[webkit-changes] [250202] releases/WebKitGTK/webkit-2.26
Title: [250202] releases/WebKitGTK/webkit-2.26 Revision 250202 Author carlo...@webkit.org Date 2019-09-23 01:20:50 -0700 (Mon, 23 Sep 2019) Log Message Merge r249810 - [GTK][WPE] webkit_settings_set_user_agent() allows content forbidden in HTTP headers https://bugs.webkit.org/show_bug.cgi?id=201077 Reviewed by Carlos Garcia Campos. Source/WebCore: Add a function to validate whether a string contains a valid value which can be used in a HTTP User-Agent header. Covered by new WebCore API test HTTPParsers.ValidateUserAgentValues. * platform/glib/UserAgentGLib.cpp: (WebCore::standardUserAgent): Assert that the returned string is a valid User-Agent. (WebCore::standardUserAgentForURL): Ditto. * platform/network/HTTPParsers.cpp: Added a series of helper functions which skip over characters of a string, which can be used to scan over the different elements of an User-Agent value; all of them receive the position from the input string where to start scanning, updating it to the position right after the scanned item (this follow the convention already in use by other functions in the source file). Each of them has been annotated with the RFC number and section which contains the definition of the scanned item, and the corresponding BNF rules to make the code easier to follow. (WebCore::skipWhile): Added. (WebCore::isVisibleCharacter): Added. (WebCore::isOctectInFieldContentCharacter): Added. (WebCore::isCommentTextCharacter): Added. (WebCore::isHTTPTokenCharacter): Added. (WebCore::isValidHTTPToken): Refactored to use the new isHTTPTokenCharacter() helper function instead of having the test inside the loop. (WebCore::skipCharacter): Added. (WebCore::skipQuotedPair): Added. (WebCore::skipComment): Added. (WebCore::skipHTTPToken): Added. (WebCore::skipUserAgentProduct): Added. (WebCore::isValidUserAgentHeaderValue): Added. * platform/network/HTTPParsers.h: Add prototype for isValidUserAgentHeaderValue(). Source/WebKit: * UIProcess/API/glib/WebKitSettings.cpp: (webkit_settings_set_user_agent): Check the passed string using the new WebCore::isValidUserAgentHeaderValue() function, and return early without changing the setting if the string is not usable in the User-Agent HTTP header. Tools: * TestWebKitAPI/CMakeLists.txt: Add missing HTTPParsers.cpp to be built into TestWebCore. * TestWebKitAPI/Tests/WebCore/HTTPParsers.cpp: (TestWebKitAPI::TEST): Add tests for WebCore::isValidUserAgentHeaderValue(). Modified Paths releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/glib/UserAgentGLib.cpp releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/network/HTTPParsers.cpp releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/network/HTTPParsers.h releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/API/glib/WebKitSettings.cpp releases/WebKitGTK/webkit-2.26/Tools/ChangeLog releases/WebKitGTK/webkit-2.26/Tools/TestWebKitAPI/CMakeLists.txt releases/WebKitGTK/webkit-2.26/Tools/TestWebKitAPI/Tests/WebCore/HTTPParsers.cpp Diff Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250201 => 250202) --- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 03:46:57 UTC (rev 250201) +++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:20:50 UTC (rev 250202) @@ -1,3 +1,40 @@ +2019-09-12 Adrian Perez de Castro + +[GTK][WPE] webkit_settings_set_user_agent() allows content forbidden in HTTP headers +https://bugs.webkit.org/show_bug.cgi?id=201077 + +Reviewed by Carlos Garcia Campos. + +Add a function to validate whether a string contains a valid value +which can be used in a HTTP User-Agent header. + +Covered by new WebCore API test HTTPParsers.ValidateUserAgentValues. + +* platform/glib/UserAgentGLib.cpp: +(WebCore::standardUserAgent): Assert that the returned string is a valid User-Agent. +(WebCore::standardUserAgentForURL): Ditto. +* platform/network/HTTPParsers.cpp: Added a series of helper functions which skip over +characters of a string, which can be used to scan over the different elements of an +User-Agent value; all of them receive the position from the input string where to start +scanning, updating it to the position right after the scanned item (this follow the +convention already in use by other functions in the source file). Each of them has +been annotated with the RFC number and section which contains the definition of the +scanned item, and the corresponding BNF rules to make the code easier to follow. +(WebCore::skipWhile): Added. +(WebCore::isVisibleCharacter): Added. +(WebCore::isOctectInFieldContentCharacter): Added. +(WebCore::isCommentTextCharacter): Added. +(WebCore::isHTTPTokenCharacter): Added. +(WebCore::isValidHTTPToken): Refactored to use the new i
[webkit-changes] [250205] releases/WebKitGTK/webkit-2.26/Source/WebCore
Title: [250205] releases/WebKitGTK/webkit-2.26/Source/WebCore
Revision 250205
Author carlo...@webkit.org
Date 2019-09-23 01:21:04 -0700 (Mon, 23 Sep 2019)
Log Message
Merge r249951 - [GTK] Cannot create EGL window surface: EGL_BAD_ALLOC
https://bugs.webkit.org/show_bug.cgi?id=201505
Reviewed by Žan Doberšek.
This happens because eglCreateWindowSurface() is called twice for the same window when not using the WPE
renderer. New versions of Mesa fail the second time with a EGL_BAD_ALLOC.
* platform/graphics/egl/GLContextEGL.cpp:
(WebCore::GLContextEGL::createWindowContext): Check surface is nullptr before falling back to use
eglCreateWindowSurface().
Modified Paths
releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/egl/GLContextEGL.cpp
Diff
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250204 => 250205)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:21:01 UTC (rev 250204)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:21:04 UTC (rev 250205)
@@ -1,3 +1,17 @@
+2019-09-17 Carlos Garcia Campos
+
+[GTK] Cannot create EGL window surface: EGL_BAD_ALLOC
+https://bugs.webkit.org/show_bug.cgi?id=201505
+
+Reviewed by Žan Doberšek.
+
+This happens because eglCreateWindowSurface() is called twice for the same window when not using the WPE
+renderer. New versions of Mesa fail the second time with a EGL_BAD_ALLOC.
+
+* platform/graphics/egl/GLContextEGL.cpp:
+(WebCore::GLContextEGL::createWindowContext): Check surface is nullptr before falling back to use
+eglCreateWindowSurface().
+
2019-09-12 Adrian Perez de Castro
[GTK][WPE] webkit_settings_set_user_agent() allows content forbidden in HTTP headers
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/egl/GLContextEGL.cpp (250204 => 250205)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/egl/GLContextEGL.cpp 2019-09-23 08:21:01 UTC (rev 250204)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/egl/GLContextEGL.cpp 2019-09-23 08:21:04 UTC (rev 250205)
@@ -188,7 +188,8 @@
if (platformDisplay.type() == PlatformDisplay::Type::WPE)
surface = createWindowSurfaceWPE(display, config, window);
#else
-surface = eglCreateWindowSurface(display, config, static_cast(window), nullptr);
+if (surface == EGL_NO_SURFACE)
+surface = eglCreateWindowSurface(display, config, static_cast(window), nullptr);
#endif
if (surface == EGL_NO_SURFACE) {
WTFLogAlways("Cannot create EGL window surface: %s\n", lastErrorString());
___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250207] releases/WebKitGTK/webkit-2.26
Title: [250207] releases/WebKitGTK/webkit-2.26
Revision 250207
Author carlo...@webkit.org
Date 2019-09-23 01:21:10 -0700 (Mon, 23 Sep 2019)
Log Message
Merge r249883 - [GTK][WPE] Do not run the Bubblewrap executable when configuring for cross-compilation
https://bugs.webkit.org/show_bug.cgi?id=201340
Reviewed by Konstantin Tokarev.
* Source/cmake/BubblewrapSandboxChecks.cmake: Do not run the
Bubblewrap executable when cross-compiling to guess its version.
Emit a warning instead and trust that valid run-time paths will
be set using the BWRAP_EXECUTABLE and DBUS_PROXY_EXECUTABLE
variables. While at it, fix the regular _expression_ used to match
the version string in the Bubblewrap output when not cross-compiling.
Modified Paths
releases/WebKitGTK/webkit-2.26/ChangeLog
releases/WebKitGTK/webkit-2.26/Source/cmake/BubblewrapSandboxChecks.cmake
Diff
Modified: releases/WebKitGTK/webkit-2.26/ChangeLog (250206 => 250207)
--- releases/WebKitGTK/webkit-2.26/ChangeLog 2019-09-23 08:21:08 UTC (rev 250206)
+++ releases/WebKitGTK/webkit-2.26/ChangeLog 2019-09-23 08:21:10 UTC (rev 250207)
@@ -1,3 +1,17 @@
+2019-09-15 Adrian Perez de Castro
+
+[GTK][WPE] Do not run the Bubblewrap executable when configuring for cross-compilation
+https://bugs.webkit.org/show_bug.cgi?id=201340
+
+Reviewed by Konstantin Tokarev.
+
+* Source/cmake/BubblewrapSandboxChecks.cmake: Do not run the
+Bubblewrap executable when cross-compiling to guess its version.
+Emit a warning instead and trust that valid run-time paths will
+be set using the BWRAP_EXECUTABLE and DBUS_PROXY_EXECUTABLE
+variables. While at it, fix the regular _expression_ used to match
+the version string in the Bubblewrap output when not cross-compiling.
