Branch: refs/heads/webkitglib/2.44
Home: https://github.com/WebKit/WebKit
Commit: bcd671bfcbcd9ca829dedeb66a3ffc67222103be
https://github.com/WebKit/WebKit/commit/bcd671bfcbcd9ca829dedeb66a3ffc67222103be
Author: Michael Catanzaro <[email protected]>
Date: 2024-03-15 (Fri, 15 Mar 2024)
Changed paths:
M Source/WebKit/PlatformGTK.cmake
M Source/WebKit/PlatformWPE.cmake
M Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp
M Source/WebKit/UIProcess/API/glib/WebKitWebView.h.in
Log Message:
-----------
Cherry-pick 276012@main (910ab18a82d4).
https://bugs.webkit.org/show_bug.cgi?id=269377
[WPE][GTK] Warning: WebKit2: Couldn't find
'run_async_javascript_function_in_world_finish' for the corresponding async
function: 'run_async_javascript_function_in_world'
https://bugs.webkit.org/show_bug.cgi?id=269377
Reviewed by Adrian Perez de Castro.
We need to use the new finish-func annotation so that language bindings
can figure out how to complete the async call, due to our nonstandard
naming for the finish function. It seems trying to reuse the same finish
function for multiple async calls was not such a good idea.
Unfortunately, with older gobject-introspection, we cannot use this
new annotation or the build will fail due to the unrecognized
annotation. So we will need to conditionalize the entire doc comment.
Finally, I've also fixed the nullability of the world_name parameter,
which was broken due to a missing colon.
* Source/WebKit/PlatformGTK.cmake:
* Source/WebKit/PlatformWPE.cmake:
* Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:
* Source/WebKit/UIProcess/API/glib/WebKitWebView.h.in:
Canonical link: https://commits.webkit.org/276012@main
Canonical link: https://commits.webkit.org/274313.87@webkitglib/2.44
Commit: 629d941b3ee1bfad0d8aa15283d6d1ab7092aa58
https://github.com/WebKit/WebKit/commit/629d941b3ee1bfad0d8aa15283d6d1ab7092aa58
Author: Adrian Perez de Castro <[email protected]>
Date: 2024-03-15 (Fri, 15 Mar 2024)
Changed paths:
M Source/WebKit/PlatformGTK.cmake
Log Message:
-----------
Cherry-pick 276019@main (3a1c08120188).
https://bugs.webkit.org/show_bug.cgi?id=269377
REGRESSION(276012@main): CMake fails with GObject-Introspection disabled
https://bugs.webkit.org/show_bug.cgi?id=269377
Reviewed by Michael Catanzaro and Philippe Normand.
* Source/WebKit/PlatformGTK.cmake: Quote the expansion of ${GI_VERSION}
to ensure VERSION_GREATER_EQUAL has at least an empty string as value
to compare against; otherwise when the variable is undefined there was
no left-hand side of the comparison, which resulted in CMake erroring
due to wrong syntax.
Canonical link: https://commits.webkit.org/276019@main
Canonical link: https://commits.webkit.org/274313.88@webkitglib/2.44
Commit: b67becf51ef32112a6a5ad03f36f943253dfbebe
https://github.com/WebKit/WebKit/commit/b67becf51ef32112a6a5ad03f36f943253dfbebe
Author: Fujii Hironori <[email protected]>
Date: 2024-03-15 (Fri, 15 Mar 2024)
Changed paths:
M Source/WebKit/Scripts/generate-serializers.py
Log Message:
-----------
Cherry-pick 275934@main (ca6b301ae49e).
https://bugs.webkit.org/show_bug.cgi?id=270770
[Clang] GeneratedSerializers.cpp(3716,11): error: offset of on
non-standard-layout type 'WebKit::AudioTrackPrivateRemoteConfiguration'
[-Werror,-Winvalid-offsetof]
https://bugs.webkit.org/show_bug.cgi?id=270770
Reviewed by Alex Christensen.
Clang 18.1.1 reports a warning for GeneratedSerializers.cpp:
> DerivedSources\GeneratedSerializers.cpp(3716,11): error: offset of on
non-standard-layout type 'WebKit::AudioTrackPrivateRemoteConfiguration'
[-Werror,-Winvalid-offsetof]
> 3716 | , offsetof(WebKit::AudioTrackPrivateRemoteConfiguration,
enabled)
> | ^
~~~~~~~
generate-serializers.py already suppresses the warning for GCC.
