Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 68444c069c56a73e006e8a17f378bba3977e1530
https://github.com/WebKit/WebKit/commit/68444c069c56a73e006e8a17f378bba3977e1530
Author: Youenn Fablet <you...@apple.com>
Date: 2025-04-04 (Fri, 04 Apr 2025)
Changed paths:
M Source/WebCore/platform/cocoa/SharedVideoFrameInfo.mm
M Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
A Tools/TestWebKitAPI/Tests/WebCore/cocoa/SharedVideoFrame.mm
Log Message:
-----------
[CoreIPC] [GPU] SharedVideoFrameInfo::copyToCVPixelBufferPlane can crash
rdar://142965165
Reviewed by Chris Dumez and Eric Carlson.
Make sure to use alpha row size to compute storage size instead of relying on
the size being the same as plane A.
We also fix an issue in SharedVideoFrameInfo::decode where we were not checking
for planeAlpha size being correctly decoded.
Covered by added unit test.
* Source/WebCore/platform/cocoa/SharedVideoFrameInfo.mm:
(WebCore::SharedVideoFrameInfo::storageSize const):
(WebCore::SharedVideoFrameInfo::decode):
* Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* Tools/TestWebKitAPI/Tests/WebCore/cocoa/SharedVideoFrame.mm: Added.
(TestWebKitAPI::TEST(WebCore, SharedVideoFramePlaneAlphaSize)):
Originally-landed-as: 283286.629@safari-7620-branch (55b915bbbe64).
rdar://148113842
Canonical link: https://commits.webkit.org/293226@main
Commit: 575e5800d5bb22154d85b97fc97d6380467570f3
https://github.com/WebKit/WebKit/commit/575e5800d5bb22154d85b97fc97d6380467570f3
Author: Antti Koivisto <an...@apple.com>
Date: 2025-04-04 (Fri, 04 Apr 2025)
Changed paths:
A LayoutTests/fast/css/transform-translate-parsing-crash-expected.txt
A LayoutTests/fast/css/transform-translate-parsing-crash.html
M Source/WebCore/css/parser/CSSParserFastPaths.cpp
Log Message:
-----------
Crash in transform fast-path parsing
https://bugs.webkit.org/show_bug.cgi?id=286462
rdar://142276253
Reviewed by Darin Adler.
* LayoutTests/fast/css/transform-translate-parsing-crash-expected.txt: Added.
* LayoutTests/fast/css/transform-translate-parsing-crash.html: Added.
* Source/WebCore/css/parser/CSSParserFastPaths.cpp:
(WebCore::parseSimpleTransformValue):
Check we don't access out of bounds indexes.
Originally-landed-as: 283286.630@safari-7620-branch (c09afb6b82bf).
rdar://148113678
Canonical link: https://commits.webkit.org/293227@main
Commit: bc947c0ebff07ee10ab46f3355fab5bd39c498b7
https://github.com/WebKit/WebKit/commit/bc947c0ebff07ee10ab46f3355fab5bd39c498b7
Author: Sihui Liu <sihui_...@apple.com>
Date: 2025-04-04 (Fri, 04 Apr 2025)
Changed paths:
M Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp
Log Message:
-----------
Do not start new transaction when there is active version change transcation
rdar://142170054
Reviewed by Brady Eidson.
According to spec
(https://w3c.github.io/IndexedDB/#upgrade-transaction-construct), version
change (or upgrade)
transaction has exclusive access to database. The current implementation
enforces this on client side (web process) by
not adding new transaction on server when there is ongoing version change
transaction. This patch adds this check to
server side since web process could be compromised and schedule transactions
unexpectedly.
* Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp:
(WebCore::IDBServer::UniqueIDBDatabase::takeNextRunnableTransaction):
Originally-landed-as: 283286.631@safari-7620-branch (43d9bdf80277).
rdar://148113398
Canonical link: https://commits.webkit.org/293228@main
Commit: 748ddeef771ce19321938c24ac4b2a06af3cb89e
https://github.com/WebKit/WebKit/commit/748ddeef771ce19321938c24ac4b2a06af3cb89e
Author: Daniel Liu <daniel_l...@apple.com>
Date: 2025-04-04 (Fri, 04 Apr 2025)
Changed paths:
A JSTests/wasm/stress/bbq-fusedif-register-alloc.js
M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp
Log Message:
-----------
BBQ FusedIf should propagate allocated scratch register to new block
https://bugs.webkit.org/show_bug.cgi?id=286512
rdar://142474221
Reviewed by Yusuke Suzuki.
Since FusedIf allocates a scratch register, the new block created by
FusedIf needs to be aware of this allocation, or else it may try to
allocate another register in the same place.
* Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::addFusedIfCompare):
Originally-landed-as: 283286.632@safari-7620-branch (4af308c795b6).
rdar://148112940
Canonical link: https://commits.webkit.org/293229@main
Compare: https://github.com/WebKit/WebKit/compare/fac0c0fda49a...748ddeef771c
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