+
2019-09-20 Adrian Perez de Castro
Unreviewed. Update OptionsWPE.cmake and NEWS for the 2.26.0 release
Modified: releases/WebKitGTK/webkit-2.26/Source/cmake/BubblewrapSandboxChecks.cmake (250206 => 250207)
--- releases/WebKitGTK/webkit-2.26/Source/cmake/BubblewrapSandboxChecks.cmake 2019-09-23 08:21:08 UTC (rev 250206)
+++ releases/WebKitGTK/webkit-2.26/Source/cmake/BubblewrapSandboxChecks.cmake 2019-09-23 08:21:10 UTC (rev 250207)
@@ -3,21 +3,7 @@
if (NOT BWRAP_EXECUTABLE)
message(FATAL_ERROR "bwrap executable is needed for ENABLE_BUBBLEWRAP_SANDBOX")
endif ()
-add_definitions(-DBWRAP_EXECUTABLE="${BWRAP_EXECUTABLE}")
-execute_process(
-COMMAND "${BWRAP_EXECUTABLE}" --version
-RESULT_VARIABLE BWRAP_RET
-OUTPUT_VARIABLE BWRAP_OUTPUT
-)
-if (BWRAP_RET)
-message(FATAL_ERROR "Failed to run ${BWRAP_EXECUTABLE}")
-endif ()
-string(REGEX MATCH "([0-9]+.[0-9]+.[0-9]+)" BWRAP_VERSION "${BWRAP_OUTPUT}")
-if (NOT "${BWRAP_VERSION}" VERSION_GREATER_EQUAL "0.3.1")
-message(FATAL_ERROR "bwrap must be >= 0.3.1 but ${BWRAP_VERSION} found")
-endif ()
-
find_package(Libseccomp)
if (NOT LIBSECCOMP_FOUND)
message(FATAL_ERROR "libseccomp is needed for ENABLE_BUBBLEWRAP_SANDBOX")
@@ -27,5 +13,32 @@
if (NOT DBUS_PROXY_EXECUTABLE)
message(FATAL_ERROR "xdg-dbus-proxy not found and is needed for ENABLE_BUBBLEWRAP_SANDBOX")
endif ()
+
+if (NOT CMAKE_CROSSCOMPILING)
+execute_process(
+COMMAND "${BWRAP_EXECUTABLE}" --version
+RESULT_VARIABLE BWRAP_RET
+OUTPUT_VARIABLE BWRAP_OUTPUT
+)
+if (BWRAP_RET)
+message(FATAL_ERROR "Failed to run ${BWRAP_EXECUTABLE}")
+endif ()
+string(REGEX MATCH "[0-9]+\\.[0-9]+\\.[0-9]+" BWRAP_VERSION "${BWRAP_OUTPUT}")
+if (NOT "${BWRAP_VERSION}" VERSION_GREATER_EQUAL "0.3.1")
+message(FATAL_ERROR "bwrap must be >= 0.3.1 but ${BWRAP_VERSION} found")
+endif ()
+elseif (NOT SILENCE_CROSS_COMPILATION_NOTICES)
+message(NOTICE
+"******\n"
+"*** Cannot check Bubblewrap version when cross-compiling. ***\n"
+"*** The target system MUST have version 0.3.1 or newer. ***\n"
+"*** Use the BWRAP_EXECUTABLE and DBUS_PROXY_EXECUTABLE***\n"
+"*** variables to set the run-time paths for the 'bwrap' ***\n"
+"*** and 'xdg-dbus-proxy' programs.***\n"
+"******"
+)
+endif ()
+
+add_definitions(-DBWRAP_EXECUTABLE="${BWRAP_EXECUTABLE}")
add_definitions(-DDBUS_PROXY_EXECUTABLE="${DBUS_PROXY_EXECUTABLE}")
endif ()
___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250204] releases/WebKitGTK/webkit-2.26/Source/WebKit
Title: [250204] releases/WebKitGTK/webkit-2.26/Source/WebKit Revision 250204 Author carlo...@webkit.org Date 2019-09-23 01:21:01 -0700 (Mon, 23 Sep 2019) Log Message Merge r249947 - [GTK] Crash closing web view while hardware acceleration is enabled https://bugs.webkit.org/show_bug.cgi?id=200856 Reviewed by Michael Catanzaro. The crash happens when destroying the WaylandCompositor::Surface because the web view GL context is used to release the texture, but the GL context is no longer valid after web view unrealize. AcceleratedBackingStoreWayland should handle the web view unrealize to destroy the GL context. It will be created on demand again after the web view is realized. * UIProcess/API/gtk/WebKitWebViewBase.cpp: (webkitWebViewBaseRealize): Notify AcceleratedBackingStore. (webkitWebViewBaseUnrealize): Ditto. * UIProcess/gtk/AcceleratedBackingStore.h: (WebKit::AcceleratedBackingStore::realize): Added. (WebKit::AcceleratedBackingStore::unrealize): Added. * UIProcess/gtk/AcceleratedBackingStoreWayland.cpp: (WebKit::AcceleratedBackingStoreWayland::realize): In case of using WaylandCompositor, call WaylandCompositor::bindWebPage() to bind the WebPageProxy to the Wayland surface. (WebKit::AcceleratedBackingStoreWayland::unrealize): Destroy GL resources and the GL context. (WebKit::AcceleratedBackingStoreWayland::tryEnsureGLContext): Do not try to create the GL context if the web view is not realized. (WebKit::AcceleratedBackingStoreWayland::displayBuffer): Remove the code to initialize the texture. (WebKit::AcceleratedBackingStoreWayland::paint): And add it here. * UIProcess/gtk/AcceleratedBackingStoreWayland.h: * UIProcess/gtk/WaylandCompositor.cpp: (WebKit::WaylandCompositor::Surface::setWebPage): Return early if given page is the current one already. (WebKit::WaylandCompositor::bindWebPage): Set the surface WebPageProxy. (WebKit::WaylandCompositor::unbindWebPage): Unset the surface WebPageProxy. * UIProcess/gtk/WaylandCompositor.h: * WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp: (WebKit::DrawingAreaCoordinatedGraphics::enterAcceleratedCompositingMode): When restoring a previous layer tree host, always call resumeRendering() to balance the suspendRendering() called in exitAcceleratedCompositingMode(). Modified Paths releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/gtk/AcceleratedBackingStore.h releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/gtk/AcceleratedBackingStoreWayland.cpp releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/gtk/AcceleratedBackingStoreWayland.h releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/gtk/WaylandCompositor.cpp releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/gtk/WaylandCompositor.h releases/WebKitGTK/webkit-2.26/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp Diff Modified: releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog (250203 => 250204) --- releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:20:55 UTC (rev 250203) +++ releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:21:01 UTC (rev 250204) @@ -1,3 +1,39 @@ +2019-09-17 Carlos Garcia Campos + +[GTK] Crash closing web view while hardware acceleration is enabled +https://bugs.webkit.org/show_bug.cgi?id=200856 + +Reviewed by Michael Catanzaro. + +The crash happens when destroying the WaylandCompositor::Surface because the web view GL context is used to +release the texture, but the GL context is no longer valid after web view +unrealize. AcceleratedBackingStoreWayland should handle the web view unrealize to destroy the GL context. It +will be created on demand again after the web view is realized. + +* UIProcess/API/gtk/WebKitWebViewBase.cpp: +(webkitWebViewBaseRealize): Notify AcceleratedBackingStore. +(webkitWebViewBaseUnrealize): Ditto. +* UIProcess/gtk/AcceleratedBackingStore.h: +(WebKit::AcceleratedBackingStore::realize): Added. +(WebKit::AcceleratedBackingStore::unrealize): Added. +* UIProcess/gtk/AcceleratedBackingStoreWayland.cpp: +(WebKit::AcceleratedBackingStoreWayland::realize): In case of using WaylandCompositor, call +WaylandCompositor::bindWebPage() to bind the WebPageProxy to the Wayland surface. +(WebKit::AcceleratedBackingStoreWayland::unrealize): Destroy GL resources and the GL context. +(WebKit::AcceleratedBackingStoreWayland::tryEnsureGLContext): Do not try to create the GL context if the web +view is not realized. +(WebKit::AcceleratedBackingStoreWayland::displayBuffer): Remove the code to initialize the texture. +(WebKit::AcceleratedBackingStoreWayland::paint): And add it here. +* UIProcess/gtk/AcceleratedBackingStoreWayland.h: +
[webkit-changes] [250203] releases/WebKitGTK/webkit-2.26
Title: [250203] releases/WebKitGTK/webkit-2.26
Revision 250203
Author carlo...@webkit.org
Date 2019-09-23 01:20:55 -0700 (Mon, 23 Sep 2019)
Log Message
Merge r249890 - REGRESSION(r249142): [GTK] Epiphany delayed page loads continue indefinitely
https://bugs.webkit.org/show_bug.cgi?id=201544
Reviewed by Michael Catanzaro.
Source/WebKit:
WebPageProxy::loadAlternateHTML() is an exception, because it's an API request but always sets the navigationID
to 0. We always want to reset the pending API request URL when alternate HTML load starts.
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::didStartProvisionalLoadForFrameShared): Check also that it's an API alternate HTML load
to reset the pending API request URL.
Tools:
Add new test cases.
* TestWebKitAPI/Tests/WebKitGLib/TestLoaderClient.cpp:
(testWebViewActiveURI):
(testWebViewIsLoading):
* TestWebKitAPI/glib/WebKitGLib/LoadTrackingTest.cpp:
(loadChangedCallback):
(LoadTrackingTest::loadAlternateHTML):
(LoadTrackingTest::reset):
* TestWebKitAPI/glib/WebKitGLib/LoadTrackingTest.h:
Modified Paths
releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog
releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/WebPageProxy.cpp
releases/WebKitGTK/webkit-2.26/Tools/ChangeLog
releases/WebKitGTK/webkit-2.26/Tools/TestWebKitAPI/Tests/WebKitGLib/TestLoaderClient.cpp
releases/WebKitGTK/webkit-2.26/Tools/TestWebKitAPI/glib/WebKitGLib/LoadTrackingTest.cpp
releases/WebKitGTK/webkit-2.26/Tools/TestWebKitAPI/glib/WebKitGLib/LoadTrackingTest.h
Diff
Modified: releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog (250202 => 250203)
--- releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:20:50 UTC (rev 250202)
+++ releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:20:55 UTC (rev 250203)
@@ -1,3 +1,17 @@
+2019-09-16 Carlos Garcia Campos
+
+REGRESSION(r249142): [GTK] Epiphany delayed page loads continue indefinitely
+https://bugs.webkit.org/show_bug.cgi?id=201544
+
+Reviewed by Michael Catanzaro.
