Branch: refs/heads/safari-7617.1.17.10-branch
Home: https://github.com/WebKit/WebKit
Commit: b248451465b40bd6f27a8429d769e822a346288d
https://github.com/WebKit/WebKit/commit/b248451465b40bd6f27a8429d769e822a346288d
Author: Dan Robson <[email protected]>
Date: 2023-11-08 (Wed, 08 Nov 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-617.1.17.10.1
Identifier: [email protected]
Commit: 602851f18f3a17d2ab57cc5e1760a78b23097f41
https://github.com/WebKit/WebKit/commit/602851f18f3a17d2ab57cc5e1760a78b23097f41
Author: Dan Robson <[email protected]>
Date: 2023-11-08 (Wed, 08 Nov 2023)
Changed paths:
A LayoutTests/storage/indexeddb/abort-index-rename-crash-expected.txt
A LayoutTests/storage/indexeddb/abort-index-rename-crash.html
M Source/WebCore/Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp
M Source/WebCore/Modules/indexeddb/server/MemoryIndex.cpp
M Source/WebCore/Modules/indexeddb/server/MemoryIndex.h
M Source/WebCore/Modules/indexeddb/server/MemoryIndexCursor.cpp
M Source/WebCore/Modules/indexeddb/server/MemoryObjectStore.h
Log Message:
-----------
Cherry-pick 64bcd93cbc55. rdar://117463447
jsc_fuz/wktr: heap-use-after-free in
WebCore::IDBServer::MemoryObjectStore::takeIndexByIdentifier(unsigned long
long) MemoryObjectStore.cpp:128.
https://bugs.webkit.org/show_bug.cgi?id=264180.
rdar://117463447.
Reviewed by Sihui Liu.
MemoryIndex now keeps WeakPtr to MemoryObjectStore 'm_objectStore' and
checks it's validity before using it. Also RefPtr conversion from WekPtr using
get() API as applicable.
* LayoutTests/storage/indexeddb/abort-index-rename-crash-expected.txt:
Added the test expected file.
* LayoutTests/storage/indexeddb/abort-index-rename-crash.html: Added the
test case.
*
Source/WebCore/Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:
Checks the validity of MemoryObjectStore pointer before using.
(WebCore::IDBServer::MemoryBackingStoreTransaction::objectStoreDeleted):
(WebCore::IDBServer::MemoryBackingStoreTransaction::indexRenamed):
(WebCore::IDBServer::MemoryBackingStoreTransaction::abort):
* Source/WebCore/Modules/indexeddb/server/MemoryIndex.cpp: Changed direct
reference to WeakPtr. Also used RefPtr conversion using get() API as applicable.
(WebCore::IDBServer::MemoryIndex::objectStoreCleared):
(WebCore::IDBServer::MemoryIndex::clearIndexValueStore):
(WebCore::IDBServer::MemoryIndex::replaceIndexValueStore):
(WebCore::IDBServer::MemoryIndex::getResultForKeyRange const):
(WebCore::IDBServer::MemoryIndex::getAllRecords const):
* Source/WebCore/Modules/indexeddb/server/MemoryIndex.h: Changed direct
reference to WeakPtr.
(WebCore::IDBServer::MemoryIndex::objectStore):
* Source/WebCore/Modules/indexeddb/server/MemoryIndexCursor.cpp: Used
RefPtr conversion using get() API for MemoryIndex based MemoryObjectStore
object.
(WebCore::IDBServer::MemoryIndexCursor::currentData):
* Source/WebCore/Modules/indexeddb/server/MemoryObjectStore.h:
Canonical link: https://commits.webkit.org/267815.545@safari-7617-branch
Identifier: [email protected]
Commit: 903331092e1eddd4262e9639eef2cfc9efb4728e
https://github.com/WebKit/WebKit/commit/903331092e1eddd4262e9639eef2cfc9efb4728e
Author: Dan Robson <[email protected]>
Date: 2023-11-08 (Wed, 08 Nov 2023)
Changed paths:
M LayoutTests/TestExpectations
A LayoutTests/fast/multicol/last-set-crash-expected.txt
A LayoutTests/fast/multicol/last-set-crash.html
M Source/WebCore/rendering/RenderMultiColumnFlow.cpp
M Source/WebCore/rendering/RenderMultiColumnFlow.h
Log Message:
-----------
Cherry-pick f524a15d0633. rdar://114559559
WTFCrashWithSecurityImplication in
WebCore::RenderFragmentedFlow::removeLineFragmentInfo()
https://bugs.webkit.org/show_bug.cgi?id=264327
rdar://114559559
Reviewed by Alan Baradlay.
* LayoutTests/TestExpectations:
Skip test on debug due to some assertion failures.
* LayoutTests/fast/multicol/last-set-crash-expected.txt: Added.
* LayoutTests/fast/multicol/last-set-crash.html: Added.
* Source/WebCore/rendering/RenderMultiColumnFlow.cpp:
(WebCore::RenderMultiColumnFlow::fragmentAtBlockOffset const):
Tree mutations may have made m_lastSetWorkedOn cache invalid by moving the
multicolumn set under a different multicolumn flow.
Check for this.
* Source/WebCore/rendering/RenderMultiColumnFlow.h:
Also make it use WeakPtr.
Canonical link: https://commits.webkit.org/267815.546@safari-7617-branch
Identifier: [email protected]
Commit: ab7d7847879976c829b02755b6167e3d59a2ed65
https://github.com/WebKit/WebKit/commit/ab7d7847879976c829b02755b6167e3d59a2ed65
Author: Dan Robson <[email protected]>
Date: 2023-11-08 (Wed, 08 Nov 2023)
Changed paths:
M Source/WebCore/platform/graphics/transforms/RotateTransformOperation.h
M Source/WebCore/platform/graphics/transforms/TransformOperation.h
M Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp
M Source/WebCore/platform/graphics/transforms/TransformationMatrix.h
Log Message:
-----------
Apply patch. rdar://117209302
Identifier: [email protected]
Commit: f9879312a34162275bc9ef0a6738342f96488fea
https://github.com/WebKit/WebKit/commit/f9879312a34162275bc9ef0a6738342f96488fea
Author: Dan Robson <[email protected]>
Date: 2023-11-08 (Wed, 08 Nov 2023)
Changed paths:
M LayoutTests/TestExpectations
R LayoutTests/fast/multicol/last-set-crash-expected.txt
R LayoutTests/fast/multicol/last-set-crash.html
M Source/WebCore/rendering/RenderMultiColumnFlow.cpp
M Source/WebCore/rendering/RenderMultiColumnFlow.h
Log Message:
-----------
Revert "Cherry-pick f524a15d0633. rdar://114559559"
This reverts commit 903331092e1eddd4262e9639eef2cfc9efb4728e.