* Source/WebKit/Scripts/generate-serializers.py:
Ignore `invalid-offsetof` warning both for GCC and Clang.
Canonical link: https://commits.webkit.org/275934@main
Canonical link: https://commits.webkit.org/274313.89@webkitglib/2.44
Commit: 76f4db11d9982ef76ec8758fd6c62c3d5f146379
https://github.com/WebKit/WebKit/commit/76f4db11d9982ef76ec8758fd6c62c3d5f146379
Author: Fujii Hironori <[email protected]>
Date: 2024-03-15 (Fri, 15 Mar 2024)
Changed paths:
M Source/JavaScriptCore/runtime/DatePrototype.cpp
Log Message:
-----------
Cherry-pick 275926@main (65fd9be34cc1).
https://bugs.webkit.org/show_bug.cgi?id=270769
[JSC][Clang] DatePrototype.cpp(337,29): error: 'snprintf' will always be
truncated; specified size is 28, but format string expands to at least 29
[-Werror,-Wformat-truncation]
https://bugs.webkit.org/show_bug.cgi?id=270769
Reviewed by Don Olmstead.
Clang 18 reports a false warning:
> JavaScriptCore/runtime/DatePrototype.cpp(337,29): error: 'snprintf' will
always be truncated; specified size is 28, but format string expands to at
least 29 [-Werror,-Wformat-truncation]
This problem is tracked by
<https://github.com/llvm/llvm-project/issues/71320>.
* Source/JavaScriptCore/runtime/DatePrototype.cpp:
Ignore the warning for Clang.
Canonical link: https://commits.webkit.org/275926@main
Canonical link: https://commits.webkit.org/274313.90@webkitglib/2.44
Commit: 8a13624c27b86a4c10ecc50f988991a0ffcaca80
https://github.com/WebKit/WebKit/commit/8a13624c27b86a4c10ecc50f988991a0ffcaca80
Author: Ryosuke Niwa <[email protected]>
Date: 2024-03-15 (Fri, 15 Mar 2024)
Changed paths:
M Source/WebCore/dom/ActiveDOMObject.cpp
M Source/WebCore/dom/ActiveDOMObject.h
M Source/WebCore/html/HTMLCanvasElement.cpp
M Source/WebCore/html/HTMLImageElement.cpp
M Source/WebCore/html/HTMLMarqueeElement.cpp
M Source/WebCore/html/HTMLMarqueeElement.h
M Source/WebCore/html/HTMLMediaElement.cpp
M Source/WebCore/html/HTMLSourceElement.cpp
M Source/WebCore/html/HTMLSourceElement.h
M Source/WebCore/html/HTMLTrackElement.cpp
M Source/WebCore/html/HTMLTrackElement.h
M Source/WebCore/html/track/TextTrack.cpp
M Source/WebCore/html/track/TextTrack.h
M Source/WebCore/html/track/TextTrackCue.cpp
M Source/WebCore/html/track/TextTrackCue.h
M Source/WebCore/html/track/TextTrackCueList.cpp
M Source/WebCore/html/track/TextTrackCueList.h
M Source/WebCore/html/track/TrackBase.cpp
M Source/WebCore/html/track/TrackBase.h
M Source/WebCore/html/track/TrackListBase.cpp
M Source/WebCore/html/track/TrackListBase.h
Log Message:
-----------
Cherry-pick 272448.471@safari-7618-branch (f2f5469a4376).
https://bugs.webkit.org/show_bug.cgi?id=268494
[ Monterey+ wk2 Release ]
media/track/media-element-enqueue-event-crash.html is a flaky crash
https://bugs.webkit.org/show_bug.cgi?id=268494
Reviewed by Chris Dumez.
This PR introduces ActiveDOMObject::didMoveToNewDocument, which migrates
ActiveDOMObject from
one document to another, and deploys it in every ActiveDOMObject owned by
Node subclasses such
as HTMLImageElement and TextTrackCue.
