Branch: refs/heads/webkitglib/2.46
Home: https://github.com/WebKit/WebKit
Commit: 46e95c8cf1c21fc0138f122e1b27c691dacc1e86
https://github.com/WebKit/WebKit/commit/46e95c8cf1c21fc0138f122e1b27c691dacc1e86
Author: Antti Koivisto <[email protected]>
Date: 2024-11-04 (Mon, 04 Nov 2024)
Changed paths:
A LayoutTests/fast/inline/nested-inline-layout-stack-overflow-expected.txt
A LayoutTests/fast/inline/nested-inline-layout-stack-overflow.html
M
Source/WebCore/layout/formattingContexts/inline/InlineFormattingContext.cpp
M Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp
M Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.h
Log Message:
-----------
Cherry-pick 285900@main (e3ae76b007df).
https://bugs.webkit.org/show_bug.cgi?id=282325
Stack overflow under WebCore::Layout::LineBuilder::layoutInlineContent
https://bugs.webkit.org/show_bug.cgi?id=282325
rdar://138798974
Reviewed by Alan Baradlay.
We now do nested layouts from within line layout and may end up blowing
through the stack.
Render tree depth is limited to 512 boxes so that is the depth we need to
survive.
* LayoutTests/fast/inline/nested-inline-layout-stack-overflow-expected.txt:
Added.
* LayoutTests/fast/inline/nested-inline-layout-stack-overflow.html: Renamed
from LayoutTests/fast/inline/nested-inline-layout-crash.html.
*
Source/WebCore/layout/formattingContexts/inline/InlineFormattingContext.cpp:
(WebCore::Layout::InlineFormattingContext::layout):
* Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp:
(WebCore::Layout::LineBuilder::layoutInlineContent):
(WebCore::Layout::LineBuilder::placeInlineAndFloatContent):
* Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.h:
Reduce stack usage by moving some once-per-layout structs to heap.
Canonical link: https://commits.webkit.org/285900@main
Canonical link: https://commits.webkit.org/282416.268@webkitglib/2.46
Commit: 106a1592a17aa34dd2d327a55ab8df517ab79906
https://github.com/WebKit/WebKit/commit/106a1592a17aa34dd2d327a55ab8df517ab79906
Author: Michael Saboff <[email protected]>
Date: 2024-11-04 (Mon, 04 Nov 2024)
Changed paths:
M Source/JavaScriptCore/yarr/YarrPattern.cpp
Log Message:
-----------
Cherry-pick 285819@main (548b60525e35).
https://bugs.webkit.org/show_bug.cgi?id=282200
ASAN_TRAP | Yarr::CharacterClassConstructor::unicodeOpSorted due to out of
order Unicode Case Folding
https://bugs.webkit.org/show_bug.cgi?id=282200
rdar://138178588
Reviewed by Mark Lam.
Certain ASCII characters can introduce Unicode characters (and vice versa)
when we add all the
case variations in a case insensitive regex. This leads to incorrect
behavior in performSetOpWithMatches,
since one function it calls, unicodeOpSorted(), assume that its matches
argument is in sorted order.
Renamed asciiOpSorted() to asciiOp(), since it doesn't care that its
matches vector is sorted.
Added two new tests added to regexp-vflag-property-of-strings.js.
* JSTests/stress/regexp-vflag-property-of-strings.js:
* Source/JavaScriptCore/yarr/YarrPattern.cpp:
(JSC::Yarr::CharacterClassConstructor::performSetOpWithMatches):
(JSC::Yarr::CharacterClassConstructor::asciiOp):
(JSC::Yarr::CharacterClassConstructor::asciiOpSorted): Deleted.
Canonical link: https://commits.webkit.org/285819@main
Canonical link: https://commits.webkit.org/282416.269@webkitglib/2.46
Compare: https://github.com/WebKit/WebKit/compare/3fcc3bab0295...106a1592a17a
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