Commit: 83def4d40a92e20937cdccf80904ac7048060312
https://github.com/WebKit/WebKit/commit/83def4d40a92e20937cdccf80904ac7048060312
Author: Dan Robson <[email protected]>
Date: 2023-11-08 (Wed, 08 Nov 2023)
Changed paths:
M Source/WebCore/page/ContextMenuController.cpp
M Source/WebCore/page/Page.cpp
M Source/WebCore/page/Page.h
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
Log Message:
-----------
Cherry-pick 38398649280b. rdar://117215059
AX: Sometimes unable to see play/pause animation context menu item when
setting is toggled
https://bugs.webkit.org/show_bug.cgi?id=263735
rdar://117215059
Reviewed by Tyler Wilcock.
When deciding whether to add the "Play/Pause all animations" or "Play/Pause
animation" context menu item, we had previously
used a softlink to reference _AXSReduceMotionAutoplayAnimatedImagesEnabled.
The issue with using this from the web content
process, however, is that distributed notifications are not permitted as
per the sandbox, so updates to this setting were
not reaching that process.
To resolve this, this patch now piggybacks onto our existing cross-process
update for the animation setting using the
AccessibilityPreferencesChanged notification and
WebPage::updateImageAnimationEnabled. A new flag,
m_systemAllowsAnimationControls,
now maintains the state of this setting, and allows the Page to have an
up-to-date view of the setting without relying on the
softlink.
* Source/WebCore/page/ContextMenuController.cpp:
(WebCore::ContextMenuController::populate):
* Source/WebCore/page/Page.cpp:
(WebCore::Page::setSystemAllowsAnimationControls):
* Source/WebCore/page/Page.h:
(WebCore::Page::systemAllowsAnimationControls const):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::updateImageAnimationEnabled):
Canonical link: https://commits.webkit.org/269878@main
Identifier: [email protected]
Commit: c15a4002b3306772ca624d4c610a6b1eb005cdee
https://github.com/WebKit/WebKit/commit/c15a4002b3306772ca624d4c610a6b1eb005cdee
Author: Dan Robson <[email protected]>
Date: 2023-11-08 (Wed, 08 Nov 2023)
Changed paths:
M Source/WebCore/platform/graphics/FontCascade.cpp
M Source/WebCore/platform/graphics/FontCascadeFonts.cpp
M Source/WebCore/platform/graphics/FontRanges.cpp
M Source/WebCore/platform/graphics/GlyphPage.h
Log Message:
-----------
Cherry-pick ef2295446d89. rdar://117905809
Use GlyphData.isValid() consistently for checking whether GlyphData is
valid.
https://bugs.webkit.org/show_bug.cgi?id=264130
rdar://117905809
Reviewed by Tim Nguyen.
Replace GlyphData validity checks using .glyph and .font directly with
.isValid().
Make .isValid() return false even if .glyph is non-zero and .font is null
(which should never happen) since a .font null check isn't expensive anyway.
* Source/WebCore/platform/graphics/FontCascade.cpp:
(WebCore::FontCascade::fontForCombiningCharacterSequence const):
* Source/WebCore/platform/graphics/FontCascadeFonts.cpp:
(WebCore::FontCascadeFonts::GlyphPageCacheEntry::setGlyphDataForCharacter):
(WebCore::FontCascadeFonts::glyphDataForSystemFallback):
(WebCore::FontCascadeFonts::glyphDataForVariant):
(WebCore::FontCascadeFonts::glyphDataForCharacter):
* Source/WebCore/platform/graphics/FontRanges.cpp:
(WebCore::FontRanges::glyphDataForCharacter const):
* Source/WebCore/platform/graphics/GlyphPage.h:
(WebCore::GlyphData::isValid const):
Canonical link: https://commits.webkit.org/270299@main
Identifier: [email protected]
Commit: 83d35574e1509e46835e7acf09a968f4ae5e51cc
https://github.com/WebKit/WebKit/commit/83d35574e1509e46835e7acf09a968f4ae5e51cc
Author: Dan Robson <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M Source/WebCore/editing/FrameSelection.cpp
M Source/WebCore/page/Page.cpp
M Source/WebCore/page/Page.h
M Source/WebKit/Shared/WebPageCreationParameters.h
M Source/WebKit/Shared/WebPageCreationParameters.serialization.in
M Source/WebKit/UIProcess/PageClient.h
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/mac/PageClientImplMac.h
M Source/WebKit/UIProcess/mac/PageClientImplMac.mm
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.h
M Source/WebKit/WebProcess/WebPage/mac/WebPageMac.mm
Log Message:
-----------
Cherry-pick ee3805278f95. rdar://117909679
macOS: Text cursor in HTML note is black, regardless of set Accent Color
https://bugs.webkit.org/show_bug.cgi?id=264189
rdar://117909679
Reviewed by Aditya Keerthi and Tim Horton.
266070@main changed the behavior of the caret color to more closely follow
the spec, and improve
web compat. However, this behavior change also affected HTML Notes, which
sets `color` on
an ancestor of the editable div. As a result, the caret color is black.
However, it should match
the accent color of the app it is in, if it sets a custom accent color.
To fix, implement the same solution as 269314@main effectively, but on
macOS.
