Branch: refs/heads/webkitglib/2.50
Home: https://github.com/WebKit/WebKit
Commit: 140e91848dcfab122440df517fe78bccf140c9e0
https://github.com/WebKit/WebKit/commit/140e91848dcfab122440df517fe78bccf140c9e0
Author: Daniel Liu <danl...@umich.edu>
Date: 2025-08-31 (Sun, 31 Aug 2025)
Changed paths:
M JSTests/stress/regexp-duplicate-named-captures.js
M Source/JavaScriptCore/yarr/YarrPattern.cpp
Log Message:
-----------
Cherry-pick 298728@main (28203b3714e5).
https://bugs.webkit.org/show_bug.cgi?id=294681
Removing zero-quantified terms from m_forwardReferencesInLookbehind should
compare term
https://bugs.webkit.org/show_bug.cgi?id=294681
rdar://153521682
Reviewed by Yusuke Suzuki.
There are multiple paths which would allow us to put an element into
m_forwardReferencesInLookbehind; the previous condition checking for
forward references with a zero-repeat quantifier would sometimes get
out of sync with the elements being added, meaning that we would end
up with an incorrect vector state.
* Source/JavaScriptCore/yarr/YarrPattern.cpp:
(JSC::Yarr::YarrPatternConstructor::quantifyAtom):
* JSTests/stress/regexp-duplicate-named-captures.js:
Originally-landed-as: 289651.581@safari-7621-branch (b8b8e71e68fb).
rdar://157789441
Canonical link: https://commits.webkit.org/298728@main
Canonical link: https://commits.webkit.org/298234.98@webkitglib/2.50
Commit: 2074ec747216faffa96588489d7fae843288add8
https://github.com/WebKit/WebKit/commit/2074ec747216faffa96588489d7fae843288add8
Author: Dan Hecht <dan.he...@apple.com>
Date: 2025-08-31 (Sun, 31 Aug 2025)
Changed paths:
A JSTests/wasm/stress/lower-stack-args-huge-frame.js
M Source/JavaScriptCore/b3/air/AirLowerStackArgs.cpp
Log Message:
-----------
Cherry-pick 298446@main (98e442e1a20e).
https://bugs.webkit.org/show_bug.cgi?id=295317
[JSC] Fix lowerStackArgs handling of moves between spill slots and large
frames
https://bugs.webkit.org/show_bug.cgi?id=295317
rdar://154809096
Reviewed by Yusuke Suzuki, Keith Miller, and Mark Lam.
On ARM64, when a stack slot's offset from %fp/%sp cannot be
encoded directly in an instruction, lowerStackArgs uses %lr
to materialize the address. Most instructions on ARM have only
one memory operand, however the Air instruction:
Move (spillA), (spillB), scratchReg
has two stack operands and it's possible for neither to be
directly addressable. Since there is only one register available
to materialize, fix lowering of these stack slots by transforming
this instruction to:
Move (spillA), scratchReg
Move scratchReg, (spillB)
Then the spill slot addresses can be materialized using the single
register. Note that this is the same transformation that will eventually
be done by the MacroAssembler anyway and stack slot coalescing and
allocation has already occurred at this point.
Originally-landed-as: 289651.594@safari-7621-branch (254f4eefafe1).
rdar://157788802
Canonical link: https://commits.webkit.org/298446@main
Canonical link: https://commits.webkit.org/298234.99@webkitglib/2.50
Commit: 9db6df466869f7daa33e172dad9824e4e24dd49e
https://github.com/WebKit/WebKit/commit/9db6df466869f7daa33e172dad9824e4e24dd49e
Author: Jer Noble <jer.no...@apple.com>
Date: 2025-08-31 (Sun, 31 Aug 2025)
Changed paths:
M Source/WebCore/platform/audio/HRTFDatabaseLoader.cpp
Log Message:
-----------
Cherry-pick 298447@main (4637324afb31).
https://bugs.webkit.org/show_bug.cgi?id=295382
CRASH: HRTFDatabaseLoader::createAndLoadAsynchronouslyIfNecessary() crashes
in HRTFDatabaseLoader::ref()
https://bugs.webkit.org/show_bug.cgi?id=295382
rdar://153904348
Reviewed by Andy Estes and Chris Dumez.
Don't store raw pointers as a cache; that's what ThreadSafeWeakPtr is for.
* Source/WebCore/platform/audio/HRTFDatabaseLoader.cpp:
(WebCore::loaderMap):
(WebCore::HRTFDatabaseLoader::createAndLoadAsynchronouslyIfNecessary):
(): Deleted.
