeLog (250215 => 250216) --- trunk/LayoutTests/imported/w3c/ChangeLog 2019-09-23 08:46:46 UTC (rev 250215) +++ trunk/LayoutTests/imported/w3c/ChangeLog 2019-09-23 08:49:11 UTC (rev 250216) @@ -1,3 +1,14 @@ +2019-09-23 Rob Buis + +Sync operator dictionary +https://bugs.webkit.org/show_bug.cgi?id=201974 + +Reviewed by Frédéric Wang. + +Update improved test results. + +* web-platform-tests/mathml/presentation-markup/operators/operator-dictionary-001-expected.txt: + 2019-09-20 Alex Christensen [resource-timing] Report performance entries with all HTTP status codes Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/mathml/presentation-markup/operators/operator-dictionary-001-expected.txt (250215 => 250216) --- trunk/LayoutTests/imported/w3c/web-platform-tests/mathml/presentation-markup/operators/operator-dictionary-001-expected.txt 2019-09-23 08:46:46 UTC (rev 250215) +++ trunk/LayoutTests/imported/w3c/web-platform-tests/mathml/presentation-markup/operators/operator-dictionary-001-expected.txt 2019-09-23 08:49:11 UTC (rev 250216) @@ -4,19 +4,19 @@ PASS Operator dictionary chunk 1 - largeop PASS Operator dictionary chunk 1 - stretchy PASS Operator dictionary chunk 1 - symmetric -FAIL Operator dictionary chunk 1 - accent assert_approx_equals: Accent property for " postfix should be 'true' expected 22.421875 +/- 1 but got 7.5 +PASS Operator dictionary chunk 1 - accent PASS Operator dictionary chunk 2 - lspace/rspace PASS Operator dictionary chunk 2 - movablelimits PASS Operator dictionary chunk 2 - largeop PASS Operator dictionary chunk 2 - stretchy PASS Operator dictionary chunk 2 - symmetric -FAIL Operator dictionary chunk 2 - accent assert_approx_equals: Accent property for ª postfix should be 'true' expected 22.421875 +/- 1 but got 7.5 +PASS Operator dictionary chunk 2 - accent PASS Operator dictionary chunk 3 - lspace/rspace PASS Operator dictionary chunk 3 - movablelimits PASS Operator dictionary chunk 3 - largeop PASS Operator dictionary chunk 3 - stretchy PASS Operator dictionary chunk 3 - symmetric -FAIL Operator dictionary chunk 3 - accent assert_approx_equals: Accent property for ‛ postfix should be 'true' expected 22.421875 +/- 1 but got 7.5 +PASS Operator dictionary chunk 3 - accent PASS Operator dictionary chunk 4 - lspace/rspace PASS Operator dictionary chunk 4 - movablelimits PASS
[webkit-changes] [250217] trunk/Source/WebKit
Title: [250217] trunk/Source/WebKit Revision 250217 Author mcatanz...@igalia.com Date 2019-09-23 02:05:16 -0700 (Mon, 23 Sep 2019) Log Message [SOUP] Stop setting G_TLS_GNUTLS_PRIORITY https://bugs.webkit.org/show_bug.cgi?id=172154 Reviewed by Carlos Garcia Campos. Nowadays, I maintain glib-networking. WebKit doesn't need to override its defaults to be secure anymore. By overriding glib-networking's default priority, WebKit is force-reenabling TLS 1.0 and TLS 1.1 even when glib-networking has disabled them. * NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp: (main): * WebProcess/EntryPoint/unix/WebProcessMain.cpp: (main): Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp trunk/Source/WebKit/WebProcess/EntryPoint/unix/WebProcessMain.cpp Diff Modified: trunk/Source/WebKit/ChangeLog (250216 => 250217) --- trunk/Source/WebKit/ChangeLog 2019-09-23 08:49:11 UTC (rev 250216) +++ trunk/Source/WebKit/ChangeLog 2019-09-23 09:05:16 UTC (rev 250217) @@ -1,3 +1,19 @@ +2019-09-23 Michael Catanzaro + +[SOUP] Stop setting G_TLS_GNUTLS_PRIORITY +https://bugs.webkit.org/show_bug.cgi?id=172154 + +Reviewed by Carlos Garcia Campos. + +Nowadays, I maintain glib-networking. WebKit doesn't need to override its defaults to be +secure anymore. By overriding glib-networking's default priority, WebKit is force-reenabling +TLS 1.0 and TLS 1.1 even when glib-networking has disabled them. + +* NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp: +(main): +* WebProcess/EntryPoint/unix/WebProcessMain.cpp: +(main): + 2019-09-21 Dan Bernstein Fix an assertion failure introduced in r250186. Modified: trunk/Source/WebKit/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp (250216 => 250217) --- trunk/Source/WebKit/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp 2019-09-23 08:49:11 UTC (rev 250216) +++ trunk/Source/WebKit/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp 2019-09-23 09:05:16 UTC (rev 250217) @@ -35,16 +35,6 @@ int main(int argc, char** argv) { -// Disable SSLv3 very early because it is practically impossible to safely -// use setenv() when multiple threads are running, as another thread calling -// getenv() could cause a crash, and many functions use getenv() internally. -// This workaround will stop working if glib-networking switches away from -// GnuTLS or simply stops parsing this variable. We intentionally do not -// overwrite this priority string if it's already set by the user. -// https://bugzilla.gnome.org/show_bug.cgi?id=738633 -// WARNING: This needs to be KEPT IN SYNC with WebProcessMain.cpp. -setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0:!ARCFOUR-128", 0); - #if USE(GCRYPT) PAL::GCrypt::initialize(); #endif Modified: trunk/Source/WebKit/WebProcess/EntryPoint/unix/WebProcessMain.cpp (250216 => 250217) --- trunk/Source/WebKit/WebProcess/EntryPoint/unix/WebProcessMain.cpp 2019-09-23 08:49:11 UTC (rev 250216) +++ trunk/Source/WebKit/WebProcess/EntryPoint/unix/WebProcessMain.cpp 2019-09-23 09:05:16 UTC (rev 250217) @@ -35,16 +35,6 @@ int main(int argc, char** argv) { -// Disable SSLv3 very early because it is practically impossible to safely -// use setenv() when multiple threads are running, as another thread calling -// getenv() could cause a crash, and many functions use getenv() internally. -// This workaround will stop working if glib-networking switches away from -// GnuTLS or simply stops parsing this variable. We intentionally do not -// overwrite this priority string if it's already set by the user. -// https://bugzilla.gnome.org/show_bug.cgi?id=738633 -// WARNING: This needs to be KEPT IN SYNC with WebProcessMain.cpp. -setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0:!ARCFOUR-128", 0); - #if USE(GCRYPT) PAL::GCrypt::initialize(); #endif ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250221] releases/WebKitGTK/webkit-2.26
Title: [250221] releases/WebKitGTK/webkit-2.26 Revision 250221 Author carlo...@webkit.org Date 2019-09-23 03:14:29 -0700 (Mon, 23 Sep 2019) Log Message Merge r249777 - JSC crashes due to stack overflow while building RegExp https://bugs.webkit.org/show_bug.cgi?id=201649 Reviewed by Yusuke Suzuki. JSTests: New regression test. * stress/regexp-bol-optimize-out-of-stack.js: Added. (test): (catch): Source/_javascript_Core: Check for running out of stack when we are optimizing RegExp containing BOL terms or other deep copying of disjunctions. * yarr/YarrPattern.cpp: (JSC::Yarr::YarrPatternConstructor::copyDisjunction): (JSC::Yarr::YarrPatternConstructor::copyTerm): (JSC::Yarr::YarrPatternConstructor::error): (JSC::Yarr::YarrPattern::compile): Modified Paths releases/WebKitGTK/webkit-2.26/JSTests/ChangeLog releases/WebKitGTK/webkit-2.26/Source/_javascript_Core/ChangeLog releases/WebKitGTK/webkit-2.26/Source/_javascript_Core/yarr/YarrPattern.cpp Added Paths releases/WebKitGTK/webkit-2.26/JSTests/stress/regexp-bol-optimize-out-of-stack.js Diff Modified: releases/WebKitGTK/webkit-2.26/JSTests/ChangeLog (250220 => 250221) --- releases/WebKitGTK/webkit-2.26/JSTests/ChangeLog 2019-09-23 10:14:26 UTC (rev 250220) +++ releases/WebKitGTK/webkit-2.26/JSTests/ChangeLog 2019-09-23 10:14:29 UTC (rev 250221) @@ -1,3 +1,16 @@ +2019-09-10 Michael Saboff + +JSC crashes due to stack overflow while building RegExp +https://bugs.webkit.org/show_bug.cgi?id=201649 + +Reviewed by Yusuke Suzuki. + +New regression test. + +* stress/regexp-bol-optimize-out-of-stack.js: Added. +(test): +(catch): + 2019-08-30 Yusuke Suzuki [JSC] Generate new.target register only when it is used Added: releases/WebKitGTK/webkit-2.26/JSTests/stress/regexp-bol-optimize-out-of-stack.js (0 => 250221) --- releases/WebKitGTK/webkit-2.26/JSTests/stress/regexp-bol-optimize-out-of-stack.js (rev 0) +++ releases/WebKitGTK/webkit-2.26/JSTests/stress/regexp-bol-optimize-out-of-stack.js 2019-09-23 10:14:29 UTC (rev 250221) @@ -0,0 +1,16 @@ +// This test that the beginning of line (bol) optimization throws when we run out of stack space. + +let expectedException = "SyntaxError: Invalid regular _expression_: regular _expression_ too large"; + +function test() +{ +let source = Array(5).join("(") + /(?:^|:|,)(?:\s*\[)+/g.toString() + Array(5).join(")"); +RegExp(source); +} + +try { +test(); +} catch(e) { +if (e != expectedException) + throw "Expected \"" + expectedException + "\" exception, but got \"" + e + "\""; +} Modified: releases/WebKitGTK/webkit-2.26/Source/_javascript_Core/ChangeLog (250220 => 250221) --- releases/WebKitGTK/webkit-2.26/Source/_javascript_Core/ChangeLog 2019-09-23 10:14:26 UTC (rev 250220) +++ releases/WebKitGTK/webkit-2.26/Source/_javascript_Core/ChangeLog 2019-09-23 10:14:29 UTC (rev 250221) @@ -1,3 +1,19 @@ +2019-09-11 Michael Saboff + +JSC crashes due to stack overflow while building RegExp +https://bugs.webkit.org/show_bug.cgi?id=201649 + +Reviewed by Yusuke Suzuki. + +Check for running out of stack when we are optimizing RegExp containing BOL terms or +other deep copying of disjunctions. + +* yarr/YarrPattern.cpp: +(JSC::Yarr::YarrPatternConstructor::copyDisjunction): +(JSC::Yarr::YarrPatternConstructor::copyTerm): +(JSC::Yarr::YarrPatternConstructor::error): +(JSC::Yarr::YarrPattern::compile): + 2019-09-03 Devin Rousso REGRESSION (r249078): Flaky crash in com.apple._javascript_Core: Inspector::InjectedScriptModule::ensureInjected Modified: releases/WebKitGTK/webkit-2.26/Source/_javascript_Core/yarr/YarrPattern.cpp (250220 => 250221) --- releases/WebKitGTK/webkit-2.26/Source/_javascript_Core/yarr/YarrPattern.cpp 2019-09-23 10:14:26 UTC (rev 250220) +++ releases/WebKitGTK/webkit-2.26/Source/_javascript_Core/yarr/YarrPattern.cpp 2019-09-23 10:14:29 UTC (rev 250221) @@ -702,6 +702,11 @@ // skip alternatives with m_startsWithBOL set true. PatternDisjunction* copyDisjunction(PatternDisjunction* disjunction, bool filterStartsWithBOL = false) { +if (UNLIKELY(!isSafeToRecurse())) { +m_error = ErrorCode::PatternTooLarge; +return 0; +} + std::unique_ptr newDisjunction; for (unsigned alt = 0; alt < disjunction->m_alternatives.size(); ++alt) { PatternAlternative* alternative = disjunction->m_alternatives[alt].get(); @@ -717,6 +722,11 @@ } } +if (hasError(error())) { +newDisjunction = 0; +return 0; +} + if (!newDisjunction) return 0; @@ -727,6 +737,11 @@ PatternTerm copyTerm(PatternTerm& term, bool filterStartsWithBOL = false) { +if (UNLIKELY(!isSafeToRecurse())) { +m_error = ErrorCode:
[webkit-changes] [250220] releases/WebKitGTK/webkit-2.26/Source/WebCore
Title: [250220] releases/WebKitGTK/webkit-2.26/Source/WebCore Revision 250220 Author carlo...