* Source/WebCore/editing/FrameSelection.cpp:
(WebCore::FrameSelection::paintCaret):
(WebCore::CaretBase::computeCaretColor):
(WebCore::CaretBase::paintCaret const):
(WebCore::DragCaretController::paintDragCaret const):
* Source/WebCore/editing/FrameSelection.h:
* Source/WebCore/page/Page.cpp:
(WebCore::Page::setAppUsesCustomAccentColor):
(WebCore::Page::appUsesCustomAccentColor const):
* Source/WebCore/page/Page.h:
* Source/WebCore/rendering/RenderThemeIOS.mm:
(WebCore::RenderThemeIOS::autocorrectionReplacementMarkerColor const):
* Source/WebCore/rendering/style/RenderStyle.h:
* Source/WebKit/Shared/WebPageCreationParameters.h:
* Source/WebKit/Shared/WebPageCreationParameters.serialization.in:
* Source/WebKit/UIProcess/PageClient.h:
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::creationParameters):
* Source/WebKit/UIProcess/mac/PageClientImplMac.h:
* Source/WebKit/UIProcess/mac/PageClientImplMac.mm:
(WebKit::cachedAppUsesCustomAccentColor):
(WebKit::PageClientImpl::appUsesCustomAccentColor):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::m_historyItemClient):
(WebKit::WebPage::reinitializeWebPage):
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::getPlatformEditorState const):
* Source/WebKit/WebProcess/WebPage/mac/WebPageMac.mm:
(WebKit::WebPage::setAppUsesCustomAccentColor):
Canonical link: https://commits.webkit.org/270325@main
Identifier: [email protected]
Commit: 45d79fa37ab858738808ef85291f47204c7fea4f
https://github.com/WebKit/WebKit/commit/45d79fa37ab858738808ef85291f47204c7fea4f
Author: Dan Robson <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
A LayoutTests/fast/viewport/ios/full-screen-safe-area-insets-expected.txt
A LayoutTests/fast/viewport/ios/full-screen-safe-area-insets.html
A LayoutTests/fast/viewport/ios/resources/viewport-fit-contain.html
A LayoutTests/fast/viewport/ios/resources/viewport-fit-cover.html
A LayoutTests/fullscreen/full-screen-document-background-color-expected.txt
A LayoutTests/fullscreen/full-screen-document-background-color.html
M LayoutTests/fullscreen/full-screen-test.js
M Source/WebCore/dom/Document.cpp
M Source/WebCore/dom/FullscreenManager.cpp
M Source/WebCore/page/LocalFrameView.cpp
M Source/WebCore/page/Page.cpp
M Source/WebCore/page/Page.h
M Source/WebCore/testing/Internals.cpp
M Source/WebCore/testing/Internals.h
M Source/WebCore/testing/Internals.idl
M Source/WebKit/UIProcess/API/ios/WKWebViewIOS.h
M Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm
M Source/WebKit/UIProcess/ios/WKScrollView.h
M Source/WebKit/UIProcess/ios/WKScrollView.mm
M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenViewController.mm
M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm
Log Message:
-----------
Cherry-pick 1d5314701b60. rdar://117304719
Cherry-pick 270199@main (56d49b081448). rdar://117304719
[iOS] Element Fullscreen does not respect viewport-fit
https://bugs.webkit.org/show_bug.cgi?id=264012
rdar://117304719
Reviewed by Wenson Hsieh and Tim Horton.
Tests: fast/viewport/ios/full-screen-safe-area-insets.html
fullscreen/full-screen-document-background-color.html
When configuring the WKWebView during the enter fullscreen operation,
various settings of the view
must be returned to their default state for the "automatic"
avoid-safe-areas behavior to kick in.
For some calls made by clients, there is no way to reset those
behaviors to default, and the
existing implementation merely overrode those settings with other
non-default values. The end
result was that all fullscreen content was behaving as if
`viewport-fit=cover` was specified, which
allowed some content to slip into the safe areas.
Additionally, when embedded content is taken fullscreen, the viewport
settings of that embedded
iframe are not respected, and the embedded content uses the viewport
settings of whatever page
embedded it. Also, the fullscreen element's background is not used in
the overflow areas when
iframe content is in fullscreen.
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::updateViewportArguments):
* Source/WebCore/dom/FullscreenManager.cpp:
(WebCore::FullscreenManager::dispatchFullscreenChangeOrErrorEvent):
(WebCore::FullscreenManager::deepestFullscreenDocument const):
* Source/WebCore/dom/FullscreenManager.h:
* Source/WebCore/page/LocalFrameView.cpp:
(WebCore::LocalFrameView::documentBackgroundColor const):
* Source/WebCore/page/Page.cpp:
(WebCore::viewportDocumentForFrame):
(WebCore::Page::viewportArguments const):
* Source/WebKit/UIProcess/API/ios/WKWebViewIOS.h:
* Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm:
(-[WKWebView _resetScrollViewInsetAdjustmentBehavior]):
(-[WKWebView _haveSetUnobscuredSafeAreaInsets]):
(-[WKWebView _resetUnobscuredSafeAreaInsets]):
(-[WKWebView _hasOverriddenLayoutParameters]):
(-[WKWebView _viewLayoutSizeOverride]):
(-[WKWebView _minimumUnobscuredSizeOverride]):
(-[WKWebView _maximumUnobscuredSizeOverride]):
(-[WKWebView _resetObscuredInsets]):
(-[WKWebView _clearOverrideLayoutParameters]):
* Source/WebKit/UIProcess/ios/WKContentView.mm:
(-[WKContentView setFrame:]):
* Source/WebKit/UIProcess/ios/WKScrollView.h:
* Source/WebKit/UIProcess/ios/WKScrollView.mm:
(-[WKScrollView _contentInsetWasExternallyOverridden]):
(-[WKScrollView _resetContentInset]):
(-[WKScrollView _resetContentInsetAdjustmentBehavior]):
* Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenViewController.mm:
(-[WKFullScreenViewController viewDidLayoutSubviews]):
(-[WKFullScreenViewController
viewWillTransitionToSize:withTransitionCoordinator:]):
*
Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:
(WebKit::WKWebViewState::applyTo):
(WebKit::WKWebViewState::store):
(-[WKFullScreenWindowController enterFullScreen:]):
(-[WKFullScreenWindowController
beganEnterFullScreenWithInitialFrame:finalFrame:]):
Canonical link: https://commits.webkit.org/270199@main
Identifier: [email protected]
Commit: 94d15ce59206c15844310686144c9de39ead1c72
https://github.com/WebKit/WebKit/commit/94d15ce59206c15844310686144c9de39ead1c72
Author: Dan Robson <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
R LayoutTests/fast/viewport/ios/full-screen-safe-area-insets-expected.txt
R LayoutTests/fast/viewport/ios/full-screen-safe-area-insets.html
R LayoutTests/fast/viewport/ios/resources/viewport-fit-contain.html
R LayoutTests/fast/viewport/ios/resources/viewport-fit-cover.html
R LayoutTests/fullscreen/full-screen-document-background-color-expected.txt
R LayoutTests/fullscreen/full-screen-document-background-color.html
M LayoutTests/fullscreen/full-screen-test.js
M Source/WebCore/dom/Document.cpp
M Source/WebCore/dom/FullscreenManager.cpp
M Source/WebCore/page/LocalFrameView.cpp
M Source/WebCore/page/Page.cpp
M Source/WebCore/page/Page.h
M Source/WebCore/testing/Internals.cpp
M Source/WebCore/testing/Internals.h
M Source/WebCore/testing/Internals.idl
M Source/WebKit/UIProcess/API/ios/WKWebViewIOS.h
M Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm
M Source/WebKit/UIProcess/ios/WKScrollView.h
M Source/WebKit/UIProcess/ios/WKScrollView.mm
M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenViewController.mm
M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm
Log Message:
-----------
Revert "Cherry-pick 1d5314701b60. rdar://117304719"
This reverts commit 45d79fa37ab858738808ef85291f47204c7fea4f.