+
+WebPageProxy::loadAlternateHTML() is an exception, because it's an API request but always sets the navigationID
+to 0. We always want to reset the pending API request URL when alternate HTML load starts.
+
+* UIProcess/WebPageProxy.cpp:
+(WebKit::WebPageProxy::didStartProvisionalLoadForFrameShared): Check also that it's an API alternate HTML load
+to reset the pending API request URL.
+
2019-09-12 Adrian Perez de Castro
[GTK][WPE] webkit_settings_set_user_agent() allows content forbidden in HTTP headers
Modified: releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/WebPageProxy.cpp (250202 => 250203)
--- releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/WebPageProxy.cpp 2019-09-23 08:20:50 UTC (rev 250202)
+++ releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/WebPageProxy.cpp 2019-09-23 08:20:55 UTC (rev 250203)
@@ -4008,8 +4008,8 @@
RELEASE_LOG_IF_ALLOWED(Loading, "didStartProvisionalLoadForFrame: webPID = %i, pageID = %" PRIu64 ", frameID = %" PRIu64, process->processIdentifier(), m_pageID.toUInt64(), frameID.toUInt64());
auto transaction = m_pageLoadState.transaction();
-
-if (navigation)
+bool fromAlternateHTMLAPI = !unreachableURL.isEmpty() && unreachableURL == m_pageLoadState.pendingAPIRequestURL();
+if (navigation || fromAlternateHTMLAPI)
m_pageLoadState.clearPendingAPIRequest(transaction);
if (frame->isMainFrame()) {
Modified: releases/WebKitGTK/webkit-2.26/Tools/ChangeLog (250202 => 250203)
--- releases/WebKitGTK/webkit-2.26/Tools/ChangeLog 2019-09-23 08:20:50 UTC (rev 250202)
+++ releases/WebKitGTK/webkit-2.26/Tools/ChangeLog 2019-09-23 08:20:55 UTC (rev 250203)
@@ -1,3 +1,21 @@
+2019-09-16 Carlos Garcia Campos
+
+REGRESSION(r249142): [GTK] Epiphany delayed page loads continue indefinitely
+https://bugs.webkit.org/show_bug.cgi?id=201544
+
+Reviewed by Michael Catanzaro.
+
+Add new test cases.
+
+* TestWebKitAPI/Tests/WebKitGLib/TestLoaderClient.cpp:
+(testWebViewActiveURI):
+(testWebViewIsLoading):
+* TestWebKitAPI/glib/WebKitGLib/LoadTrackingTest.cpp:
+(loadChangedCallback):
+(LoadTrackingTest::loadAlternateHTML):
+(LoadTrackingTest::reset):
+* TestWebKitAPI/glib/WebKitGLib/LoadTrackingTest.h:
+
2019-09-12 Adrian Perez de Castro
[GTK][WPE] webkit_settings_set_user_agent() allows content forbidden in HTTP headers
Modified: releases/WebKitGTK/webkit-2.26/Tools/TestWebKitAPI/Tests/WebKitGLib/TestLoaderClient.cpp (250202 => 250203)
--- releases/WebKitGTK/webkit-2.26/Tools/TestWebKitAPI/Tests/WebKitGLib/TestLoaderClient.cpp 2019-09-23 08:20:50 UTC (rev 250202)
+++ releases/WebKitGTK/webkit-2.26/Tools/TestWebKitAPI/Tests/WebKitGLib/TestLoaderClient.cpp 2019-09-23 08:20:55 UTC (rev 250203)
@@ -294,6 +294,13 @@
LoadTrackingTest::loadURI(uri);
}
+void lo
[webkit-changes] [250206] releases/WebKitGTK/webkit-2.26/Source/WebKit
Title: [250206] releases/WebKitGTK/webkit-2.26/Source/WebKit
Revision 250206
Author carlo...@webkit.org
Date 2019-09-23 01:21:08 -0700 (Mon, 23 Sep 2019)
Log Message
Merge r250036 - [GTK][WPE] bubblewrap sandbox should be disabled when running inside docker
https://bugs.webkit.org/show_bug.cgi?id=201914
Reviewed by Michael Catanzaro.
Detect if running inside Docker by checking the file /.dockerenv
In that case, disable the sandbox.
* UIProcess/Launcher/glib/ProcessLauncherGLib.cpp:
(WebKit::isInsideDocker):
(WebKit::ProcessLauncher::launchProcess):
Modified Paths
releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog
releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp
Diff
Modified: releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog (250205 => 250206)
--- releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:21:04 UTC (rev 250205)
+++ releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:21:08 UTC (rev 250206)
@@ -1,3 +1,17 @@
+2019-09-18 Carlos Alberto Lopez Perez
+
+[GTK][WPE] bubblewrap sandbox should be disabled when running inside docker
+https://bugs.webkit.org/show_bug.cgi?id=201914
+
+Reviewed by Michael Catanzaro.
+
+Detect if running inside Docker by checking the file /.dockerenv
+In that case, disable the sandbox.
+
+* UIProcess/Launcher/glib/ProcessLauncherGLib.cpp:
+(WebKit::isInsideDocker):
+(WebKit::ProcessLauncher::launchProcess):
+
2019-09-17 Carlos Garcia Campos
[GTK] Crash closing web view while hardware acceleration is enabled
Modified: releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp (250205 => 250206)
--- releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp 2019-09-23 08:21:04 UTC (rev 250205)
+++ releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp 2019-09-23 08:21:08 UTC (rev 250206)
@@ -50,6 +50,16 @@
}
#if ENABLE(BUBBLEWRAP_SANDBOX)
+static bool isInsideDocker()
+{
+static Optional ret;
+if (ret)
+return *ret;
+
+ret = g_file_test("/.dockerenv", G_FILE_TEST_EXISTS);
+return *ret;
+}
+
static bool isInsideFlatpak()
{
static Optional ret;
@@ -146,9 +156,9 @@
if (sandboxEnv)
sandboxEnabled = !strcmp(sandboxEnv, "1");
-// You cannot use bubblewrap within Flatpak so lets ensure it never happens.
+// You cannot use bubblewrap within Flatpak or Docker so lets ensure it never happens.
// Snap can allow it but has its own limitations that require workarounds.
-if (sandboxEnabled && !isInsideFlatpak() && !isInsideSnap())
+if (sandboxEnabled && !isInsideFlatpak() && !isInsideSnap() && !isInsideDocker())
process = bubblewrapSpawn(launcher.get(), m_launchOptions, argv, &error.outPtr());
else
#endif
___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250210] releases/WebKitGTK/webkit-2.26/Source/WebCore
Title: [250210] releases/WebKitGTK/webkit-2.26/Source/WebCore
Revision 250210
Author carlo...@webkit.org
Date 2019-09-23 01:39:16 -0700 (Mon, 23 Sep 2019)
Log Message
Revert r249160 - "InlineTextBox::end() should return first-past-end offset"
Modified Paths
releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.26/Source/WebCore/dom/Position.cpp
releases/WebKitGTK/webkit-2.26/Source/WebCore/layout/Verification.cpp
releases/WebKitGTK/webkit-2.26/Source/WebCore/rendering/InlineFlowBox.cpp
releases/WebKitGTK/webkit-2.26/Source/WebCore/rendering/InlineTextBox.cpp
releases/WebKitGTK/webkit-2.26/Source/WebCore/rendering/InlineTextBox.h
releases/WebKitGTK/webkit-2.26/Source/WebCore/rendering/RenderText.cpp
releases/WebKitGTK/webkit-2.26/Source/WebCore/rendering/RenderTextLineBoxes.cpp
Diff
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250209 => 250210)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:39:11 UTC (rev 250209)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:39:16 UTC (rev 250210)
@@ -1642,47 +1642,6 @@
* testing/InternalSettings.h:
* testing/InternalSettings.idl:
-2019-08-27 Antti Koivisto
-
-InlineTextBox::end() should return first-past-end offset
-https://bugs.webkit.org/show_bug.cgi?id=201181
-
-Reviewed by Zalan Bujtas.
-
-It currently points to the last character, except for empty text boxes.
-This is awkward in itself and also inconsistent, as we use first-past-end offset everywhere else.
-
-* dom/Position.cpp:
-(WebCore::Position::downstream const):
-
-Add a check for zero length case to avoid changing behavior.
-
-* layout/Verification.cpp:
-(WebCore::Layout::checkForMatchingTextRuns):
-(WebCore::Layout::outputMismatchingComplexLineInformationIfNeeded):
-* rendering/InlineFlowBox.cpp:
-(WebCore::InlineFlowBox::placeBoxRangeInInlineDirection):
-* rendering/InlineTextBox.cpp:
-(WebCore::InlineTextBox::paint):
-(WebCore::InlineTextBox::calculateDocumentMarkerBounds const):
-(WebCore::InlineTextBox::collectMarkedTextsForDocumentMarkers const):
-(WebCore::InlineTextBox::paintCompositionUnderlines const):
-(WebCore::InlineTextBox::paintCompositionUnderline const):
-* rendering/InlineTextBox.h:
-(WebCore::InlineTextBox::end const):
-
-end = start + len
-
-* rendering/RenderText.cpp:
-(WebCore::RenderText::setTextWithOffset):
-* rendering/RenderTextLineBoxes.cpp:
-(WebCore::localQuadForTextBox):
-(WebCore::RenderTextLineBoxes::absoluteRectsForRange const):
-(WebCore::RenderTextLineBoxes::absoluteQuadsForRange const):
-(WebCore::RenderTextLineBoxes::dirtyRange):
-
-Here the incoming 'end' used linebox style too, move that to the new definition too.