Originally-landed-as: 289651.596@safari-7621-branch (0de4de353f69).
rdar://157788821
Canonical link: https://commits.webkit.org/298447@main
Canonical link: https://commits.webkit.org/298234.100@webkitglib/2.50
Commit: 018f8f44135568ce4c670a8d3a2ccbae0d4bff62
https://github.com/WebKit/WebKit/commit/018f8f44135568ce4c670a8d3a2ccbae0d4bff62
Author: Rupin Mittal <ru...@apple.com>
Date: 2025-08-31 (Sun, 31 Aug 2025)
Changed paths:
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Tools/TestWebKitAPI/Tests/WebKitCocoa/Download.mm
M Tools/TestWebKitAPI/Tests/mac/LoadWebArchive.mm
Log Message:
-----------
Cherry-pick 298780@main (c6f4d9a1c061).
https://bugs.webkit.org/show_bug.cgi?id=295655
Navigation isRequestFromClientOrUserInput is incorrectly true for
window.open call with web archive
https://bugs.webkit.org/show_bug.cgi?id=295655
rdar://154084804
Reviewed by Youenn Fablet.
When a web archive is navigated to from a `window.open` call, it's not
client or user initiated--it's programmatically initiated from JavaScript.
But currently, the navigation is incorrectly being marked as client or
user initiated.
So when the request loads, and DocumentLoader checks if it's allowed to
load the web archive:
bool allowsWebArchiveForMainFrame() const { return
m_isRequestFromClientOrUserInput; }
it assumes that it can, and it wrongly loads. We can verify that this
happens in MiniBrowser.
The issue is that WebPageProxy::loadRequest() always marks the navigation
as client or user initiated. Now this is fine in cases where the call to
WebPageProxy::loadRequest() comes from the client via the client making
an API call to WKWebView::loadRequest. But in this case, the client isn't
making an API call. Rather, WebPageProxy::loadRequest() is being called
by WebKit internally. `window.open` leads to WebPageProxy::createNewPage(),
which leads to WebPageProxy::loadRequest().
In this case, we want to tell WebPageProxy::loadRequest() that this is
not client or user initiated. This information is contained in the
`NavigationActionData navigationDataForNewProcess`. So we pass this on
from WebPageProxy::createNewPage() to WebPageProxy::loadRequest().
In all other cases, we keep the current behavior of the navigation being
marked as client or user initiated.
This is tested by a new API test.
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::loadRequest):
This will mark the navigation as client or user initiated based on the
new flag being passed in (isRequestFromClientOrUserInput). To ensure
existing behavior doesn't change for other cases, this is true by default.
(WebKit::WebPageProxy::createNewPage):
Since WebKit is internally calling loadRequest from here, we explicitly
pass in navigationDataForNewProcess->isRequestFromClientOrUserInput.
* Source/WebKit/UIProcess/WebPageProxy.h:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/Download.mm:
(TestWebKitAPI::OriginatingFrameWhenConvertingNavigationInNewWindow)):
The first navigation in this test comes from "a.href" (programmatically
initiated by Javascript). On this call, WebKit is internally calling
WebPageProxy::loadRequest. Before this patch here, this was being marked
as client or user input.
In the fix for https://bugs.webkit.org/show_bug.cgi?id=293994, we changed
WebPageProxy::receivedNavigationResponsePolicyDecision such that if the
navigation was from a client or user input, then the information about the
originating frame would be set to empty. At that time, this first navigation
was going down that code path, so we had to alter the test accordingly.
Now, with this patch, that navigation is correctly being marked as NOT
client or user input. So it's no longer going down the code path introduced
in that previous patch, and we can now remove those changes to the test.
* Tools/TestWebKitAPI/Tests/mac/LoadWebArchive.mm:
(TestWebKitAPI::TEST(LoadWebArchive,
FailNavigationFromNonClientOrUserInitiatedWindowOpen)):
New API test.
Originally-landed-as: 289651.603@safari-7621-branch (52189fdc734f).
rdar://157788008
Canonical link: https://commits.webkit.org/298780@main
Canonical link: https://commits.webkit.org/298234.101@webkitglib/2.50
Commit: 2aef2b232ba3c85b4259f3ac44dc5788a76b3ac4
https://github.com/WebKit/WebKit/commit/2aef2b232ba3c85b4259f3ac44dc5788a76b3ac4
Author: David Kilzer <ddkil...@apple.com>
Date: 2025-08-31 (Sun, 31 Aug 2025)
Changed paths:
M
Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp9/encoder/vp9_encodeframe.c
M
Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp9/encoder/vp9_encoder.c
Log Message:
-----------
Cherry-pick 298450@main (38437b0094ee).
https://bugs.webkit.org/show_bug.cgi?id=295735
Incorrect memory allocation in vp9_create_compressor and
source_var_based_partition_search_method functions
<https://bugs.webkit.org/show_bug.cgi?id=295735>
<rdar://154433059>
Reviewed by Darin Adler.
