Branch: refs/heads/webkitglib/2.46
Home: https://github.com/WebKit/WebKit
Commit: 13cb9849480200e6f402529b1580f759f885d81a
https://github.com/WebKit/WebKit/commit/13cb9849480200e6f402529b1580f759f885d81a
Author: Pratiksha Choudhury <[email protected]>
Date: 2025-01-29 (Wed, 29 Jan 2025)
Changed paths:
A
LayoutTests/fast/css/css-typed-om/css-builder-converter-initial-letter-crash-expected.txt
A
LayoutTests/fast/css/css-typed-om/css-builder-converter-initial-letter-crash.html
M Source/WebCore/css/CSSQuadValue.cpp
M Source/WebCore/css/CSSQuadValue.h
M Source/WebCore/css/typedom/StylePropertyMap.cpp
Log Message:
-----------
Cherry-pick 289023@main (9649ee33c20c).
https://bugs.webkit.org/show_bug.cgi?id=285459
ASAN_TRAP in Style::BuilderConverter::convertInitialLetter
https://bugs.webkit.org/show_bug.cgi?id=285459
rdar://141024836
Reviewed by Matthieu Dubet and Ryosuke Niwa.
Added a check to verify the CSSQuad value else throw TypeError.
*
LayoutTests/fast/css/css-typed-om/css-builder-converter-initial-letter-crash-expected.txt:
Added.
*
LayoutTests/fast/css/css-typed-om/css-builder-converter-initial-letter-crash.html:
Added.
* Source/WebCore/css/CSSQuadValue.cpp:
(WebCore::CSSQuadValue::CSSQuadValue):
(WebCore::CSSQuadValue::canBeCoalesced const):
* Source/WebCore/css/CSSQuadValue.h:
* Source/WebCore/css/typedom/StylePropertyMap.cpp:
(WebCore::StylePropertyMap::set):
Canonical link: https://commits.webkit.org/289023@main
Canonical link: https://commits.webkit.org/282416.410@webkitglib/2.46
Commit: a291061dd6222f5f4671184f77688851541d6027
https://github.com/WebKit/WebKit/commit/a291061dd6222f5f4671184f77688851541d6027
Author: Chris Dumez <[email protected]>
Date: 2025-01-29 (Wed, 29 Jan 2025)
Changed paths:
M Source/JavaScriptCore/runtime/StructureInlines.h
Log Message:
-----------
Cherry-pick 288298@main (b88f3785dca4).
https://bugs.webkit.org/show_bug.cgi?id=285158
Null deference under JSC::Structure::shouldConvertToPolyProto()
https://bugs.webkit.org/show_bug.cgi?id=285158
Reviewed by Darin Adler.
Null deference under JSC::Structure::shouldConvertToPolyProto(), which is
undefined behavior.
This was found by adding a RELEASE_ASSERT() under `RefPtr::operator->()`:
* Source/JavaScriptCore/runtime/StructureInlines.h:
(JSC::Structure::shouldConvertToPolyProto):
Canonical link: https://commits.webkit.org/288298@main
Canonical link: https://commits.webkit.org/282416.411@webkitglib/2.46
Commit: 5e79c9a1da8c7a945e391bb0f4a4b34a275c61c7
https://github.com/WebKit/WebKit/commit/5e79c9a1da8c7a945e391bb0f4a4b34a275c61c7
Author: Jessica Lee <[email protected]>
Date: 2025-01-29 (Wed, 29 Jan 2025)
Changed paths:
M LayoutTests/js/dom/webidl-type-mapping-expected.txt
M LayoutTests/js/dom/webidl-type-mapping.html
M Source/WebCore/bindings/js/JSDOMConvertRecord.h
Log Message:
-----------
Cherry-pick 287506@main (d78f8ae748e3).
https://bugs.webkit.org/show_bug.cgi?id=284132
JSC::JSValue convert of JSConverter<IDLRecord<K, V>> crashes when
converting an input WebCore::IDLRecord<WebCore::IDLUSVString,
WebCore::IDLUnion<WebCore::IDLUndefined, WebCore::IDLUSVString>>
https://bugs.webkit.org/show_bug.cgi?id=284132
rdar://141017497
Reviewed by Chris Dumez and Sihui Liu.
According to spec https://webidl.spec.whatwg.org/#js-record, we should use
<bool createDataProperty(JSGlobalObject*, PropertyName, JSValue, bool
shouldThrow)> to convert a native object to a IDL Record, not putDirect which
is what's currently implemented and incorrectly assumes that the input property
name is not an index.
* LayoutTests/js/dom/webidl-type-mapping-expected.txt:
* LayoutTests/js/dom/webidl-type-mapping.html:
* Source/WebCore/bindings/js/JSDOMConvertRecord.h:
Canonical link: https://commits.webkit.org/287506@main
Canonical link: https://commits.webkit.org/282416.412@webkitglib/2.46
Commit: c8b37e7361b3dfe36d08bd5e6d522086413adf16
https://github.com/WebKit/WebKit/commit/c8b37e7361b3dfe36d08bd5e6d522086413adf16
Author: Tim Nguyen <[email protected]>
Date: 2025-01-29 (Wed, 29 Jan 2025)
Changed paths:
M LayoutTests/inspector/css/getMatchedStylesForNodeBackdropPseudoId.html
A
LayoutTests/inspector/css/getMatchedStylesForNodeViewTransitionPseudoElements-expected.txt
A
LayoutTests/inspector/css/getMatchedStylesForNodeViewTransitionPseudoElements.html
M Source/WebCore/inspector/agents/InspectorCSSAgent.cpp
Log Message:
-----------
Cherry-pick 287254@main (c303cfb174dd).
https://bugs.webkit.org/show_bug.cgi?id=283574
Web Inspector crashes due to using erroneous `PseudoElementIdentifier`
https://bugs.webkit.org/show_bug.cgi?id=283574
rdar://140243623
Reviewed by Devin Rousso.
Skip named view transition pseudo-elements until we're able to pass a
proper `PseudoElementIdentifier` into
`pseudoStyleRulesForElement`, and once we properly support named view
transition pseudo-elements.
* LayoutTests/inspector/css/getMatchedStylesForNodeBackdropPseudoId.html:
*
LayoutTests/inspector/css/getMatchedStylesForNodeViewTransitionPseudoElements-expected.txt:
Added.
*
LayoutTests/inspector/css/getMatchedStylesForNodeViewTransitionPseudoElements.html:
Added.
* Source/WebCore/inspector/agents/InspectorCSSAgent.cpp:
(WebCore::InspectorCSSAgent::getMatchedStylesForNode):
Canonical link: https://commits.webkit.org/287254@main
Canonical link: https://commits.webkit.org/282416.413@webkitglib/2.46
Compare: https://github.com/WebKit/WebKit/compare/33766a2ff194...c8b37e7361b3
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