Identifier: [email protected]
Commit: d1be5f63cda2690262e95d32ce4434fa9d83d03b
https://github.com/WebKit/WebKit/commit/d1be5f63cda2690262e95d32ce4434fa9d83d03b
Author: Dan Robson <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M Source/WebCore/editing/FrameSelection.cpp
M Source/WebCore/page/Page.cpp
M Source/WebCore/page/Page.h
M Source/WebKit/Shared/WebPageCreationParameters.h
M Source/WebKit/Shared/WebPageCreationParameters.serialization.in
M Source/WebKit/UIProcess/PageClient.h
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/mac/PageClientImplMac.h
M Source/WebKit/UIProcess/mac/PageClientImplMac.mm
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.h
M Source/WebKit/WebProcess/WebPage/mac/WebPageMac.mm
Log Message:
-----------
Revert "Cherry-pick ee3805278f95. rdar://117909679"
This reverts commit 83d35574e1509e46835e7acf09a968f4ae5e51cc.
Identifier: [email protected]
Commit: ebb3e50358de5d5089c77efa514a6f9b9285639b
https://github.com/WebKit/WebKit/commit/ebb3e50358de5d5089c77efa514a6f9b9285639b
Author: Dan Robson <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M LayoutTests/TestExpectations
A LayoutTests/fast/multicol/last-set-crash-expected.txt
A LayoutTests/fast/multicol/last-set-crash.html
M Source/WebCore/rendering/RenderMultiColumnFlow.cpp
M Source/WebCore/rendering/RenderMultiColumnFlow.h
Log Message:
-----------
Cherry-pick f524a15d0633. rdar://114559559
WTFCrashWithSecurityImplication in
WebCore::RenderFragmentedFlow::removeLineFragmentInfo()
https://bugs.webkit.org/show_bug.cgi?id=264327
rdar://114559559
Reviewed by Alan Baradlay.
* LayoutTests/TestExpectations:
Skip test on debug due to some assertion failures.
* LayoutTests/fast/multicol/last-set-crash-expected.txt: Added.
* LayoutTests/fast/multicol/last-set-crash.html: Added.
* Source/WebCore/rendering/RenderMultiColumnFlow.cpp:
(WebCore::RenderMultiColumnFlow::fragmentAtBlockOffset const):
Tree mutations may have made m_lastSetWorkedOn cache invalid by moving the
multicolumn set under a different multicolumn flow.
Check for this.
* Source/WebCore/rendering/RenderMultiColumnFlow.h:
Also make it use WeakPtr.
Canonical link: https://commits.webkit.org/267815.546@safari-7617-branch
Identifier: [email protected]
Commit: 21132bd794fce3aadf68ce98c9d1ad9d64058ee7
https://github.com/WebKit/WebKit/commit/21132bd794fce3aadf68ce98c9d1ad9d64058ee7
Author: Dan Robson <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.h
M Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.mm
M
Source/WebKit/UIProcess/Cocoa/SOAuthorization/SubFrameSOAuthorizationSession.h
M
Source/WebKit/UIProcess/Cocoa/SOAuthorization/SubFrameSOAuthorizationSession.mm
Log Message:
-----------
Cherry-pick 9e08e9d30f55. rdar://118121639
Cookies from AppSSO extension are getting stored in iframe even when CSP
restricts page to be loaded in iframe
https://bugs.webkit.org/show_bug.cgi?id=264447
rdar://118121639
Reviewed by Brent Fulgham.
In https://bugs.webkit.org/show_bug.cgi?id=260100, we added CSP validation
when setting cookies
in the response of an AppSSO request. However, in that patch, we consider
CSP options that are
only relevant for i-frames in the redirect case. In
NetworkResourceLoader::shouldInterruptLoadForXFrameOptions,
we do an early return in non-main frame cases, but do not in the check for
AppSSO.
In SOAuthorizationCoordinator::tryAuthorize, it can be gleamed that a
non-mainframe navigation implies
a SubFrameSOAuthorizationSession will be created. Therefore we only need to
perform these i-frame specific
CSP checks whenever we have a SubFrameSOAuthorizationSession.
* Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.mm:
(WebKit::SOAuthorizationSession::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions):
* Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.h:
(WebKit::SOAuthorizationSession::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions):
* Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.mm:
(WebKit::SOAuthorizationSession::shouldInterruptLoadForXFrameOptions):
Deleted.
(WebKit::SOAuthorizationSession::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions):
Deleted.
*
Source/WebKit/UIProcess/Cocoa/SOAuthorization/SubFrameSOAuthorizationSession.h:
*
Source/WebKit/UIProcess/Cocoa/SOAuthorization/SubFrameSOAuthorizationSession.mm:
(WebKit::SubFrameSOAuthorizationSession::shouldInterruptLoadForXFrameOptions):
(WebKit::SubFrameSOAuthorizationSession::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions):
Canonical link: https://commits.webkit.org/270422@main
Identifier: [email protected]
Commit: 551a0c32a0dd16f2cb8635346575fbc83b09184d
https://github.com/WebKit/WebKit/commit/551a0c32a0dd16f2cb8635346575fbc83b09184d
Author: Dan Robson <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M LayoutTests/TestExpectations
A LayoutTests/fast/canvas/canvas-noise-injection-expected.txt
A LayoutTests/fast/canvas/canvas-noise-injection.html
M Source/WebCore/html/CanvasBase.cpp
M Source/WebCore/html/CanvasBase.h
M Source/WebCore/html/CanvasNoiseInjection.cpp
M Source/WebCore/html/CanvasNoiseInjection.h
M Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp
M Source/WebCore/html/canvas/CanvasRenderingContext2DBase.h
M Source/WebCore/testing/Internals.cpp
M Source/WebCore/testing/Internals.h
M Source/WebCore/testing/Internals.idl
Log Message:
-----------
Cherry-pick bde990fd62dd. rdar://115313154
Don't apply canvas noise on drawImage/putImageData rects
https://bugs.webkit.org/show_bug.cgi?id=263129
rdar://115313154
Reviewed by Simon Fraser.
When noise injection is enabled, the backing pixelbuffer of Canvas2D has
noise
applied as an anti-fingerprinting protection. That operation is expensive
and
the protection is not needed in situations where we are given an explicit
ImageData or specific types of Images because those data don't reveal any
identifying information about the machine when extracted via getImageData()
or
toDataURL().
This patch abstracts the default DidDrawOptions into a static function that
includes DidDrawOption::ApplyPostProcessing, and a companion function that
doesn't include ApplyPostProcessing. These are static class functions
because
they should both be updated if the default DidDrawOption OptionSet changes
in
the future, and defining them separately seems error prone.
As described above, the noise injection post-processing is not applied after
certain drawImage operations where the image is a bitmap, and
post-processing
is conditionally applied when the entire canvas is dirty.