-
2019-08-27 Chris Dumez
Crash under WebCore::jsNotificationConstructorPermission
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/dom/Position.cpp (250209 => 250210)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/dom/Position.cpp 2019-09-23 08:39:11 UTC (rev 250209)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/dom/Position.cpp 2019-09-23 08:39:16 UTC (rev 250210)
@@ -873,10 +873,7 @@
unsigned textOffset = currentPosition.offsetInLeafNode();
auto lastTextBox = textRenderer.lastTextBox();
for (auto* box = textRenderer.firstTextBox(); box; box = box->nextTextBox()) {
-if (!box->len() && textOffset == box->start())
-return currentPosition;
-
-if (textOffset < box->end()) {
+if (textOffset <= box->end()) {
if (textOffset >= box->start())
return currentPosition;
continue;
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/layout/Verification.cpp (250209 => 250210)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/layout/Verification.cpp 2019-09-23 08:39:11 UTC (rev 250209)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/layout/Verification.cpp 2019-09-23 08:39:16 UTC (rev 250210)
@@ -120,7 +120,7 @@
&& areEssentiallyEqual(inlineTextBox.logicalTop(), inlineRun.logicalTop())
&& areEssentiallyEqual(inlineTextBox.logicalBottom(), inlineRun.logicalBottom())
&& inlineTextBox.start() == inlineRun.textContext()->start()
-&& inlineTextBox.end() == inlineRun.textContext()->end();
+&& (inlineTextBox.end() + 1) == inlineRun.textContext()->end();
}
static void collectFlowBoxSubtree(const InlineFlowBox& flowbox, Vector& inlineBoxes)
@@ -184,7 +184,7 @@
stream << "Mismatching: run";
if (inlineTextBox)
-stream << " (" << inlineTextBox->start() << ", " << inlineTextBox->end() << ")";
+
[webkit-changes] [250209] releases/WebKitGTK/webkit-2.26/Source/WebKit
Title: [250209] releases/WebKitGTK/webkit-2.26/Source/WebKit
Revision 250209
Author carlo...@webkit.org
Date 2019-09-23 01:39:11 -0700 (Mon, 23 Sep 2019)
Log Message
Merge r249953 - [GTK] Initial view loading is slow
https://bugs.webkit.org/show_bug.cgi?id=201451
Reviewed by Sergio Villar Senin.
The problem is that now we are always calling DrawingAreaProxy::waitForBackingStoreUpdateOnNextPaint() after a
new process is launched and we used to do that only when launching a new process after a crash. This makes
m_hasReceivedFirstUpdate useless, because it's always set to true right after a process is launched. Then, we
wait up to half a second (which is usually the case for the initial load) until the first update. We only want
to do that when recovering from a crash or when swapping processes to avoid flashing effect.
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::launchProcess): Add ProcessLaunchReason parameter and pass it to
finishAttachingToWebProcess instead of IsProcessSwap.
(WebKit::WebPageProxy::swapToWebProcess): Pass ProcessLaunchReason::ProcessSwap to
finishAttachingToWebProcess().
(WebKit::WebPageProxy::finishAttachingToWebProcess): Do not call
DrawingAreaProxy::waitForBackingStoreUpdateOnNextPaint() when process launch reason is ProcessLaunchReason::InitialProcess.
(WebKit::WebPageProxy::launchProcessForReload): Pass ProcessLaunchReason::Reload to launchProcess().
* UIProcess/WebPageProxy.h: Remove IsProcessSwap and add ProcessLaunchReason instead that is passed to
launchProcess and finishAttachingToWebProcess.
Modified Paths
releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog
releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/WebPageProxy.cpp
releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/WebPageProxy.h
Diff
Modified: releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog (250208 => 250209)
--- releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:39:08 UTC (rev 250208)
+++ releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:39:11 UTC (rev 250209)
@@ -1,3 +1,27 @@
+2019-09-17 Carlos Garcia Campos
+
+[GTK] Initial view loading is slow
+https://bugs.webkit.org/show_bug.cgi?id=201451
+
+Reviewed by Sergio Villar Senin.
+
+The problem is that now we are always calling DrawingAreaProxy::waitForBackingStoreUpdateOnNextPaint() after a
+new process is launched and we used to do that only when launching a new process after a crash. This makes
+m_hasReceivedFirstUpdate useless, because it's always set to true right after a process is launched. Then, we
+wait up to half a second (which is usually the case for the initial load) until the first update. We only want
+to do that when recovering from a crash or when swapping processes to avoid flashing effect.
+
+* UIProcess/WebPageProxy.cpp:
+(WebKit::WebPageProxy::launchProcess): Add ProcessLaunchReason parameter and pass it to
+finishAttachingToWebProcess instead of IsProcessSwap.
+(WebKit::WebPageProxy::swapToWebProcess): Pass ProcessLaunchReason::ProcessSwap to
+finishAttachingToWebProcess().
+(WebKit::WebPageProxy::finishAttachingToWebProcess): Do not call
+DrawingAreaProxy::waitForBackingStoreUpdateOnNextPaint() when process launch reason is ProcessLaunchReason::InitialProcess.
+(WebKit::WebPageProxy::launchProcessForReload): Pass ProcessLaunchReason::Reload to launchProcess().
+* UIProcess/WebPageProxy.h: Remove IsProcessSwap and add ProcessLaunchReason instead that is passed to
+launchProcess and finishAttachingToWebProcess.
+
2019-09-18 Carlos Alberto Lopez Perez
[GTK][WPE] bubblewrap sandbox should be disabled when running inside docker
Modified: releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/WebPageProxy.cpp (250208 => 250209)
--- releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/WebPageProxy.cpp 2019-09-23 08:39:08 UTC (rev 250208)
+++ releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/WebPageProxy.cpp 2019-09-23 08:39:11 UTC (rev 250209)
@@ -718,7 +718,7 @@
});
}
-void WebPageProxy::launchProcess(const RegistrableDomain& registrableDomain)
+void WebPageProxy::launchProcess(const RegistrableDomain& registrableDomain, ProcessLaunchReason reason)
{
ASSERT(!m_isClosed);
ASSERT(!hasRunningProcess());
@@ -740,7 +740,7 @@
m_process->addExistingWebPage(*this, WebProcessProxy::BeginsUsingDataStore::Yes);
m_process->addMessageReceiver(Messages::WebPageProxy::messageReceiverName(), m_pageID, *this);
-finishAttachingToWebProcess(IsProcessSwap::No);
+finishAttachingToWebProcess(reason);
}
bool WebPageProxy::suspendCurrentPageIfPossible(API::Navigation& navigation, Optional mainFrameID, ProcessSwapRequestedByClient processSwapRequestedByClient, ShouldDelayClosingUntilEnteringAcceleratedCompositingMode shouldDelayClosingUntilEnteringAcceleratedCompositingMode)
@@ -81
[webkit-changes] [250211] releases/WebKitGTK/webkit-2.26/Source/WebKit
Title: [250211] releases/WebKitGTK/webkit-2.26/Source/WebKit
Revision 250211
Author carlo...@webkit.org
Date 2019-09-23 01:46:32 -0700 (Mon, 23 Sep 2019)
Log Message
Merge r249882 - [GTK][WPE] Check for a Snap sandbox a bit harder
https://bugs.webkit.org/show_bug.cgi?id=201793
Reviewed by Michael Catanzaro.
* UIProcess/Launcher/glib/ProcessLauncherGLib.cpp:
(WebKit::isInsideSnap): Check whether the SNAP_NAME and SNAP_REVISION
environment variables are defined as well.
Modified Paths
releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog
releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp
Diff
Modified: releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog (250210 => 250211)
--- releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:39:16 UTC (rev 250210)
+++ releases/WebKitGTK/webkit-2.26/Source/WebKit/ChangeLog 2019-09-23 08:46:32 UTC (rev 250211)
@@ -1,3 +1,14 @@
+2019-09-14 Adrian Perez de Castro
+
+[GTK][WPE] Check for a Snap sandbox a bit harder
+https://bugs.webkit.org/show_bug.cgi?id=201793
+
+Reviewed by Michael Catanzaro.
+
+* UIProcess/Launcher/glib/ProcessLauncherGLib.cpp:
+(WebKit::isInsideSnap): Check whether the SNAP_NAME and SNAP_REVISION
+environment variables are defined as well.
+
2019-09-17 Carlos Garcia Campos
[GTK] Initial view loading is slow
Modified: releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp (250210 => 250211)
--- releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp 2019-09-23 08:39:16 UTC (rev 250210)
+++ releases/WebKitGTK/webkit-2.26/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp 2019-09-23 08:46:32 UTC (rev 250211)
@@ -76,7 +76,10 @@
if (ret)
return *ret;
-ret = g_getenv("SNAP");
+// The "SNAP" environment variable is not unlikely to be set for/by something other
+// than Snap, so check a couple of additional variables to avoid false positives.
+// See: https://snapcraft.io/docs/environment-variables
+ret = g_getenv("SNAP") && g_getenv("SNAP_NAME") && g_getenv("SNAP_REVISION");
return *ret;
}
#endif
___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250212] releases/WebKitGTK/webkit-2.26/Source/WebCore
Title: [250212] releases/WebKitGTK/webkit-2.26/Source/WebCore
Revision 250212
Author carlo...@webkit.org
Date 2019-09-23 01:46:35 -0700 (Mon, 23 Sep 2019)
Log Message
Merge r249477 - [GStreamer] Sound is down-pitched when playing video from YLE Areena
https://bugs.webkit.org/show_bug.cgi?id=201399
Reviewed by Xabier Rodriguez-Calvar.
If the FDK-AAC decoder is available, promote it and downrank the
libav AAC decoders, due to their broken LC support, as reported in:
https://ffmpeg.org/pipermail/ffmpeg-devel/2019-July/247063.html
* platform/graphics/gstreamer/GStreamerCommon.cpp:
(WebCore::initializeGStreamer):
Modified Paths
releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp
Diff
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250211 => 250212)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:46:32 UTC (rev 250211)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:46:35 UTC (rev 250212)
@@ -1,3 +1,17 @@
+2019-09-04 Philippe Normand
+
+[GStreamer] Sound is down-pitched when playing video from YLE Areena
+https://bugs.webkit.org/show_bug.cgi?id=201399
+
+Reviewed by Xabier Rodriguez-Calvar.