*
Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp9/encoder/vp9_encodeframe.c:
(source_var_based_partition_search_method):
*
Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp9/encoder/vp9_encoder.c:
(vp9_create_compressor):
- Change sizeof() operator to use `struct Diff` instead of `Diff*`.
Originally-landed-as: 289651.604@safari-7621-branch (876b8705fe85).
rdar://157787764
Canonical link: https://commits.webkit.org/298450@main
Canonical link: https://commits.webkit.org/298234.102@webkitglib/2.50
Commit: f56029e41a403dc0c31128029e6726411d2ab089
https://github.com/WebKit/WebKit/commit/f56029e41a403dc0c31128029e6726411d2ab089
Author: Roberto Rodriguez <roberto_rodrigu...@apple.com>
Date: 2025-08-31 (Sun, 31 Aug 2025)
Changed paths:
M Source/ThirdParty/ANGLE/src/libANGLE/TransformFeedback.cpp
M Source/ThirdParty/ANGLE/src/libANGLE/TransformFeedback.h
Log Message:
-----------
Cherry-pick 0c5e0151c010. https://bugs.webkit.org/show_bug.cgi?id=295735
ANGLE: Recompute vertex capacity on transform feedback resume.
rdar://156053084
Reviewed by Jonathan Bedard.
Recompute the vertex capacity upon a transform feedback resume operation
in case an operation changed the underlying buffer between pause and
resume operations.
* Source/ThirdParty/ANGLE/src/libANGLE/TransformFeedback.cpp:
(gl::TransformFeedback::resume):
Canonical link: https://commits.webkit.org/289651.608@safari-7621-branch
Canonical link:
https://commits.webkit.org/289651.611@safari-7621.3.11.11-branch
Canonical link: https://commits.webkit.org/298234.103@webkitglib/2.50
Commit: 4d1ef62a99eeaa068ebba5567044330f233c397a
https://github.com/WebKit/WebKit/commit/4d1ef62a99eeaa068ebba5567044330f233c397a
Author: Diego Pino Garcia <dp...@igalia.com>
Date: 2025-09-01 (Mon, 01 Sep 2025)
Changed paths:
M LayoutTests/platform/glib/TestExpectations
M
LayoutTests/platform/glib/svg/custom/glyph-transformation-with-hkern-expected.txt
M
LayoutTests/platform/glib/svg/custom/svg-fonts-without-missing-glyph-expected.txt
M LayoutTests/platform/glib/svg/foreignObject/text-tref-02-b-expected.txt
M
LayoutTests/platform/glib/svg/text/text-overflow-ellipsis-svgfont-expected.txt
R
LayoutTests/platform/glib/svg/text/text-overflow-ellipsis-svgfont-kerning-ligatures-expected.txt
M LayoutTests/platform/gtk/svg/W3C-SVG-1.1-SE/paths-dom-02-f-expected.txt
M LayoutTests/platform/gtk/svg/W3C-SVG-1.1-SE/types-dom-04-b-expected.txt
M LayoutTests/platform/gtk/svg/W3C-SVG-1.1/filters-light-04-f-expected.txt
M LayoutTests/platform/gtk/svg/W3C-SVG-1.1/filters-turb-02-f-expected.txt
M LayoutTests/platform/gtk/svg/W3C-SVG-1.1/fonts-elem-03-b-expected.txt
M LayoutTests/platform/gtk/svg/W3C-SVG-1.1/fonts-elem-04-b-expected.txt
M LayoutTests/platform/gtk/svg/W3C-SVG-1.1/fonts-elem-07-b-expected.txt
M LayoutTests/platform/gtk/svg/W3C-SVG-1.1/text-intro-01-t-expected.txt
M LayoutTests/platform/gtk/svg/W3C-SVG-1.1/text-intro-02-b-expected.txt
M LayoutTests/platform/gtk/svg/W3C-SVG-1.1/text-intro-03-b-expected.txt
M LayoutTests/platform/gtk/svg/W3C-SVG-1.1/text-intro-04-t-expected.txt
M LayoutTests/platform/win/TestExpectations
M LayoutTests/platform/wpe/TestExpectations
M LayoutTests/platform/wpe/svg/W3C-SVG-1.1-SE/paths-dom-02-f-expected.txt
M LayoutTests/platform/wpe/svg/W3C-SVG-1.1-SE/types-dom-04-b-expected.txt
M LayoutTests/platform/wpe/svg/W3C-SVG-1.1/filters-light-04-f-expected.txt
M LayoutTests/platform/wpe/svg/W3C-SVG-1.1/filters-turb-02-f-expected.txt
M LayoutTests/platform/wpe/svg/W3C-SVG-1.1/fonts-elem-03-b-expected.txt
M LayoutTests/platform/wpe/svg/W3C-SVG-1.1/fonts-elem-04-b-expected.txt
M LayoutTests/platform/wpe/svg/W3C-SVG-1.1/fonts-elem-07-b-expected.txt
M LayoutTests/platform/wpe/svg/W3C-SVG-1.1/text-intro-01-t-expected.txt
M LayoutTests/platform/wpe/svg/W3C-SVG-1.1/text-intro-02-b-expected.txt
M LayoutTests/platform/wpe/svg/W3C-SVG-1.1/text-intro-03-b-expected.txt
M LayoutTests/platform/wpe/svg/W3C-SVG-1.1/text-intro-04-t-expected.txt
M Source/WebCore/platform/graphics/skia/FontCustomPlatformDataSkia.cpp
Log Message:
-----------
Cherry-pick 299380@main (ab9b9abab22f).