* LayoutTests/TestExpectations:
* LayoutTests/fast/canvas/canvas-noise-injection-expected.txt:
* LayoutTests/fast/canvas/canvas-noise-injection.html:
* Source/WebCore/html/CanvasBase.cpp:
(WebCore::CanvasBase::didDraw):
* Source/WebCore/html/CanvasNoiseInjection.cpp:
(WebCore::CanvasNoiseInjection::clearDirtyRect):
* Source/WebCore/html/CanvasNoiseInjection.h:
* Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp:
(WebCore::CanvasRenderingContext2DBase::clearRect):
(WebCore::CanvasRenderingContext2DBase::drawImage):
(WebCore::CanvasRenderingContext2DBase::didDrawEntireCanvas):
(WebCore::CanvasRenderingContext2DBase::didDraw):
* Source/WebCore/html/canvas/CanvasRenderingContext2DBase.h:
(WebCore::CanvasRenderingContext2DBase::defaultDidDrawOptions):
(WebCore::CanvasRenderingContext2DBase::defaultDidDrawOptionsWithoutPostProcessing):
(WebCore::CanvasRenderingContext2DBase::didDraw): Deleted.
Canonical link: https://commits.webkit.org/270207@main
Identifier: 267815.556@safari-7617-branch
Canonical link: https://commits.webkit.org/[email protected]
Commit: 8e68f068fe8c840c8f4b0c5cca73b9e617498010
https://github.com/WebKit/WebKit/commit/8e68f068fe8c840c8f4b0c5cca73b9e617498010
Author: Dan Robson <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
A LayoutTests/fast/viewport/ios/full-screen-safe-area-insets-expected.txt
A LayoutTests/fast/viewport/ios/full-screen-safe-area-insets.html
A LayoutTests/fast/viewport/ios/resources/viewport-fit-contain.html
A LayoutTests/fast/viewport/ios/resources/viewport-fit-cover.html
A LayoutTests/fullscreen/full-screen-document-background-color-expected.txt
A LayoutTests/fullscreen/full-screen-document-background-color.html
M LayoutTests/fullscreen/full-screen-test.js
M Source/WebCore/dom/Document.cpp
M Source/WebCore/dom/FullscreenManager.cpp
M Source/WebCore/page/LocalFrameView.cpp
M Source/WebCore/page/Page.cpp
M Source/WebCore/page/Page.h
M Source/WebCore/testing/Internals.cpp
M Source/WebCore/testing/Internals.h
M Source/WebCore/testing/Internals.idl
M Source/WebKit/UIProcess/API/ios/WKWebViewIOS.h
M Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm
M Source/WebKit/UIProcess/ios/WKScrollView.h
M Source/WebKit/UIProcess/ios/WKScrollView.mm
M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenViewController.mm
M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm
Log Message:
-----------
Cherry-pick 1d5314701b60. rdar://117304719
Cherry-pick 270199@main (56d49b081448). rdar://117304719
[iOS] Element Fullscreen does not respect viewport-fit
https://bugs.webkit.org/show_bug.cgi?id=264012
rdar://117304719
Reviewed by Wenson Hsieh and Tim Horton.
Tests: fast/viewport/ios/full-screen-safe-area-insets.html
fullscreen/full-screen-document-background-color.html
When configuring the WKWebView during the enter fullscreen operation,
various settings of the view
must be returned to their default state for the "automatic"
avoid-safe-areas behavior to kick in.
For some calls made by clients, there is no way to reset those
behaviors to default, and the
existing implementation merely overrode those settings with other
non-default values. The end
result was that all fullscreen content was behaving as if
`viewport-fit=cover` was specified, which
allowed some content to slip into the safe areas.
Additionally, when embedded content is taken fullscreen, the viewport
settings of that embedded
iframe are not respected, and the embedded content uses the viewport
settings of whatever page
embedded it. Also, the fullscreen element's background is not used in
the overflow areas when
iframe content is in fullscreen.
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::updateViewportArguments):
* Source/WebCore/dom/FullscreenManager.cpp:
(WebCore::FullscreenManager::dispatchFullscreenChangeOrErrorEvent):
(WebCore::FullscreenManager::deepestFullscreenDocument const):
* Source/WebCore/dom/FullscreenManager.h:
* Source/WebCore/page/LocalFrameView.cpp:
(WebCore::LocalFrameView::documentBackgroundColor const):
* Source/WebCore/page/Page.cpp:
(WebCore::viewportDocumentForFrame):
(WebCore::Page::viewportArguments const):
* Source/WebKit/UIProcess/API/ios/WKWebViewIOS.h:
* Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm:
(-[WKWebView _resetScrollViewInsetAdjustmentBehavior]):
(-[WKWebView _haveSetUnobscuredSafeAreaInsets]):
(-[WKWebView _resetUnobscuredSafeAreaInsets]):
(-[WKWebView _hasOverriddenLayoutParameters]):
(-[WKWebView _viewLayoutSizeOverride]):
(-[WKWebView _minimumUnobscuredSizeOverride]):
(-[WKWebView _maximumUnobscuredSizeOverride]):
(-[WKWebView _resetObscuredInsets]):
(-[WKWebView _clearOverrideLayoutParameters]):
* Source/WebKit/UIProcess/ios/WKContentView.mm:
(-[WKContentView setFrame:]):
* Source/WebKit/UIProcess/ios/WKScrollView.h:
* Source/WebKit/UIProcess/ios/WKScrollView.mm:
(-[WKScrollView _contentInsetWasExternallyOverridden]):
(-[WKScrollView _resetContentInset]):
(-[WKScrollView _resetContentInsetAdjustmentBehavior]):
* Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenViewController.mm:
(-[WKFullScreenViewController viewDidLayoutSubviews]):
(-[WKFullScreenViewController
viewWillTransitionToSize:withTransitionCoordinator:]):
*
Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:
(WebKit::WKWebViewState::applyTo):
(WebKit::WKWebViewState::store):
(-[WKFullScreenWindowController enterFullScreen:]):
(-[WKFullScreenWindowController
beganEnterFullScreenWithInitialFrame:finalFrame:]):
Canonical link: https://commits.webkit.org/270199@main
Identifier: 267815.552@safari-7617-branch
Canonical link: https://commits.webkit.org/[email protected]
Commit: 8b071ee738ea1085a9d8f5607eda58a28833b872
https://github.com/WebKit/WebKit/commit/8b071ee738ea1085a9d8f5607eda58a28833b872
Author: Dan Robson <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M Source/WebKit/UIProcess/API/ios/WKWebViewIOS.h
M Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm
M Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm
Log Message:
-----------
Cherry-pick e5bf2b80f8e5. rdar://118147164
[iOS] Non-fullscreen content peeks into top safe area in element fullscreen
mode
https://bugs.webkit.org/show_bug.cgi?id=264455
rdar://118147164
Reviewed by Simon Fraser.