+
+If the FDK-AAC decoder is available, promote it and downrank the
+libav AAC decoders, due to their broken LC support, as reported in:
+https://ffmpeg.org/pipermail/ffmpeg-devel/2019-July/247063.html
+
+* platform/graphics/gstreamer/GStreamerCommon.cpp:
+(WebCore::initializeGStreamer):
+
2019-09-17 Carlos Garcia Campos
[GTK] Cannot create EGL window surface: EGL_BAD_ALLOC
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp (250211 => 250212)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp 2019-09-23 08:46:32 UTC (rev 250211)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp 2019-09-23 08:46:35 UTC (rev 250212)
@@ -253,6 +253,23 @@
if (isGStreamerInitialized)
gst_mpegts_initialize();
#endif
+
+// If the FDK-AAC decoder is available, promote it and downrank the
+// libav AAC decoders, due to their broken LC support, as reported in:
+// https://ffmpeg.org/pipermail/ffmpeg-devel/2019-July/247063.html
+GRefPtr aacDecoder = adoptGRef(gst_element_factory_make("fdkaacdec", nullptr));
+if (aacDecoder) {
+GstElementFactory* factory = gst_element_get_factory(aacDecoder.get());
+gst_plugin_feature_set_rank(GST_PLUGIN_FEATURE_CAST(factory), GST_RANK_PRIMARY);
+
+const char* const elementNames[] = {"avdec_aac", "avdec_aac_fixed", "avdec_aac_latm"};
+for (unsigned i = 0; i < G_N_ELEMENTS(elementNames); i++) {
+GRefPtr avAACDecoder = adoptGRef(gst_element_factory_make(elementNames[i], nullptr));
+if (avAACDecoder)
+gst_plugin_feature_set_rank(GST_PLUGIN_FEATURE_CAST(gst_element_get_factory(avAACDecoder.get())), GST_RANK_MARGINAL);
+}
+}
+
#endif
});
return isGStreamerInitialized;
___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250214] releases/WebKitGTK/webkit-2.26/Source/WebCore
Title: [250214] releases/WebKitGTK/webkit-2.26/Source/WebCore
Revision 250214
Author carlo...@webkit.org
Date 2019-09-23 01:46:42 -0700 (Mon, 23 Sep 2019)
Log Message
Merge r249937 - [Cairo] Image::drawTiled → Cairo::drawSurface → cairo_paint_with_alpha → segfault happens in pixman
https://bugs.webkit.org/show_bug.cgi?id=201755
Reviewed by Don Olmstead.
Segmentation faults happened in pixman while painting a image. In
Cairo::drawSurface, originalSrcRect can be slightly larger than
the surface size because of floating number calculations.
Cairo::drawSurface created a subsurface which is running over the
parent surface boundaries.
* platform/graphics/cairo/CairoOperations.cpp:
(WebCore::Cairo::drawSurface): Calculated a intersection with
expandedSrcRect and the parent surface size for subsurface size.
Modified Paths
releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/CairoOperations.cpp
Diff
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250213 => 250214)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:46:39 UTC (rev 250213)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:46:42 UTC (rev 250214)
@@ -1,3 +1,20 @@
+2019-09-16 Fujii Hironori
+
+[Cairo] Image::drawTiled → Cairo::drawSurface → cairo_paint_with_alpha → segfault happens in pixman
+https://bugs.webkit.org/show_bug.cgi?id=201755
+
+Reviewed by Don Olmstead.
+
+Segmentation faults happened in pixman while painting a image. In
+Cairo::drawSurface, originalSrcRect can be slightly larger than
+the surface size because of floating number calculations.
+Cairo::drawSurface created a subsurface which is running over the
+parent surface boundaries.
+
+* platform/graphics/cairo/CairoOperations.cpp:
+(WebCore::Cairo::drawSurface): Calculated a intersection with
+expandedSrcRect and the parent surface size for subsurface size.
+
2019-09-11 Charlie Turner
[GStreamer] Do not adopt floating references.
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/CairoOperations.cpp (250213 => 250214)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/CairoOperations.cpp 2019-09-23 08:46:39 UTC (rev 250213)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/CairoOperations.cpp 2019-09-23 08:46:42 UTC (rev 250214)
@@ -933,6 +933,7 @@
if (srcRect.x() || srcRect.y() || srcRect.size() != cairoSurfaceSize(surface)) {
// Cairo subsurfaces don't support floating point boundaries well, so we expand the rectangle.
IntRect expandedSrcRect(enclosingIntRect(srcRect));
+expandedSrcRect.intersect({ { }, cairoSurfaceSize(surface) });
// We use a subsurface here so that we don't end up sampling outside the originalSrcRect rectangle.
// See https://bugs.webkit.org/show_bug.cgi?id=58309
___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250215] releases/WebKitGTK/webkit-2.26/Source/WebCore
Title: [250215] releases/WebKitGTK/webkit-2.26/Source/WebCore
Revision 250215
Author carlo...@webkit.org
Date 2019-09-23 01:46:46 -0700 (Mon, 23 Sep 2019)
Log Message
Merge r250027 - [cairo] Incorrect targetRect in BackingStoreBackendCairoImpl::scroll
https://bugs.webkit.org/show_bug.cgi?id=201895
Reviewed by Carlos Garcia Campos.
In BackingStoreBackendCairoImpl::scroll, targetRect is calculated
wrongly by shifting maxX and maxY. Bug 59655 fixed the issue by
removing the shifting, but only for BackingStoreBackendCairoX11::scroll.
No new tests, no behavior change.
* platform/graphics/cairo/BackingStoreBackendCairoImpl.cpp:
(WebCore::BackingStoreBackendCairoImpl::scroll): Take intersection of targetRect and scrollRect.
Modified Paths
releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/BackingStoreBackendCairoImpl.cpp
Diff
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250214 => 250215)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:46:42 UTC (rev 250214)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:46:46 UTC (rev 250215)
@@ -1,3 +1,19 @@
+2019-09-18 Fujii Hironori
+
+[cairo] Incorrect targetRect in BackingStoreBackendCairoImpl::scroll
+https://bugs.webkit.org/show_bug.cgi?id=201895
+
+Reviewed by Carlos Garcia Campos.
+
+In BackingStoreBackendCairoImpl::scroll, targetRect is calculated
+wrongly by shifting maxX and maxY. Bug 59655 fixed the issue by
+removing the shifting, but only for BackingStoreBackendCairoX11::scroll.
+
+No new tests, no behavior change.
+
+* platform/graphics/cairo/BackingStoreBackendCairoImpl.cpp:
+(WebCore::BackingStoreBackendCairoImpl::scroll): Take intersection of targetRect and scrollRect.
+
2019-09-16 Fujii Hironori
[Cairo] Image::drawTiled → Cairo::drawSurface → cairo_paint_with_alpha → segfault happens in pixman
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/BackingStoreBackendCairoImpl.cpp (250214 => 250215)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/BackingStoreBackendCairoImpl.cpp 2019-09-23 08:46:42 UTC (rev 250214)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/cairo/BackingStoreBackendCairoImpl.cpp 2019-09-23 08:46:46 UTC (rev 250215)
@@ -54,8 +54,7 @@
{
IntRect targetRect = scrollRect;
targetRect.move(scrollOffset);
-targetRect.shiftMaxXEdgeTo(targetRect.maxX() - scrollOffset.width());
-targetRect.shiftMaxYEdgeTo(targetRect.maxY() - scrollOffset.height());
+targetRect.intersect(scrollRect);
if (targetRect.isEmpty())
return;
___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250213] releases/WebKitGTK/webkit-2.26/Source/WebCore
Title: [250213] releases/WebKitGTK/webkit-2.26/Source/WebCore
Revision 250213
Author carlo...@webkit.org
Date 2019-09-23 01:46:39 -0700 (Mon, 23 Sep 2019)
Log Message
Merge r249761 - [GStreamer] Do not adopt floating references.
https://bugs.webkit.org/show_bug.cgi?id=201685
Reviewed by Carlos Garcia Campos.
Covered by existing tests.
* platform/graphics/gstreamer/GStreamerCommon.cpp:
(WebCore::initializeGStreamer): gst_element_factory_make returns
floating references, you do not adopt such references, rather you
sink them.
Modified Paths
releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp
Diff
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250212 => 250213)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:46:35 UTC (rev 250212)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 08:46:39 UTC (rev 250213)
@@ -1,3 +1,17 @@
+2019-09-11 Charlie Turner
+
+[GStreamer] Do not adopt floating references.
+https://bugs.webkit.org/show_bug.cgi?id=201685
+
+Reviewed by Carlos Garcia Campos.
+
+Covered by existing tests.
+
+* platform/graphics/gstreamer/GStreamerCommon.cpp:
+(WebCore::initializeGStreamer): gst_element_factory_make returns
+floating references, you do not adopt such references, rather you
+sink them.