* Source/WebCore/dom/ActiveDOMObject.cpp:
(WebCore::ActiveDOMObject::didMoveToNewDocument):
* Source/WebCore/dom/ActiveDOMObject.h:
* Source/WebCore/html/HTMLCanvasElement.cpp:
(WebCore::HTMLCanvasElement::didMoveToNewDocument):
* Source/WebCore/html/HTMLImageElement.cpp:
(WebCore::HTMLImageElement::didMoveToNewDocument):
* Source/WebCore/html/HTMLMarqueeElement.cpp:
(WebCore::HTMLMarqueeElement::HTMLMarqueeElement):
(WebCore::HTMLMarqueeElement::didMoveToNewDocument):
* Source/WebCore/html/HTMLMarqueeElement.h:
* Source/WebCore/html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::didMoveToNewDocument):
(WebCore::HTMLMediaElement::ensureMediaControls): Fixed a bug whereby which
this code tries
to initialize CSSFontSelector object, which is an active DOM object, in the
middle of
Document trying to stop itself.
(WebCore::HTMLMediaElement::isSuspended const): Added a debug assertion
that the script
execution context associated with Node superclass and ActiveDOMObject
superclass match.
* Source/WebCore/html/HTMLSourceElement.cpp:
(WebCore::HTMLSourceElement::HTMLSourceElement):
(WebCore::HTMLSourceElement::didMoveToNewDocument):
* Source/WebCore/html/HTMLSourceElement.h:
* Source/WebCore/html/HTMLTrackElement.cpp:
(WebCore::HTMLTrackElement::HTMLTrackElement):
(WebCore::HTMLTrackElement::didMoveToNewDocument):
* Source/WebCore/html/HTMLTrackElement.h:
* Source/WebCore/html/track/TextTrack.cpp:
(WebCore::TextTrack::protectedCues const):
(WebCore::TextTrack::didMoveToNewDocument):
* Source/WebCore/html/track/TextTrack.h:
* Source/WebCore/html/track/TextTrackCue.cpp:
(WebCore::TextTrackCue::didMoveToNewDocument):
* Source/WebCore/html/track/TextTrackCue.h:
* Source/WebCore/html/track/TextTrackCueList.cpp:
(WebCore::TextTrackCueList::didMoveToNewDocument):
* Source/WebCore/html/track/TextTrackCueList.h:
* Source/WebCore/html/track/TrackBase.cpp:
(WebCore::TrackBase::didMoveToNewDocument):
* Source/WebCore/html/track/TrackBase.h:
* Source/WebCore/html/track/TrackListBase.cpp:
(WebCore::TrackListBase::didMoveToNewDocument):
* Source/WebCore/html/track/TrackListBase.h:
Canonical link: https://commits.webkit.org/272448.471@safari-7618-branch
Canonical link: https://commits.webkit.org/274313.91@webkitglib/2.44
Commit: 7d9536886116bc2db98bd74875151238a4005c77
https://github.com/WebKit/WebKit/commit/7d9536886116bc2db98bd74875151238a4005c77
Author: Myah Cobbs <[email protected]>
Date: 2024-03-15 (Fri, 15 Mar 2024)
Changed paths:
M Source/WebCore/bindings/js/SerializedScriptValue.cpp
M Source/WebCore/bindings/js/SerializedScriptValue.h
Log Message:
-----------
Cherry-pick c3c2a42ade13. https://bugs.webkit.org/show_bug.cgi?id=266806
Safari's IndexedDB data may not be deserialized correctly after system
upgrades
https://bugs.webkit.org/show_bug.cgi?id=266806
rdar://120031024
Reviewed by NOBODY (OOPS!).
To fix rdar://119834827, we introduce version 12.1 to SerializeScriptValue,
which changed the terminator of the indexed
property section in array compared to version 12. To make sure deserializer
knows to deserialize version 12.1, we encode
the minor version in the highest 8 bits of version number. We keep the
lowest 24 bit as major version number for
backward compatibility (the previously stored 32-bit major version number
can be intepreted as major version with minor
version 0).