When entering fullscreen, certain properties of the WKWebView and
scrollView are reset to
default values, as clients like Safari may have overridden them. One of
these properties,
contentInset, is reset to zero by that machinery. However, this causes
overflow content to
be visible above the safe area; instead, it should be reset to a correct
initial value that
accounts for the page's adoption of safe areas, via
-_initialContentOffsetForScrollView.
* Source/WebKit/UIProcess/API/ios/WKWebViewIOS.h:
* Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm:
(-[WKWebView _resetContentOffset]):
* Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:
(-[WKFullScreenWindowController enterFullScreen:]):
Canonical link: https://commits.webkit.org/270424@main
Identifier: 267815.555@safari-7617-branch
Canonical link: https://commits.webkit.org/[email protected]
Commit: f1c8e33ae7f904f73a2fbbd8efc46f42d4c89a04
https://github.com/WebKit/WebKit/commit/f1c8e33ae7f904f73a2fbbd8efc46f42d4c89a04
Author: Russell Epstein <[email protected]>
Date: 2023-11-10 (Fri, 10 Nov 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7617.1.17.10.2
Canonical link: https://commits.webkit.org/[email protected]
Commit: 957fe92a80fa5b50fe6cb7be59ae738467262fd0
https://github.com/WebKit/WebKit/commit/957fe92a80fa5b50fe6cb7be59ae738467262fd0
Author: Russell Epstein <[email protected]>
Date: 2023-11-10 (Fri, 10 Nov 2023)
Changed paths:
M LayoutTests/platform/mac-wk1/TestExpectations
M Source/WebCore/platform/RunLoopObserver.h
M Source/WebCore/platform/cf/RunLoopObserverCF.cpp
M Source/WebKitLegacy/mac/WebView/WebViewRenderingUpdateScheduler.h
M Source/WebKitLegacy/mac/WebView/WebViewRenderingUpdateScheduler.mm
Log Message:
-----------
Cherry-pick 927b1ffbab10. rdar://118024764
Unreviewed, reverting 269859@main.
https://bugs.webkit.org/show_bug.cgi?id=264534
Caused CPU spins in some WebView client applications
Reverted changeset:
"REGRESSION (263917@main): [ macOS ] 3
inspector/timeline/timeline-event-Timer tests are a consistent failure"
https://bugs.webkit.org/show_bug.cgi?id=260360
https://commits.webkit.org/269859@main
Canonical link: https://commits.webkit.org/270489@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 58e824048806752fe80ef7dded497a52c04dbd48
https://github.com/WebKit/WebKit/commit/58e824048806752fe80ef7dded497a52c04dbd48
Author: Russell Epstein <[email protected]>
Date: 2023-11-10 (Fri, 10 Nov 2023)
Changed paths:
A LayoutTests/accessibility/custom-elements/shadow-element-text-expected.txt
A LayoutTests/accessibility/custom-elements/shadow-element-text.html
A
LayoutTests/platform/glib/accessibility/custom-elements/shadow-element-text-expected.txt
M Source/WebCore/accessibility/AccessibilityNodeObject.cpp
Log Message:
-----------
Cherry-pick ecb40fdcddf8. rdar://118118138
AX: VoiceOver does not announce button in text if button is in shadow root
https://bugs.webkit.org/show_bug.cgi?id=264410
rdar://118118138
Reviewed by Tyler Wilcock.
In shadow DOM elements, if text was within nested elements,
textUnderElement would not include it.
This patch resolves that by adding to our logic for when we decide whether
or not to skip a child's
text. Instead of just checking whether the child's parent and the current
node match, we also check
that the elements are either both in the DOM or Shadow DOM.
*
LayoutTests/accessibility/custom-elements/shadow-element-text-expected.txt:
Added.
* LayoutTests/accessibility/custom-elements/shadow-element-text.html: Added.
*
LayoutTests/platform/glib/accessibility/custom-elements/shadow-element-text-expected.txt:
Added.
* Source/WebCore/accessibility/AccessibilityNodeObject.cpp:
(WebCore::AccessibilityNodeObject::textUnderElement const):
Canonical link: https://commits.webkit.org/270542@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 58d77064da48a6fcc3a77cc5fe569a1b69a05575
https://github.com/WebKit/WebKit/commit/58d77064da48a6fcc3a77cc5fe569a1b69a05575
Author: Russell Epstein <[email protected]>
Date: 2023-11-10 (Fri, 10 Nov 2023)
Changed paths:
M Source/WebKit/WebProcess/GPU/GPUProcessConnection.cpp
M Source/WebKit/WebProcess/WebProcess.cpp
M Source/WebKit/WebProcess/WebProcess.h
Log Message:
-----------
Cherry-pick 0532f1c87a63. rdar://117840925
RELEASE_ASSERT() under GPUProcessConnection::create(IPC::Connection&)
https://bugs.webkit.org/show_bug.cgi?id=264612
rdar://117840925
Reviewed by Brent Fulgham.
When a WebProcess requests a connection to the GPUProcess, the UIProcess
needs to pass preferences for this WebProcess. Preferences are associated
with WebPages and thus we cannot initiate a connection to the GPUProcess
before a WebPage has been created.
I had tried to add an assertion to this effect in
GPUProcessConnection::create(). However, my assertion was a little
stricter than needed and could get hit in the wild. It is sufficient for
a process to have ever had a WebPage (The WebProcessProxy stores the
preferences locally), we don't need to have a living WebPage at the
moment when the connection gets requested.
* Source/WebKit/WebProcess/GPU/GPUProcessConnection.cpp:
(WebKit::GPUProcessConnection::create):
* Source/WebKit/WebProcess/WebProcess.cpp:
(WebKit::WebProcess::createWebPage):
* Source/WebKit/WebProcess/WebProcess.h:
(WebKit::WebProcess::hasEverHadAnyWebPages const):
(WebKit::WebProcess::hasWebPages const): Deleted.
Canonical link: https://commits.webkit.org/270569@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 5fd7c0c3c148a12bc1099fc59d7e1c53f5149c41
https://github.com/WebKit/WebKit/commit/5fd7c0c3c148a12bc1099fc59d7e1c53f5149c41
Author: Dan Robson <[email protected]>
Date: 2023-11-13 (Mon, 13 Nov 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-617.1.17.10.3
Identifier: [email protected]
Commit: b9a246d902985235a904dee66e0191f2b49b1315
https://github.com/WebKit/WebKit/commit/b9a246d902985235a904dee66e0191f2b49b1315
Author: Russell Epstein <[email protected]>
Date: 2023-11-13 (Mon, 13 Nov 2023)
Changed paths:
M Source/WebCore/rendering/TextBoxPainter.cpp
Log Message:
-----------
Cherry-pick f9ec06b716a3. rdar://117897402
Crash under
TextBoxPainter<WebCore::InlineIterator::BoxModernPath>::collectDecoratingBoxesForTextBox
https://bugs.webkit.org/show_bug.cgi?id=264728
rdar://117897402
Reviewed by Alan Baradlay.
