Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: eb40e825f8eead8459655be10537d314077547b6
https://github.com/WebKit/WebKit/commit/eb40e825f8eead8459655be10537d314077547b6
Author: Alex Christensen <achristen...@apple.com>
Date: 2025-04-03 (Thu, 03 Apr 2025)
Changed paths:
M Source/WebKit/Shared/WebProcessDataStoreParameters.h
M Source/WebKit/Shared/WebProcessDataStoreParameters.serialization.in
M Source/WebKit/UIProcess/WebProcessPool.cpp
M Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm
Log Message:
-----------
Remove sandbox access to cookie directory from web content process
https://bugs.webkit.org/show_bug.cgi?id=284993
rdar://141741137
Reviewed by Charlie Wolfe.
In ye olden days, we used to do networking in the web content process.
Now we don't, so we don't need access to the cookie file any more.
* Source/WebKit/Shared/WebProcessDataStoreParameters.h:
* Source/WebKit/Shared/WebProcessDataStoreParameters.serialization.in:
* Source/WebKit/UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::webProcessDataStoreParameters):
* Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformSetWebsiteDataStoreParameters):
Originally-landed-as: 283286.612@safari-7620-branch (30bbe120cc59).
rdar://148117103
Canonical link: https://commits.webkit.org/293167@main
Commit: a12f52cb55e9cb5edd32755633e1735b5e8ee9d8
https://github.com/WebKit/WebKit/commit/a12f52cb55e9cb5edd32755633e1735b5e8ee9d8
Author: Yusuke Suzuki <ysuz...@apple.com>
Date: 2025-04-03 (Thu, 03 Apr 2025)
Changed paths:
A LayoutTests/js/dom/resizable-array-buffer-do-not-crash-expected.txt
A LayoutTests/js/dom/resizable-array-buffer-do-not-crash.html
A LayoutTests/js/dom/script-tests/resizable-array-buffer-do-not-crash.js
M Source/JavaScriptCore/runtime/ArrayBufferView.h
Log Message:
-----------
[JSC] Fix incorrect OOB condition for resizable ArrayBuffer in C++ wrapper
code
https://bugs.webkit.org/show_bug.cgi?id=285876
rdar://141269480
Reviewed by Yijia Huang and Keith Miller.
OOB checking condition is not correct for resizable ArrayBuffer when it
is used with C++ wrapper code. This patch fixes it.
* LayoutTests/js/dom/resizable-array-buffer-do-not-crash-expected.txt: Added.
* LayoutTests/js/dom/resizable-array-buffer-do-not-crash.html: Added.
* LayoutTests/js/dom/script-tests/resizable-array-buffer-do-not-crash.js: Added.
(main):
* Source/JavaScriptCore/runtime/ArrayBufferView.h:
(JSC::ArrayBufferView::byteOffset const):
(JSC::ArrayBufferView::byteLength const):
Originally-landed-as: 283286.614@safari-7620-branch (604d4327862d).
rdar://148116771
Canonical link: https://commits.webkit.org/293168@main
Commit: 71951f425f93be30777569a3c24cfed962f1985a
https://github.com/WebKit/WebKit/commit/71951f425f93be30777569a3c24cfed962f1985a
Author: Yusuke Suzuki <ysuz...@apple.com>
Date: 2025-04-03 (Thu, 03 Apr 2025)
Changed paths:
A JSTests/stress/eval-call-should-update-top-frame.js
M Source/JavaScriptCore/jit/JITOperations.cpp
Log Message:
-----------
[JSC] Eval call operations should update VM::topCallFrame
https://bugs.webkit.org/show_bug.cgi?id=285892
rdar://140795825
Reviewed by Yijia Huang.
Eval operations should update VM::topCallFrame to prepare for throwing
an error for OOM of input string resolution.
* JSTests/stress/eval-call-should-update-top-frame.js: Added.
* Source/JavaScriptCore/jit/JITOperations.cpp:
(JSC::JSC_DEFINE_JIT_OPERATION):
Originally-landed-as: 283286.615@safari-7620-branch (2d42b44d8073).
rdar://148116678
Canonical link: https://commits.webkit.org/293169@main
Commit: ab73d23c3e07779c07ddec0cb7653bd94271a867
https://github.com/WebKit/WebKit/commit/ab73d23c3e07779c07ddec0cb7653bd94271a867
Author: Ryosuke Niwa <rn...@webkit.org>
Date: 2025-04-03 (Thu, 03 Apr 2025)
Changed paths:
M Source/WebKit/Shared/Cocoa/CoreIPCError.mm
Log Message:
-----------
[IPC][Hardening] CoreIPCError should ensure NSErrorFailingURLKey and
NSErrorFailingURLStringKey contain the same value
https://bugs.webkit.org/show_bug.cgi?id=285680
rdar://140567340
Reviewed by Wenson Hsieh and Sihui Liu.
Treat NSError with deferring NSErrorFailingURLKey and
NSErrorFailingURLStringKey as invalid.
* Source/WebKit/Shared/Cocoa/CoreIPCError.mm:
(WebKit::CoreIPCError::hasValidUserInfo):
Originally-landed-as: 283286.617@safari-7620-branch (22fa685170fe).
rdar://148116349
Canonical link: https://commits.webkit.org/293170@main
Commit: d7bd7d8f7cdf153da2bc16ed461eb3c72066b2d8
https://github.com/WebKit/WebKit/commit/d7bd7d8f7cdf153da2bc16ed461eb3c72066b2d8
Author: Keith Miller <keith_mil...@apple.com>
Date: 2025-04-03 (Thu, 03 Apr 2025)
Changed paths:
A JSTests/stress/static-private-fields-dont-need-property-conditions.js
M Source/JavaScriptCore/bytecode/Repatch.cpp
Log Message:
-----------
[JSC] Puts to private fields shouldn't generate property conditions
https://bugs.webkit.org/show_bug.cgi?id=285643
rdar://142585218
Reviewed by Yusuke Suzuki.
Private fields shouldn't generate property conditions this is because:
1) Private fields are always own properties so we should never walk the
prototype chain.
2) Private names are constants in the function rather than part of the code
block or IC.
We could solve (2) by having the CodeBlock's ICs reference the private name but
that's not useful
anyway because we don't need to walk the prototype chain.
* JSTests/stress/static-private-fields-dont-need-property-conditions.js: Added.
(f0):
(catch):
(const.v12.of.v3.):
(const.v12.of.v3):
* Source/JavaScriptCore/bytecode/Repatch.cpp:
(JSC::tryCacheGetBy):
(JSC::tryCachePutBy):
(JSC::tryCacheInBy):
Originally-landed-as: 283286.618@safari-7620-branch (222ba8af1970).
rdar://148116227
Canonical link: https://commits.webkit.org/293171@main
Compare: https://github.com/WebKit/WebKit/compare/d1a0fc5ff8de...d7bd7d8f7cdf
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