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::majorVersionFor):
(WebCore::minorVersionFor):
(WebCore::makeVersion):
(WebCore::currentVersion):
(WebCore::CloneSerializer::serialize):
(WebCore::CloneSerializer::CloneSerializer):
(WebCore::CloneDeserializer::deserializeString):
(WebCore::CloneDeserializer::deserialize):
(WebCore::CloneDeserializer::isValid const):
(WebCore::CloneDeserializer::shouldRetryWithVersionUpgrade):
(WebCore::CloneDeserializer::upgradeVersion):
(WebCore::CloneDeserializer::read):
(WebCore::CloneDeserializer::readFile):
(WebCore::CloneDeserializer::readArrayBuffer):
(WebCore::CloneDeserializer::readArrayBufferView):
(WebCore::CloneDeserializer::readImageBitmap):
(WebCore::CloneDeserializer::readTerminal):
(WebCore::CloneDeserializer::version const): Deleted.
(WebCore::SerializedScriptValue::wireFormatVersion): Deleted.
* Source/WebCore/bindings/js/SerializedScriptValue.h:
Canonical link:
https://commits.webkit.org/[email protected]
Identifier: 270272.2255@safari-7618-branch
Canonical link: https://commits.webkit.org/274313.92@webkitglib/2.44
Commit: 6789d169e841c6c69cf4fc778fd139a3a2b1ac10
https://github.com/WebKit/WebKit/commit/6789d169e841c6c69cf4fc778fd139a3a2b1ac10
Author: Justin Michaud <[email protected]>
Date: 2024-03-15 (Fri, 15 Mar 2024)
Changed paths:
A JSTests/wasm/stress/repro_1289.js
A JSTests/wasm/stress/repro_1289.wasm
A JSTests/wasm/stress/repro_1289.wat
M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
M Source/JavaScriptCore/wasm/WasmBBQJIT.h
M Source/JavaScriptCore/wasm/WasmCallee.h
M Source/JavaScriptCore/wasm/WasmInstance.h
M Source/JavaScriptCore/wasm/WasmOperations.cpp
M Source/JavaScriptCore/wasm/WasmOperations.h
M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp
M Source/JavaScriptCore/wasm/WasmThunks.cpp
M Source/JavaScriptCore/wasm/WasmThunks.h
Log Message:
-----------
Cherry-pick 272448.466@safari-7618-branch (a08ba6e8c208).
https://bugs.webkit.org/show_bug.cgi?id=268424
BBQJIT OSR Entry throws stack overflow from invalid frame
https://bugs.webkit.org/show_bug.cgi?id=268424
rdar://121251778
Reviewed by Yusuke Suzuki.
In this test case, we end up in a situation where the current LLInt frame is
above the soft stack limit. We then loop osr entry into BBQ, where we
perform a stack check and fail, but before we finish writing the OSR
entry buffer into our stack frame. The stack unwinder sees the BBQ callee
and we jump to that, but the frame is uninitialized.
The fix is two fold; we first make BBQ crash in this case to avoid a
security issue. We do the same for OMG, just in case this bug is
exploitable there too.
Second, we do a stack check before performing OSR entry, and fail early.
* JSTests/wasm/stress/repro_1289.js: Added.
(debuggingHelper):
(instantiateJsc):
(async let):
* JSTests/wasm/stress/repro_1289.wasm: Added.
* JSTests/wasm/stress/repro_1289.wat: Added.
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJIT::stackCheckSize const):
(JSC::Wasm::BBQJIT::addLoopOSREntrypoint):
(JSC::Wasm::parseAndCompileBBQ):
* Source/JavaScriptCore/wasm/WasmCallee.h:
* Source/JavaScriptCore/wasm/WasmInstance.h:
(JSC::Wasm::Instance::softStackLimit const):
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/wasm/WasmOperations.h:
* Source/JavaScriptCore/wasm/WasmSlowPaths.cpp:
(JSC::LLInt::WASM_SLOW_PATH_DECL):
* Source/JavaScriptCore/wasm/WasmThunks.cpp:
(JSC::Wasm::crashDueToBBQStackOverflow):
* Source/JavaScriptCore/wasm/WasmThunks.h:
Canonical link: https://commits.webkit.org/272448.466@safari-7618-branch
Canonical link: https://commits.webkit.org/274313.93@webkitglib/2.44
Compare: https://github.com/WebKit/WebKit/compare/3cf2b08d49dd...6789d169e841
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