* Source/WebCore/rendering/TextBoxPainter.cpp:
(WebCore::TextBoxPainter<TextBoxPath>::collectDecoratingBoxesForTextBox):
There appears to be some case where parentInlineBox is not found. Add null
checking.
Canonical link: https://commits.webkit.org/270634@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 68584a267d75abf416d55aec13a3bd27796d5864
https://github.com/WebKit/WebKit/commit/68584a267d75abf416d55aec13a3bd27796d5864
Author: Dan Robson <[email protected]>
Date: 2023-11-13 (Mon, 13 Nov 2023)
Changed paths:
R JSTests/stress/arrow-function-captured-arguments-aliased.js
M Source/JavaScriptCore/bytecode/CodeBlock.cpp
M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
M Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
M Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
M Source/JavaScriptCore/runtime/GetPutInfo.h
M Source/JavaScriptCore/runtime/ScopedArguments.h
M Source/JavaScriptCore/runtime/ScopedArgumentsTable.cpp
M Source/JavaScriptCore/runtime/ScopedArgumentsTable.h
M Source/JavaScriptCore/runtime/SymbolTable.cpp
M Source/JavaScriptCore/runtime/SymbolTable.h
Log Message:
-----------
Cherry-pick af7c136e799e. rdar://117838992
Reverting https://commits.webkit.org/267815.345@safari-7617-branch
https://bugs.webkit.org/show_bug.cgi?id=264767
rdar://117838992
Reviewed by Michael Saboff.
* JSTests/stress/arrow-function-captured-arguments-aliased.js: Removed.
* Source/JavaScriptCore/bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finishCreation):
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm:
* Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:
* Source/JavaScriptCore/runtime/GetPutInfo.h:
(JSC::initializationModeName):
(JSC::isInitialization):
* Source/JavaScriptCore/runtime/ScopedArguments.h:
* Source/JavaScriptCore/runtime/ScopedArgumentsTable.cpp:
(JSC::ScopedArgumentsTable::tryCreate):
(JSC::ScopedArgumentsTable::tryClone):
(JSC::ScopedArgumentsTable::trySetLength):
(JSC::ScopedArgumentsTable::trySetWatchpointSet): Deleted.
* Source/JavaScriptCore/runtime/ScopedArgumentsTable.h:
* Source/JavaScriptCore/runtime/SymbolTable.cpp:
(JSC::SymbolTable::localToEntry):
(JSC::SymbolTable::cloneScopePart):
* Source/JavaScriptCore/runtime/SymbolTable.h:
Canonical link: https://commits.webkit.org/267815.566@safari-7617-branch
Identifier: [email protected]
Commit: 188afb3780d1534e738cfc118a221cc712834fe9
https://github.com/WebKit/WebKit/commit/188afb3780d1534e738cfc118a221cc712834fe9
Author: Russell Epstein <[email protected]>
Date: 2023-11-13 (Mon, 13 Nov 2023)
Changed paths:
M Source/WebKit/UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm
Log Message:
-----------
Cherry-pick 270672@main (923ed5177ec0). rdar://118083889
hideContentUntilPendingUpdate callbacks can be processed too late after the
transaction and cause flickering.
https://bugs.webkit.org/show_bug.cgi?id=264531
<rdar://118083889>
Reviewed by Tim Horton.
The callbacks for DispatchAfterEnsuringDrawing get processed at the end of
the transaction, after we've already told
the client that we've committed the transaction. In some cases, this can
cause them to be included as a separate CA
commit, and cause flickering.
This adds a pre-transaction check for a callback for
hideContentUntilPendingUpdate, and clears the reply id, so that we
re-attach the root layer as part of the main commit.
*
Source/WebKit/UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm:
(WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTreeTransaction):
(WebKit::RemoteLayerTreeDrawingAreaProxy::hideContentUntilPendingUpdate):
Canonical link: https://commits.webkit.org/270672@main
Canonical link: https://commits.webkit.org/[email protected]
Commit: 76763fb4af13f6731da51890e6003a97f5c3f421
https://github.com/WebKit/WebKit/commit/76763fb4af13f6731da51890e6003a97f5c3f421
Author: Russell Epstein <[email protected]>
Date: 2023-11-14 (Tue, 14 Nov 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7617.1.17.10.4
Canonical link: https://commits.webkit.org/[email protected]
Commit: 0276f2cb8a40085d80289d156e8b5b138265e45a
https://github.com/WebKit/WebKit/commit/0276f2cb8a40085d80289d156e8b5b138265e45a
Author: Russell Epstein <[email protected]>
Date: 2023-11-14 (Tue, 14 Nov 2023)
Changed paths:
A LayoutTests/fonts/font-cache-memory-pressure-crash-expected.txt
A LayoutTests/fonts/font-cache-memory-pressure-crash.html
M Source/WebCore/platform/graphics/FontCascadeFonts.cpp
Log Message:
-----------
Cherry-pick a595ddd8348d. rdar://117805319
Adding last resort font to System Font fallback set for PUA characters
https://bugs.webkit.org/show_bug.cgi?id=264737
rdar://117805319
Reviewed by Brent Fulgham.
Until now, when we are purging inactive font data, we would just clear
the glyph page cache if we had to purge system fallback font.
This means that we consider glyph page cache would only point to
fonts from system fonts fallback.
When we are handling unicode's in the Private-User-Area (PUA) block,
we shouldn't fallback to system fonts searching for a font that can render
it, per spec: https://www.w3.org/TR/css-fonts-4/#char-handling-issues
Instead, we render the glyph 0 with the last resort font. However, this
font is just added to the custom font cache, and its font pointer in the
Glyph Page cache is not cleared during memory pressure.
We should add this font to the system font fallback set, to make sure
that the associated font pointer is removed from the glyph page cache
during memory pressure.
* LayoutTests/fonts/font-cache-memory-pressure-crash.html: Added.
* Source/WebCore/platform/graphics/FontCascadeFonts.cpp:
(WebCore::FontCascadeFonts::glyphDataForVariant):
* LayoutTests/fonts/font-cache-memory-pressure-crash-expected.txt: Added.