+
2019-09-04 Philippe Normand
[GStreamer] Sound is down-pitched when playing video from YLE Areena
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp (250212 => 250213)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp 2019-09-23 08:46:35 UTC (rev 250212)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp 2019-09-23 08:46:39 UTC (rev 250213)
@@ -257,7 +257,7 @@
// If the FDK-AAC decoder is available, promote it and downrank the
// libav AAC decoders, due to their broken LC support, as reported in:
// https://ffmpeg.org/pipermail/ffmpeg-devel/2019-July/247063.html
-GRefPtr aacDecoder = adoptGRef(gst_element_factory_make("fdkaacdec", nullptr));
+GRefPtr aacDecoder = gst_element_factory_make("fdkaacdec", nullptr);
if (aacDecoder) {
GstElementFactory* factory = gst_element_get_factory(aacDecoder.get());
gst_plugin_feature_set_rank(GST_PLUGIN_FEATURE_CAST(factory), GST_RANK_PRIMARY);
@@ -264,7 +264,7 @@
const char* const elementNames[] = {"avdec_aac", "avdec_aac_fixed", "avdec_aac_latm"};
for (unsigned i = 0; i < G_N_ELEMENTS(elementNames); i++) {
-GRefPtr avAACDecoder = adoptGRef(gst_element_factory_make(elementNames[i], nullptr));
+GRefPtr avAACDecoder = gst_element_factory_make(elementNames[i], nullptr);
if (avAACDecoder)
gst_plugin_feature_set_rank(GST_PLUGIN_FEATURE_CAST(gst_element_get_factory(avAACDecoder.get())), GST_RANK_MARGINAL);
}
___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250216] trunk
Title: [250216] trunk Revision 250216 Author commit-qu...@webkit.org Date 2019-09-23 01:49:11 -0700 (Mon, 23 Sep 2019) Log Message Sync operator dictionary https://bugs.webkit.org/show_bug.cgi?id=201974 Patch by Rob Buis on 2019-09-23 Reviewed by Frédéric Wang. LayoutTests/imported/w3c: Update improved test results. * web-platform-tests/mathml/presentation-markup/operators/operator-dictionary-001-expected.txt: Source/WebCore: Sync with operator dictionary list from https://mathml-refresh.github.io/mathml-core/#operator-dictionary Test: imported/w3c/web-platform-tests/mathml/presentation-markup/operators/operator-dictionary-001.html * mathml/MathMLOperatorDictionary.cpp: LayoutTests: * platform/ios-wk2/imported/w3c/web-platform-tests/mathml/relations/css-styling/ignored-properties-001-expected.txt: Added. * platform/win/TestExpectations: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/imported/w3c/ChangeLog trunk/LayoutTests/imported/w3c/web-platform-tests/mathml/presentation-markup/operators/operator-dictionary-001-expected.txt trunk/LayoutTests/platform/win/TestExpectations trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/mathml/MathMLOperatorDictionary.cpp Added Paths trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/mathml/ trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/mathml/relations/ trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/mathml/relations/css-styling/ trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/mathml/relations/css-styling/ignored-properties-001-expected.txt Removed Paths trunk/LayoutTests/platform/gtk/imported/w3c/web-platform-tests/mathml/presentation-markup/operators/operator-dictionary-001-expected.txt Diff Modified: trunk/LayoutTests/ChangeLog (250215 => 250216) --- trunk/LayoutTests/ChangeLog 2019-09-23 08:46:46 UTC (rev 250215) +++ trunk/LayoutTests/ChangeLog 2019-09-23 08:49:11 UTC (rev 250216) @@ -1,3 +1,13 @@ +2019-09-23 Rob Buis + +Sync operator dictionary +https://bugs.webkit.org/show_bug.cgi?id=201974 + +Reviewed by Frédéric Wang. + +* platform/ios-wk2/imported/w3c/web-platform-tests/mathml/relations/css-styling/ignored-properties-001-expected.txt: Added. +* platform/win/TestExpectations: + 2019-09-21 Antoine Quint [Pointer Events] touch-action set to pan-x or pan-y alone should disable scrolling altogether if the intial gesture is in the disallowed direction Modified: trunk/LayoutTests/imported/w3c/ChangeLog (250215 => 250216) --- trunk/LayoutTests/imported/w3c/ChangeLog 2019-09-23 08:46:46 UTC (rev 250215) +++ trunk/LayoutTests/imported/w3c/ChangeLog 2019-09-23 08:49:11 UTC (rev 250216) @@ -1,3 +1,14 @@ +2019-09-23 Rob Buis + +Sync operator dictionary +https://bugs.webkit.org/show_bug.cgi?id=201974 + +Reviewed by Frédéric Wang. + +Update improved test results. + +* web-platform-tests/mathml/presentation-markup/operators/operator-dictionary-001-expected.txt: + 2019-09-20 Alex Christensen [resource-timing] Report performance entries with all HTTP status codes Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/mathml/presentation-markup/operators/operator-dictionary-001-expected.txt (250215 => 250216) --- trunk/LayoutTests/imported/w3c/web-platform-tests/mathml/presentation-markup/operators/operator-dictionary-001-expected.txt 2019-09-23 08:46:46 UTC (rev 250215) +++ trunk/LayoutTests/imported/w3c/web-platform-tests/mathml/presentation-markup/operators/operator-dictionary-001-expected.txt 2019-09-23 08:49:11 UTC (rev 250216) @@ -4,19 +4,19 @@ PASS Operator dictionary chunk 1 - largeop PASS Operator dictionary chunk 1 - stretchy PASS Operator dictionary chunk 1 - symmetric -FAIL Operator dictionary chunk 1 - accent assert_approx_equals: Accent property for " postfix should be 'true' expected 22.421875 +/- 1 but got 7.5 +PASS Operator dictionary chunk 1 - accent PASS Operator dictionary chunk 2 - lspace/rspace PASS Operator dictionary chunk 2 - movablelimits PASS Operator dictionary chunk 2 - largeop PASS Operator dictionary chunk 2 - stretchy PASS Operator dictionary chunk 2 - symmetric -FAIL Operator dictionary chunk 2 - accent assert_approx_equals: Accent property for ª postfix should be 'true' expected 22.421875 +/- 1 but got 7.5 +PASS Operator dictionary chunk 2 - accent PASS Operator dictionary chunk 3 - lspace/rspace PASS Operator dictionary chunk 3 - movablelimits PASS Operator dictionary chunk 3 - largeop PASS Operator dictionary chunk 3 - stretchy PASS Operator dictionary chunk 3 - symmetric -FAIL Operator dictionary chunk 3 - accent assert_approx_equals: Accent property for ‛ postfix should be 'true' expected 22.421875 +/- 1 but got 7.5 +PASS Operator dictionary chunk 3 - accent PASS Operator dictionary chunk 4 - lspace/rspace PASS Operator dictionary chunk 4 - movablelimits PASS
[webkit-changes] [250217] trunk/Source/WebKit
Title: [250217] trunk/Source/WebKit
Revision 250217
Author mcatanz...@igalia.com
Date 2019-09-23 02:05:16 -0700 (Mon, 23 Sep 2019)
Log Message
[SOUP] Stop setting G_TLS_GNUTLS_PRIORITY
https://bugs.webkit.org/show_bug.cgi?id=172154
Reviewed by Carlos Garcia Campos.
Nowadays, I maintain glib-networking. WebKit doesn't need to override its defaults to be
secure anymore. By overriding glib-networking's default priority, WebKit is force-reenabling
TLS 1.0 and TLS 1.1 even when glib-networking has disabled them.
* NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:
(main):
* WebProcess/EntryPoint/unix/WebProcessMain.cpp:
(main):
Modified Paths
trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp
trunk/Source/WebKit/WebProcess/EntryPoint/unix/WebProcessMain.cpp
Diff
Modified: trunk/Source/WebKit/ChangeLog (250216 => 250217)
--- trunk/Source/WebKit/ChangeLog 2019-09-23 08:49:11 UTC (rev 250216)
+++ trunk/Source/WebKit/ChangeLog 2019-09-23 09:05:16 UTC (rev 250217)
@@ -1,3 +1,19 @@
+2019-09-23 Michael Catanzaro
+
+[SOUP] Stop setting G_TLS_GNUTLS_PRIORITY
+https://bugs.webkit.org/show_bug.cgi?id=172154
+
+Reviewed by Carlos Garcia Campos.
+
+Nowadays, I maintain glib-networking. WebKit doesn't need to override its defaults to be
+secure anymore. By overriding glib-networking's default priority, WebKit is force-reenabling
+TLS 1.0 and TLS 1.1 even when glib-networking has disabled them.
+
+* NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:
+(main):
+* WebProcess/EntryPoint/unix/WebProcessMain.cpp:
+(main):
+
2019-09-21 Dan Bernstein
Fix an assertion failure introduced in r250186.
Modified: trunk/Source/WebKit/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp (250216 => 250217)
--- trunk/Source/WebKit/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp 2019-09-23 08:49:11 UTC (rev 250216)
+++ trunk/Source/WebKit/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp 2019-09-23 09:05:16 UTC (rev 250217)
@@ -35,16 +35,6 @@
int main(int argc, char** argv)
{
-// Disable SSLv3 very early because it is practically impossible to safely
-// use setenv() when multiple threads are running, as another thread calling
-// getenv() could cause a crash, and many functions use getenv() internally.
-// This workaround will stop working if glib-networking switches away from
-// GnuTLS or simply stops parsing this variable. We intentionally do not
-// overwrite this priority string if it's already set by the user.
-// https://bugzilla.gnome.org/show_bug.cgi?id=738633
-// WARNING: This needs to be KEPT IN SYNC with WebProcessMain.cpp.
-setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0:!ARCFOUR-128", 0);
-
#if USE(GCRYPT)
PAL::GCrypt::initialize();
#endif
Modified: trunk/Source/WebKit/WebProcess/EntryPoint/unix/WebProcessMain.cpp (250216 => 250217)
--- trunk/Source/WebKit/WebProcess/EntryPoint/unix/WebProcessMain.cpp 2019-09-23 08:49:11 UTC (rev 250216)
+++ trunk/Source/WebKit/WebProcess/EntryPoint/unix/WebProcessMain.cpp 2019-09-23 09:05:16 UTC (rev 250217)
@@ -35,16 +35,6 @@
int main(int argc, char** argv)
{
-// Disable SSLv3 very early because it is practically impossible to safely
-// use setenv() when multiple threads are running, as another thread calling
-// getenv() could cause a crash, and many functions use getenv() internally.
-// This workaround will stop working if glib-networking switches away from
-// GnuTLS or simply stops parsing this variable. We intentionally do not
-// overwrite this priority string if it's already set by the user.