@webkit.org Date 2019-09-23 03:14:26 -0700 (Mon, 23 Sep 2019) Log Message Merge r249762 - Prevent reentrancy FrameLoader::dispatchUnloadEvents() https://bugs.webkit.org/show_bug.cgi?id=200738 Reviewed by Brady Eidson. Reentrancy causes m_pageDismissalEventBeingDispatched to be incorrectly updated, so don't allow reentrancy. Since this prevents m_pageDismissalEventBeingDispatched from being reset inside a reentrant call, it can have the unintended effect of causing FrameLoader::stopAllLoaders to early-out when called from FrameLoader::detachFromParent while a frame's unload event handler calls document.open() on a parent frame and causes itself to become detached. Allowing a load to continue in a detached frame will lead to a crash. To prevent this, add a new argument to FrameLoader::stopAllLoaders that FrameLoader::detachFromParent can use to prevent an early-out. * loader/FrameLoader.cpp: (WebCore::FrameLoader::stopAllLoaders): (WebCore::FrameLoader::detachFromParent): (WebCore::FrameLoader::dispatchUnloadEvents): (WebCore::FrameLoader::dispatchBeforeUnloadEvent): Ensure that m_pageDismissalEventBeingDispatched is reset to its previous value, even if this is not None. * loader/FrameLoader.h: * loader/FrameLoaderTypes.h: Add a StopLoadingPolicy enum. Modified Paths releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebCore/loader/FrameLoader.cpp releases/WebKitGTK/webkit-2.26/Source/WebCore/loader/FrameLoader.h releases/WebKitGTK/webkit-2.26/Source/WebCore/loader/FrameLoaderTypes.h Diff Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250219 => 250220) --- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 10:14:22 UTC (rev 250219) +++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 10:14:26 UTC (rev 250220) @@ -1,3 +1,32 @@ +2019-09-11 Ali Juma + +Prevent reentrancy FrameLoader::dispatchUnloadEvents() +https://bugs.webkit.org/show_bug.cgi?id=200738 + +Reviewed by Brady Eidson. + +Reentrancy causes m_pageDismissalEventBeingDispatched to be incorrectly +updated, so don't allow reentrancy. + +Since this prevents m_pageDismissalEventBeingDispatched from being reset +inside a reentrant call, it can have the unintended effect of causing +FrameLoader::stopAllLoaders to early-out when called from +FrameLoader::detachFromParent while a frame's unload event handler +calls document.open() on a parent frame and causes itself to become +detached. Allowing a load to continue in a detached frame will lead to +a crash. To prevent this, add a new argument to FrameLoader::stopAllLoaders +that FrameLoader::detachFromParent can use to prevent an early-out. + +* loader/FrameLoader.cpp: +(WebCore::FrameLoader::stopAllLoaders): +(WebCore::FrameLoader::detachFromParent): +(WebCore::FrameLoader::dispatchUnloadEvents): +(WebCore::FrameLoader::dispatchBeforeUnloadEvent): +Ensure that m_pageDismissalEventBeingDispatched is reset to its previous value, even if this is not None. +* loader/FrameLoader.h: +* loader/FrameLoaderTypes.h: +Add a StopLoadingPolicy enum. + 2019-09-03 Devin Rousso REGRESSION (r249078): Flaky crash in com.apple._javascript_Core: Inspector::InjectedScriptModule::ensureInjected Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/loader/FrameLoader.cpp (250219 => 250220) --- releases/WebKitGTK/webkit-2.26/Source/WebCore/loader/FrameLoader.cpp 2019-09-23 10:14:22 UTC (rev 250219) +++ releases/WebKitGTK/webkit-2.26/Source/WebCore/loader/FrameLoader.cpp 2019-09-23 10:14:26 UTC (rev 250220) @@ -1808,12 +1808,12 @@ loadWithDocumentLoader(loader.ptr(), frameLoadTypeForReloadOptions(options), { }, AllowNavigationToInvalidURL::Yes, ShouldTreatAsContinuingLoad::No); } -void FrameLoader::stopAllLoaders(ClearProvisionalItemPolicy clearProvisionalItemPolicy) +void FrameLoader::stopAllLoaders(ClearProvisionalItemPolicy clearProvisionalItemPolicy, StopLoadingPolicy stopLoadingPolicy) { if (m_frame.document() && m_frame.document()->pageCacheState() == Document::InPageCache) return; -if (!isStopLoadingAllowed()) +if (stopLoadingPolicy == StopLoadingPolicy::PreventDuringUnloadEvents && !isStopLoadingAllowed()) return; // If this method is called from within this method, infinite recursion can occur (3442218). Avoid this. @@ -2822,7 +2822,7 @@ // stopAllLoaders() needs to be called after detachChildren() if the document is not in the page cache, // because detachedChildren() will trigger the unload event handlers of any child frames, and those event // handlers might start a new subresource load in this frame. -stopAllLoaders(); +stopAll