Canonical link: https://commits.webkit.org/267815.567@safari-7617-branch
Canonical link: https://commits.webkit.org/[email protected]
Commit: 6fc8976afd5260f8e01e214cafc248e8397c18c2
https://github.com/WebKit/WebKit/commit/6fc8976afd5260f8e01e214cafc248e8397c18c2
Author: Myah Cobbs <[email protected]>
Date: 2023-11-15 (Wed, 15 Nov 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7617.1.17.10.5
Identifier: [email protected]
Commit: d540fd4b6f8b6065302c08461277f7b003b9d72b
https://github.com/WebKit/WebKit/commit/d540fd4b6f8b6065302c08461277f7b003b9d72b
Author: Myah Cobbs <[email protected]>
Date: 2023-11-16 (Thu, 16 Nov 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7617.1.17.10.6
Identifier: [email protected]
Commit: d472202de378914ece4bd2d707d467f12fce2273
https://github.com/WebKit/WebKit/commit/d472202de378914ece4bd2d707d467f12fce2273
Author: Myah Cobbs <[email protected]>
Date: 2023-11-16 (Thu, 16 Nov 2023)
Changed paths:
M Source/JavaScriptCore/b3/B3LowerToAir.cpp
M Source/JavaScriptCore/b3/air/AirValidate.cpp
Log Message:
-----------
Cherry-pick 49ba637c4abb. rdar://118515062
Extr can overflow when imm=64, allowing a random register to be read
rdar://118515062
Reviewed by Yusuke Suzuki.
Extr can overflow when imm=64, allowing a random register to be read.
* Source/JavaScriptCore/b3/B3LowerToAir.cpp:
* Source/JavaScriptCore/b3/air/AirValidate.cpp:
Canonical link: https://commits.webkit.org/267815.574@safari-7617-branch
Identifier: [email protected]
Commit: 95e442820d7ec11d8eac7cca222642e3e6a1a370
https://github.com/WebKit/WebKit/commit/95e442820d7ec11d8eac7cca222642e3e6a1a370
Author: Myah Cobbs <[email protected]>
Date: 2023-11-16 (Thu, 16 Nov 2023)
Changed paths:
M Source/WebCore/loader/SubresourceLoader.cpp
M Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp
M Source/WebCore/loader/cache/CachedCSSStyleSheet.h
Log Message:
-----------
Cherry-pick 4c3430842100. rdar://118267012
Crash under PAL::newTextCodec(PAL::TextEncoding const&)
https://bugs.webkit.org/show_bug.cgi?id=264979
rdar://118267012
Reviewed by Brent Fulgham.
There is evidence for crashes in the wild that the CachedCSSStyleSheet or
the TextResourceDecoder are being used after getting freed. To prevent this,
protect both these objects in the code path identified by the crashes.
This is a speculative fix but it should be very safe.
* Source/WebCore/loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::didFinishLoading):
* Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp:
(WebCore::CachedCSSStyleSheet::finishLoading):
(WebCore::CachedCSSStyleSheet::protectedDecoder const):
* Source/WebCore/loader/cache/CachedCSSStyleSheet.h:
Canonical link: https://commits.webkit.org/267815.575@safari-7617-branch
Identifier: [email protected]
Commit: f67daffa5150e5915701d626af514c939164afd0
https://github.com/WebKit/WebKit/commit/f67daffa5150e5915701d626af514c939164afd0
Author: Myah Cobbs <[email protected]>
Date: 2023-11-17 (Fri, 17 Nov 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7617.1.17.10.7
Identifier: [email protected]
Commit: f623c618179dca039313c30a8b9c0a607aa73c78
https://github.com/WebKit/WebKit/commit/f623c618179dca039313c30a8b9c0a607aa73c78
Author: Russell Epstein <[email protected]>
Date: 2023-11-17 (Fri, 17 Nov 2023)
Changed paths:
M Source/JavaScriptCore/runtime/Structure.cpp
Log Message:
-----------
Cherry-pick b0a755e34426. rdar://118548733
Race condition between JSObject::getDirectConcurrently users and
Structure::flattenDictionaryStructure
https://bugs.webkit.org/show_bug.cgi?id=265067
rdar://118548733
Reviewed by Justin Michaud and Mark Lam.
Like Array shift/unshift, flattenDictionaryStructure is the other code
which can shrink butterfly for named properties (no other code does it).
Compiler threads rely on the fact that normally named property storage
never shrunk. And we should catch this exceptional case by taking a cellLock
in the compiler thread. But flattenDictionaryStructure is not taking
cellLock correctly.
This patch computes afterOutOfLineCapacity first to detect that whether
this flattening will shrink the butterfly.
And if it is, then we take a cellLock. We do not need to take it if we do
not shrink the butterfly.
* Source/JavaScriptCore/runtime/Structure.cpp:
(JSC::Structure::flattenDictionaryStructure):
Canonical link: https://commits.webkit.org/267815.577@safari-7617-branch
Canonical link: https://commits.webkit.org/[email protected]
Commit: 80db35946f6d7f9df10f5e8507b73784e2eeeb68
https://github.com/WebKit/WebKit/commit/80db35946f6d7f9df10f5e8507b73784e2eeeb68
Author: Myah Cobbs <[email protected]>
Date: 2023-11-17 (Fri, 17 Nov 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7617.1.17.10.8
Identifier: [email protected]
Commit: 95dd2e7e63eba2d16f7e429560e99284ad758205
https://github.com/WebKit/WebKit/commit/95dd2e7e63eba2d16f7e429560e99284ad758205
Author: Myah Cobbs <[email protected]>
Date: 2023-11-17 (Fri, 17 Nov 2023)
Changed paths:
M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
Log Message:
-----------
Revert b16d10297d26. rdar://118303187
Identifier: [email protected]
Commit: 038e3ac23c11dd3b8539ab4d8f46b5d2ff9d5a14
https://github.com/WebKit/WebKit/commit/038e3ac23c11dd3b8539ab4d8f46b5d2ff9d5a14
Author: Jonathan Bedard <[email protected]>
Date: 2023-11-27 (Mon, 27 Nov 2023)
Changed paths:
M Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py
Log Message:
-----------
Cherry-pick 270059@main (219eb0bb7b43). rdar://116915892
[AutoInstall] prefer wheels whenever possible (Follow-up fix)
https://bugs.webkit.org/show_bug.cgi?id=263119
rdar://116915892
Reviewed by Elliott Williams and Sam Sneddon.
Wheel installs of rapidfuzz aren't valid for all configurations, and
it doesn't take long to install manually.
* Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
* Tools/Scripts/libraries/webkitscmpy/webkitscmpy/__init__.py: Opt out of
wheel for rapidfuzz.
Canonical link: https://commits.webkit.org/270059@main
Canonical link: https://commits.webkit.org/267815.561@safari-7617-branch
Identifier: [email protected]
Compare: https://github.com/WebKit/WebKit/compare/b248451465b4%5E...038e3ac23c11
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