-// https://bugzilla.gnome.org/show_bug.cgi?id=738633
-// WARNING: This needs to be KEPT IN SYNC with WebProcessMain.cpp.
-setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0:!ARCFOUR-128", 0);
-
#if USE(GCRYPT)
PAL::GCrypt::initialize();
#endif
___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250221] releases/WebKitGTK/webkit-2.26
Title: [250221] releases/WebKitGTK/webkit-2.26
Revision 250221
Author carlo...@webkit.org
Date 2019-09-23 03:14:29 -0700 (Mon, 23 Sep 2019)
Log Message
Merge r249777 - JSC crashes due to stack overflow while building RegExp
https://bugs.webkit.org/show_bug.cgi?id=201649
Reviewed by Yusuke Suzuki.
JSTests:
New regression test.
* stress/regexp-bol-optimize-out-of-stack.js: Added.
(test):
(catch):
Source/_javascript_Core:
Check for running out of stack when we are optimizing RegExp containing BOL terms or
other deep copying of disjunctions.
* yarr/YarrPattern.cpp:
(JSC::Yarr::YarrPatternConstructor::copyDisjunction):
(JSC::Yarr::YarrPatternConstructor::copyTerm):
(JSC::Yarr::YarrPatternConstructor::error):
(JSC::Yarr::YarrPattern::compile):
Modified Paths
releases/WebKitGTK/webkit-2.26/JSTests/ChangeLog
releases/WebKitGTK/webkit-2.26/Source/_javascript_Core/ChangeLog
releases/WebKitGTK/webkit-2.26/Source/_javascript_Core/yarr/YarrPattern.cpp
Added Paths
releases/WebKitGTK/webkit-2.26/JSTests/stress/regexp-bol-optimize-out-of-stack.js
Diff
Modified: releases/WebKitGTK/webkit-2.26/JSTests/ChangeLog (250220 => 250221)
--- releases/WebKitGTK/webkit-2.26/JSTests/ChangeLog 2019-09-23 10:14:26 UTC (rev 250220)
+++ releases/WebKitGTK/webkit-2.26/JSTests/ChangeLog 2019-09-23 10:14:29 UTC (rev 250221)
@@ -1,3 +1,16 @@
+2019-09-10 Michael Saboff
+
+JSC crashes due to stack overflow while building RegExp
+https://bugs.webkit.org/show_bug.cgi?id=201649
+
+Reviewed by Yusuke Suzuki.
+
+New regression test.
+
+* stress/regexp-bol-optimize-out-of-stack.js: Added.
+(test):
+(catch):
+
2019-08-30 Yusuke Suzuki
[JSC] Generate new.target register only when it is used
Added: releases/WebKitGTK/webkit-2.26/JSTests/stress/regexp-bol-optimize-out-of-stack.js (0 => 250221)
--- releases/WebKitGTK/webkit-2.26/JSTests/stress/regexp-bol-optimize-out-of-stack.js (rev 0)
+++ releases/WebKitGTK/webkit-2.26/JSTests/stress/regexp-bol-optimize-out-of-stack.js 2019-09-23 10:14:29 UTC (rev 250221)
@@ -0,0 +1,16 @@
+// This test that the beginning of line (bol) optimization throws when we run out of stack space.
+
+let expectedException = "SyntaxError: Invalid regular _expression_: regular _expression_ too large";
+
+function test()
+{
+let source = Array(5).join("(") + /(?:^|:|,)(?:\s*\[)+/g.toString() + Array(5).join(")");
+RegExp(source);
+}
+
+try {
+test();
+} catch(e) {
+if (e != expectedException)
+ throw "Expected \"" + expectedException + "\" exception, but got \"" + e + "\"";
+}
Modified: releases/WebKitGTK/webkit-2.26/Source/_javascript_Core/ChangeLog (250220 => 250221)
--- releases/WebKitGTK/webkit-2.26/Source/_javascript_Core/ChangeLog 2019-09-23 10:14:26 UTC (rev 250220)
+++ releases/WebKitGTK/webkit-2.26/Source/_javascript_Core/ChangeLog 2019-09-23 10:14:29 UTC (rev 250221)
@@ -1,3 +1,19 @@
+2019-09-11 Michael Saboff
+
+JSC crashes due to stack overflow while building RegExp
+https://bugs.webkit.org/show_bug.cgi?id=201649
+
+Reviewed by Yusuke Suzuki.
+
+Check for running out of stack when we are optimizing RegExp containing BOL terms or
+other deep copying of disjunctions.
+
+* yarr/YarrPattern.cpp:
+(JSC::Yarr::YarrPatternConstructor::copyDisjunction):
+(JSC::Yarr::YarrPatternConstructor::copyTerm):
+(JSC::Yarr::YarrPatternConstructor::error):
+(JSC::Yarr::YarrPattern::compile):
+
2019-09-03 Devin Rousso
REGRESSION (r249078): Flaky crash in com.apple._javascript_Core: Inspector::InjectedScriptModule::ensureInjected
Modified: releases/WebKitGTK/webkit-2.26/Source/_javascript_Core/yarr/YarrPattern.cpp (250220 => 250221)
--- releases/WebKitGTK/webkit-2.26/Source/_javascript_Core/yarr/YarrPattern.cpp 2019-09-23 10:14:26 UTC (rev 250220)
+++ releases/WebKitGTK/webkit-2.26/Source/_javascript_Core/yarr/YarrPattern.cpp 2019-09-23 10:14:29 UTC (rev 250221)
@@ -702,6 +702,11 @@
// skip alternatives with m_startsWithBOL set true.
PatternDisjunction* copyDisjunction(PatternDisjunction* disjunction, bool filterStartsWithBOL = false)
{
+if (UNLIKELY(!isSafeToRecurse())) {
+m_error = ErrorCode::PatternTooLarge;
+return 0;
+}
+
std::unique_ptr newDisjunction;
for (unsigned alt = 0; alt < disjunction->m_alternatives.size(); ++alt) {
PatternAlternative* alternative = disjunction->m_alternatives[alt].get();
@@ -717,6 +722,11 @@
}
}
+if (hasError(error())) {
+newDisjunction = 0;
+return 0;
+}
+
if (!newDisjunction)
return 0;
@@ -727,6 +737,11 @@
PatternTerm copyTerm(PatternTerm& term, bool filterStartsWithBOL = false)
{
+if (UNLIKELY(!isSafeToRecurse())) {
+m_error = ErrorCode:
[webkit-changes] [250220] releases/WebKitGTK/webkit-2.26/Source/WebCore
Title: [250220] releases/WebKitGTK/webkit-2.26/Source/WebCore
Revision 250220
Author carlo...@webkit.org
Date 2019-09-23 03:14:26 -0700 (Mon, 23 Sep 2019)
Log Message
Merge r249762 - Prevent reentrancy FrameLoader::dispatchUnloadEvents()
https://bugs.webkit.org/show_bug.cgi?id=200738
Reviewed by Brady Eidson.
Reentrancy causes m_pageDismissalEventBeingDispatched to be incorrectly
updated, so don't allow reentrancy.
Since this prevents m_pageDismissalEventBeingDispatched from being reset
inside a reentrant call, it can have the unintended effect of causing
FrameLoader::stopAllLoaders to early-out when called from
FrameLoader::detachFromParent while a frame's unload event handler
calls document.open() on a parent frame and causes itself to become
detached. Allowing a load to continue in a detached frame will lead to
a crash. To prevent this, add a new argument to FrameLoader::stopAllLoaders
that FrameLoader::detachFromParent can use to prevent an early-out.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::stopAllLoaders):
(WebCore::FrameLoader::detachFromParent):
(WebCore::FrameLoader::dispatchUnloadEvents):
(WebCore::FrameLoader::dispatchBeforeUnloadEvent):
Ensure that m_pageDismissalEventBeingDispatched is reset to its previous value, even if this is not None.
* loader/FrameLoader.h:
* loader/FrameLoaderTypes.h:
Add a StopLoadingPolicy enum.
Modified Paths
releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.26/Source/WebCore/loader/FrameLoader.cpp
releases/WebKitGTK/webkit-2.26/Source/WebCore/loader/FrameLoader.h
releases/WebKitGTK/webkit-2.26/Source/WebCore/loader/FrameLoaderTypes.h
Diff
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250219 => 250220)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 10:14:22 UTC (rev 250219)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 10:14:26 UTC (rev 250220)
@@ -1,3 +1,32 @@
+2019-09-11 Ali Juma
+
+Prevent reentrancy FrameLoader::dispatchUnloadEvents()
+https://bugs.webkit.org/show_bug.cgi?id=200738
+
+Reviewed by Brady Eidson.
+
+Reentrancy causes m_pageDismissalEventBeingDispatched to be incorrectly
+updated, so don't allow reentrancy.
+
+Since this prevents m_pageDismissalEventBeingDispatched from being reset
+inside a reentrant call, it can have the unintended effect of causing
+FrameLoader::stopAllLoaders to early-out when called from
+FrameLoader::detachFromParent while a frame's unload event handler
+calls document.open() on a parent frame and causes itself to become
+detached. Allowing a load to continue in a detached frame will lead to
+a crash. To prevent this, add a new argument to FrameLoader::stopAllLoaders
+that FrameLoader::detachFromParent can use to prevent an early-out.
+
+* loader/FrameLoader.cpp:
+(WebCore::FrameLoader::stopAllLoaders):
+(WebCore::FrameLoader::detachFromParent):
+(WebCore::FrameLoader::dispatchUnloadEvents):
+(WebCore::FrameLoader::dispatchBeforeUnloadEvent):
+Ensure that m_pageDismissalEventBeingDispatched is reset to its previous value, even if this is not None.
+* loader/FrameLoader.h:
+* loader/FrameLoaderTypes.h:
+Add a StopLoadingPolicy enum.