[webkit-changes] [250222] releases/WebKitGTK/webkit-2.26/Source/WebCore
Title: [250222] releases/WebKitGTK/webkit-2.26/Source/WebCore Revision 250222 Author carlo...@webkit.org Date 2019-09-23 03:14:32 -0700 (Mon, 23 Sep 2019) Log Message Merge r249854 - Crash under WebCore::firstPositionInNode() https://bugs.webkit.org/show_bug.cgi?id=201764 Reviewed by Wenson Hsieh and Geoff Garen. Make sure to keep a Ref<> to the textNode when we call insertNodeAtTabSpanPosition() or insertNodeAt(). Test: editing/firstPositionInNode-crash.html * editing/InsertTextCommand.cpp: (WebCore::InsertTextCommand::positionInsideTextNode): Modified Paths releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebCore/editing/InsertTextCommand.cpp Diff Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250221 => 250222) --- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 10:14:29 UTC (rev 250221) +++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 10:14:32 UTC (rev 250222) @@ -1,3 +1,19 @@ +2019-09-13 Chris Dumez + +Crash under WebCore::firstPositionInNode() +https://bugs.webkit.org/show_bug.cgi?id=201764 + + +Reviewed by Wenson Hsieh and Geoff Garen. + +Make sure to keep a Ref<> to the textNode when we call insertNodeAtTabSpanPosition() +or insertNodeAt(). + +Test: editing/firstPositionInNode-crash.html + +* editing/InsertTextCommand.cpp: +(WebCore::InsertTextCommand::positionInsideTextNode): + 2019-09-11 Ali Juma Prevent reentrancy FrameLoader::dispatchUnloadEvents() Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/editing/InsertTextCommand.cpp (250221 => 250222) --- releases/WebKitGTK/webkit-2.26/Source/WebCore/editing/InsertTextCommand.cpp 2019-09-23 10:14:29 UTC (rev 250221) +++ releases/WebKitGTK/webkit-2.26/Source/WebCore/editing/InsertTextCommand.cpp 2019-09-23 10:14:32 UTC (rev 250222) @@ -59,9 +59,8 @@ Position pos = p; if (isTabSpanTextNode(pos.anchorNode())) { auto textNode = document().createEditingTextNode(emptyString()); -auto* textNodePtr = textNode.ptr(); -insertNodeAtTabSpanPosition(WTFMove(textNode), pos); -return firstPositionInNode(textNodePtr); +insertNodeAtTabSpanPosition(textNode.copyRef(), pos); +return firstPositionInNode(textNode.ptr()); } // Prepare for text input by looking at the specified position. @@ -68,9 +67,8 @@ // It may be necessary to insert a text node to receive characters. if (!pos.containerNode()->isTextNode()) { auto textNode = document().createEditingTextNode(emptyString()); -auto* textNodePtr = textNode.ptr(); -insertNodeAt(WTFMove(textNode), pos); -return firstPositionInNode(textNodePtr); +insertNodeAt(textNode.copyRef(), pos); +return firstPositionInNode(textNode.ptr()); } return pos; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250218] releases/WebKitGTK/webkit-2.26
Title: [250218] releases/WebKitGTK/webkit-2.26 Revision 250218 Author carlo...@webkit.org Date 2019-09-23 03:14:16 -0700 (Mon, 23 Sep 2019) Log Message Merge r249594 - REGRESSION (r249367): m_decodingPromises grows indefinitely until ImageLoader destruction https://bugs.webkit.org/show_bug.cgi?id=201402 Patch by Said Abou-Hallawa on 2019-09-06 Reviewed by Youenn Fablet and Daniel Bates. Source/WebCore: Add the static functions resolvePromises() and rejectPromises(). These functions take an lvalue reference to a Vector of promises. Inside them, the lvalue reference argument are exchanged with an empty Vector of promises then the promises are processed. This clears m_decodingPromises and fixes the leak. Add an internal API which returns the count of the pending promises of an HTMLImageElement. This internal API will be used in the attached test. Test: fast/images/decode-resolve-reject-no-leak.html * html/HTMLImageElement.h: (WebCore::HTMLImageElement::pendingDecodePromisesCountForTesting const): * loader/ImageLoader.cpp: (WebCore::resolvePromises): ImageLoader::decode() calls BitmapImage::decode() and moves m_decodingPromises in capture. When decoding finishes, this function is called to resolve the promises. But ImageLoader might get deleted before the image decoding finishes. So this function has to be static. (WebCore::rejectPromises): (WebCore::ImageLoader::resolveDecodePromises): (WebCore::ImageLoader::rejectDecodePromises): (WebCore::ImageLoader::notifyFinished): (WebCore::ImageLoader::decode): (WebCore::resolveDecodePromises): Deleted. (WebCore::rejectDecodePromises): Deleted. * loader/ImageLoader.h: (WebCore::ImageLoader::pendingDecodePromisesCountForTesting const): * testing/Internals.cpp: (WebCore::Internals::imagePendingDecodePromisesCountForTesting): * testing/Internals.h: * testing/Internals.idl: LayoutTests: * fast/images/decode-resolve-reject-no-leak-expected.txt: Added. * fast/images/decode-resolve-reject-no-leak.html: Added. Modified Paths releases/WebKitGTK/webkit-2.26/LayoutTests/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebCore/html/HTMLImageElement.h releases/WebKitGTK/webkit-2.26/Source/WebCore/loader/ImageLoader.cpp releases/WebKitGTK/webkit-2.26/Source/WebCore/loader/ImageLoader.h releases/WebKitGTK/webkit-2.26/Source/WebCore/testing/Internals.cpp releases/WebKitGTK/webkit-2.26/Source/WebCore/testing/Internals.h releases/WebKitGTK/webkit-2.26/Source/WebCore/testing/Internals.idl Added Paths releases/WebKitGTK/webkit-2.26/LayoutTests/fast/images/decode-resolve-reject-no-leak-expected.txt releases/WebKitGTK/webkit-2.26/LayoutTests/fast/images/decode-resolve-reject-no-leak.html Diff Modified: releases/WebKitGTK/webkit-2.26/LayoutTests/ChangeLog (250217 => 250218) --- releases/WebKitGTK/webkit-2.26/LayoutTests/ChangeLog 2019-09-23 09:05:16 UTC (rev 250217) +++ releases/WebKitGTK/webkit-2.26/LayoutTests/ChangeLog 2019-09-23 10:14:16 UTC (rev 250218) @@ -1,3 +1,13 @@ +2019-09-06 Said Abou-Hallawa + +REGRESSION (r249367): m_decodingPromises grows indefinitely until ImageLoader destruction +https://bugs.webkit.org/show_bug.cgi?id=201402 + +Reviewed by Youenn Fablet and Daniel Bates. + +* fast/images/decode-resolve-reject-no-leak-expected.txt: Added. +* fast/images/decode-resolve-reject-no-leak.html: Added. + 2019-09-01 Said Abou-Hallawa HTMLImageElement::decode() should return a resolved promise for decoding non bitmap images Added: releases/WebKitGTK/webkit-2.26/LayoutTests/fast/images/decode-resolve-reject-no-leak-expected.txt (0 => 250218) --- releases/WebKitGTK/webkit-2.26/LayoutTests/fast/images/decode-resolve-reject-no-leak-expected.txt (rev 0) +++ releases/WebKitGTK/webkit-2.26/LayoutTests/fast/images/decode-resolve-reject-no-leak-expected.txt 2019-09-23 10:14:16 UTC (rev 250218) @@ -0,0 +1,15 @@ +Test HTMLImageElement::decode() does not leak the pending promises after resolving or rejecting them. + +On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". + + +Decoding a bitmap image - promises will be resolved: +PASS internals.imagePendingDecodePromisesCountForTesting(image) is 0 +Decoding a SVG image - promises will be resolved: +PASS internals.imagePendingDecodePromisesCountForTesting(image) is 0 +Decoding a broken image - promises will be rejected: +PASS internals.imagePendingDecodePromisesCountForTesting(image) is 0 +PASS successfullyParsed is true + +TEST COMPLETE + Added: releases/WebKitGTK/webkit-2.26/LayoutTests/fast/images/decode-resolve-reject-no-leak.html (0 => 250218) --- releases/WebKitGTK/webkit-2.26/LayoutTests/fast/images/decode-resolve-reject-no-leak.html (rev 0) +++ releases/WebKitGTK/webkit-2.26/LayoutTests/fast/images/decode-resolve-reject-no-leak.html 2019-09-23 10:14:16 UTC (rev 250218) @@ -0,0 +1,74 @@ + + +