https://bugs.webkit.org/show_bug.cgi?id=186086
[Skia] Implement font collection / fragment identifiers
https://bugs.webkit.org/show_bug.cgi?id=186086
Reviewed by Carlos Garcia Campos.
When loading a specific font from a font collection, iterate over all
the available fonts in the font collection until finding the desired
font.
* LayoutTests/platform/glib/TestExpectations:
*
LayoutTests/platform/glib/svg/custom/glyph-transformation-with-hkern-expected.txt:
*
LayoutTests/platform/glib/svg/custom/svg-fonts-without-missing-glyph-expected.txt:
* LayoutTests/platform/glib/svg/foreignObject/text-tref-02-b-expected.txt:
*
LayoutTests/platform/glib/svg/text/text-overflow-ellipsis-svgfont-expected.txt:
*
LayoutTests/platform/glib/svg/text/text-overflow-ellipsis-svgfont-kerning-ligatures-expected.txt:
Removed.
* LayoutTests/platform/gtk/svg/W3C-SVG-1.1-SE/paths-dom-02-f-expected.txt:
* LayoutTests/platform/gtk/svg/W3C-SVG-1.1-SE/types-dom-04-b-expected.txt:
* LayoutTests/platform/gtk/svg/W3C-SVG-1.1/filters-light-04-f-expected.txt:
* LayoutTests/platform/gtk/svg/W3C-SVG-1.1/filters-turb-02-f-expected.txt:
* LayoutTests/platform/gtk/svg/W3C-SVG-1.1/fonts-elem-03-b-expected.txt:
* LayoutTests/platform/gtk/svg/W3C-SVG-1.1/fonts-elem-04-b-expected.txt:
* LayoutTests/platform/gtk/svg/W3C-SVG-1.1/fonts-elem-07-b-expected.txt:
* LayoutTests/platform/gtk/svg/W3C-SVG-1.1/text-intro-01-t-expected.txt:
* LayoutTests/platform/gtk/svg/W3C-SVG-1.1/text-intro-02-b-expected.txt:
* LayoutTests/platform/gtk/svg/W3C-SVG-1.1/text-intro-03-b-expected.txt:
* LayoutTests/platform/gtk/svg/W3C-SVG-1.1/text-intro-04-t-expected.txt:
* LayoutTests/platform/win/TestExpectations:
* LayoutTests/platform/wpe/TestExpectations:
* LayoutTests/platform/wpe/svg/W3C-SVG-1.1-SE/paths-dom-02-f-expected.txt:
* LayoutTests/platform/wpe/svg/W3C-SVG-1.1-SE/types-dom-04-b-expected.txt:
* LayoutTests/platform/wpe/svg/W3C-SVG-1.1/filters-light-04-f-expected.txt:
* LayoutTests/platform/wpe/svg/W3C-SVG-1.1/filters-turb-02-f-expected.txt:
* LayoutTests/platform/wpe/svg/W3C-SVG-1.1/fonts-elem-03-b-expected.txt:
* LayoutTests/platform/wpe/svg/W3C-SVG-1.1/fonts-elem-04-b-expected.txt:
* LayoutTests/platform/wpe/svg/W3C-SVG-1.1/fonts-elem-07-b-expected.txt:
* LayoutTests/platform/wpe/svg/W3C-SVG-1.1/text-intro-01-t-expected.txt:
* LayoutTests/platform/wpe/svg/W3C-SVG-1.1/text-intro-02-b-expected.txt:
* LayoutTests/platform/wpe/svg/W3C-SVG-1.1/text-intro-03-b-expected.txt:
* LayoutTests/platform/wpe/svg/W3C-SVG-1.1/text-intro-04-t-expected.txt:
* Source/WebCore/platform/graphics/skia/FontCustomPlatformDataSkia.cpp:
(WebCore::FontCustomPlatformData::create):
Canonical link: https://commits.webkit.org/299380@main
Canonical link: https://commits.webkit.org/298234.104@webkitglib/2.50
Compare: https://github.com/WebKit/WebKit/compare/4841c5df791e...4d1ef62a99ee
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