+
2019-09-03 Devin Rousso
REGRESSION (r249078): Flaky crash in com.apple._javascript_Core: Inspector::InjectedScriptModule::ensureInjected
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/loader/FrameLoader.cpp (250219 => 250220)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/loader/FrameLoader.cpp 2019-09-23 10:14:22 UTC (rev 250219)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/loader/FrameLoader.cpp 2019-09-23 10:14:26 UTC (rev 250220)
@@ -1808,12 +1808,12 @@
loadWithDocumentLoader(loader.ptr(), frameLoadTypeForReloadOptions(options), { }, AllowNavigationToInvalidURL::Yes, ShouldTreatAsContinuingLoad::No);
}
-void FrameLoader::stopAllLoaders(ClearProvisionalItemPolicy clearProvisionalItemPolicy)
+void FrameLoader::stopAllLoaders(ClearProvisionalItemPolicy clearProvisionalItemPolicy, StopLoadingPolicy stopLoadingPolicy)
{
if (m_frame.document() && m_frame.document()->pageCacheState() == Document::InPageCache)
return;
-if (!isStopLoadingAllowed())
+if (stopLoadingPolicy == StopLoadingPolicy::PreventDuringUnloadEvents && !isStopLoadingAllowed())
return;
// If this method is called from within this method, infinite recursion can occur (3442218). Avoid this.
@@ -2822,7 +2822,7 @@
// stopAllLoaders() needs to be called after detachChildren() if the document is not in the page cache,
// because detachedChildren() will trigger the unload event handlers of any child frames, and those event
// handlers might start a new subresource load in this frame.
-stopAllLoaders();
+stopAll
[webkit-changes] [250222] releases/WebKitGTK/webkit-2.26/Source/WebCore
Title: [250222] releases/WebKitGTK/webkit-2.26/Source/WebCore
Revision 250222
Author carlo...@webkit.org
Date 2019-09-23 03:14:32 -0700 (Mon, 23 Sep 2019)
Log Message
Merge r249854 - Crash under WebCore::firstPositionInNode()
https://bugs.webkit.org/show_bug.cgi?id=201764
Reviewed by Wenson Hsieh and Geoff Garen.
Make sure to keep a Ref<> to the textNode when we call insertNodeAtTabSpanPosition()
or insertNodeAt().
Test: editing/firstPositionInNode-crash.html
* editing/InsertTextCommand.cpp:
(WebCore::InsertTextCommand::positionInsideTextNode):
Modified Paths
releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.26/Source/WebCore/editing/InsertTextCommand.cpp
Diff
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250221 => 250222)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 10:14:29 UTC (rev 250221)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 10:14:32 UTC (rev 250222)
@@ -1,3 +1,19 @@
+2019-09-13 Chris Dumez
+
+Crash under WebCore::firstPositionInNode()
+https://bugs.webkit.org/show_bug.cgi?id=201764
+
+
+Reviewed by Wenson Hsieh and Geoff Garen.
+
+Make sure to keep a Ref<> to the textNode when we call insertNodeAtTabSpanPosition()
+or insertNodeAt().
+
+Test: editing/firstPositionInNode-crash.html
+
+* editing/InsertTextCommand.cpp:
+(WebCore::InsertTextCommand::positionInsideTextNode):
+
2019-09-11 Ali Juma
Prevent reentrancy FrameLoader::dispatchUnloadEvents()
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/editing/InsertTextCommand.cpp (250221 => 250222)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/editing/InsertTextCommand.cpp 2019-09-23 10:14:29 UTC (rev 250221)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/editing/InsertTextCommand.cpp 2019-09-23 10:14:32 UTC (rev 250222)
@@ -59,9 +59,8 @@
Position pos = p;
if (isTabSpanTextNode(pos.anchorNode())) {
auto textNode = document().createEditingTextNode(emptyString());
-auto* textNodePtr = textNode.ptr();
-insertNodeAtTabSpanPosition(WTFMove(textNode), pos);
-return firstPositionInNode(textNodePtr);
+insertNodeAtTabSpanPosition(textNode.copyRef(), pos);
+return firstPositionInNode(textNode.ptr());
}
// Prepare for text input by looking at the specified position.
@@ -68,9 +67,8 @@
// It may be necessary to insert a text node to receive characters.
if (!pos.containerNode()->isTextNode()) {
auto textNode = document().createEditingTextNode(emptyString());
-auto* textNodePtr = textNode.ptr();
-insertNodeAt(WTFMove(textNode), pos);
-return firstPositionInNode(textNodePtr);
+insertNodeAt(textNode.copyRef(), pos);
+return firstPositionInNode(textNode.ptr());
}
return pos;
___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [250218] releases/WebKitGTK/webkit-2.26
Title: [250218] releases/WebKitGTK/webkit-2.26 Revision 250218 Author carlo...@webkit.org Date 2019-09-23 03:14:16 -0700 (Mon, 23 Sep 2019) Log Message Merge r249594 - REGRESSION (r249367): m_decodingPromises grows indefinitely until ImageLoader destruction https://bugs.webkit.org/show_bug.cgi?id=201402 Patch by Said Abou-Hallawa on 2019-09-06 Reviewed by Youenn Fablet and Daniel Bates. Source/WebCore: Add the static functions resolvePromises() and rejectPromises(). These functions take an lvalue reference to a Vector of promises. Inside them, the lvalue reference argument are exchanged with an empty Vector of promises then the promises are processed. This clears m_decodingPromises and fixes the leak. Add an internal API which returns the count of the pending promises of an HTMLImageElement. This internal API will be used in the attached test. Test: fast/images/decode-resolve-reject-no-leak.html * html/HTMLImageElement.h: (WebCore::HTMLImageElement::pendingDecodePromisesCountForTesting const): * loader/ImageLoader.cpp: (WebCore::resolvePromises): ImageLoader::decode() calls BitmapImage::decode() and moves m_decodingPromises in capture. When decoding finishes, this function is called to resolve the promises. But ImageLoader might get deleted before the image decoding finishes. So this function has to be static. (WebCore::rejectPromises): (WebCore::ImageLoader::resolveDecodePromises): (WebCore::ImageLoader::rejectDecodePromises): (WebCore::ImageLoader::notifyFinished): (WebCore::ImageLoader::decode): (WebCore::resolveDecodePromises): Deleted. (WebCore::rejectDecodePromises): Deleted. * loader/ImageLoader.h: (WebCore::ImageLoader::pendingDecodePromisesCountForTesting const): * testing/Internals.cpp: (WebCore::Internals::imagePendingDecodePromisesCountForTesting): * testing/Internals.h: * testing/Internals.idl: LayoutTests: * fast/images/decode-resolve-reject-no-leak-expected.txt: Added. * fast/images/decode-resolve-reject-no-leak.html: Added. Modified Paths releases/WebKitGTK/webkit-2.26/LayoutTests/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog releases/WebKitGTK/webkit-2.26/Source/WebCore/html/HTMLImageElement.h releases/WebKitGTK/webkit-2.26/Source/WebCore/loader/ImageLoader.cpp releases/WebKitGTK/webkit-2.26/Source/WebCore/loader/ImageLoader.h releases/WebKitGTK/webkit-2.26/Source/WebCore/testing/Internals.cpp releases/WebKitGTK/webkit-2.26/Source/WebCore/testing/Internals.h releases/WebKitGTK/webkit-2.26/Source/WebCore/testing/Internals.idl Added Paths releases/WebKitGTK/webkit-2.26/LayoutTests/fast/images/decode-resolve-reject-no-leak-expected.txt releases/WebKitGTK/webkit-2.26/LayoutTests/fast/images/decode-resolve-reject-no-leak.html Diff Modified: releases/WebKitGTK/webkit-2.26/LayoutTests/ChangeLog (250217 => 250218) --- releases/WebKitGTK/webkit-2.26/LayoutTests/ChangeLog 2019-09-23 09:05:16 UTC (rev 250217) +++ releases/WebKitGTK/webkit-2.26/LayoutTests/ChangeLog 2019-09-23 10:14:16 UTC (rev 250218) @@ -1,3 +1,13 @@ +2019-09-06 Said Abou-Hallawa + +REGRESSION (r249367): m_decodingPromises grows indefinitely until ImageLoader destruction +https://bugs.webkit.org/show_bug.cgi?id=201402 + +Reviewed by Youenn Fablet and Daniel Bates. + +* fast/images/decode-resolve-reject-no-leak-expected.txt: Added. +* fast/images/decode-resolve-reject-no-leak.html: Added. + 2019-09-01 Said Abou-Hallawa HTMLImageElement::decode() should return a resolved promise for decoding non bitmap images Added: releases/WebKitGTK/webkit-2.26/LayoutTests/fast/images/decode-resolve-reject-no-leak-expected.txt (0 => 250218) --- releases/WebKitGTK/webkit-2.26/LayoutTests/fast/images/decode-resolve-reject-no-leak-expected.txt (rev 0) +++ releases/WebKitGTK/webkit-2.26/LayoutTests/fast/images/decode-resolve-reject-no-leak-expected.txt 2019-09-23 10:14:16 UTC (rev 250218) @@ -0,0 +1,15 @@ +Test HTMLImageElement::decode() does not leak the pending promises after resolving or rejecting them. + +On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". + + +Decoding a bitmap image - promises will be resolved: +PASS internals.imagePendingDecodePromisesCountForTesting(image) is 0 +Decoding a SVG image - promises will be resolved: +PASS internals.imagePendingDecodePromisesCountForTesting(image) is 0 +Decoding a broken image - promises will be rejected: +PASS internals.imagePendingDecodePromisesCountForTesting(image) is 0 +PASS successfullyParsed is true + +TEST COMPLETE + Added: releases/WebKitGTK/webkit-2.26/LayoutTests/fast/images/decode-resolve-reject-no-leak.html (0 => 250218) --- releases/WebKitGTK/webkit-2.26/LayoutTests/fast/images/decode-resolve-reject-no-leak.html (rev 0) +++ releases/WebKitGTK/webkit-2.26/LayoutTests/fast/images/decode-resolve-reject-no-leak.html 2019-09-23 10:14:16 UTC (rev 250218) @@ -0,0 +1,74 @@ + + +