Branch: refs/heads/webkitglib/2.50
Home: https://github.com/WebKit/WebKit
Commit: 371835a730707fb49db5263c38a62b3159e435a1
https://github.com/WebKit/WebKit/commit/371835a730707fb49db5263c38a62b3159e435a1
Author: Jer Noble <[email protected]>
Date: 2025-10-14 (Tue, 14 Oct 2025)
Changed paths:
M Source/WebKit/SaferCPPExpectations/UnretainedCallArgsCheckerExpectations
M Source/WebKit/UIProcess/WebFullScreenManagerProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/mac/WKFullScreenWindowController.mm
Log Message:
-----------
Cherry-pick 301388@main (8c4ef631f4ab).
https://bugs.webkit.org/show_bug.cgi?id=300522
CRASH in WebFullScreenManagerProxy::~WebFullScreenManagerProxy()
rdar://161686617
https://bugs.webkit.org/show_bug.cgi?id=300522
Reviewed by Simon Fraser.
Crash logs show an increase in crashes in the WebFullScreenManagerProxy
destructor,
called from the WebPageProxy destructor. It should be an impossible case to
hit the
destructor of the WebPageProxy without first having that page's close()
method called,
but that code path doesn't result in the fullscreen manager being torn down.
Close out the WebFullScreenManagerProxy when WebPageProxy is called, and for
full safety, clear out the client pointer by calling detachFromClient()
in the WebFullScreenManagerProxy destructor.
Additionally, existing tests discovered places in
WKFullScreenWindowController where
a RefPtr was used un-guarded, causing crashes during testing. These have
been turned
into guarded checks.
Canonical link: https://commits.webkit.org/301388@main
Canonical link: https://commits.webkit.org/298234.192@webkitglib/2.50
Commit: dabee4b0a82dd7ce02f08617b19a8e98e4f46b5d
https://github.com/WebKit/WebKit/commit/dabee4b0a82dd7ce02f08617b19a8e98e4f46b5d
Author: Ryan Reno <[email protected]>
Date: 2025-10-14 (Tue, 14 Oct 2025)
Changed paths:
M Source/WebCore/page/Navigation.cpp
Log Message:
-----------
Cherry-pick 301357@main (2b43f90a5e59).
https://bugs.webkit.org/show_bug.cgi?id=300536
Missed optional value check in Navigation::canGoBack and
Navigation::canGoForward can cause a crash.
https://bugs.webkit.org/show_bug.cgi?id=300536
rdar://129921367
Reviewed by Rupin Mittal.
The Navigation.canGoBack/canGoForward properties can be accessed when we
don't have a current index.
This adds a check to see if the optional value is engaged before we try to
dereference it.
No tests as there's no new behavior.
* Source/WebCore/page/Navigation.cpp:
(WebCore::Navigation::canGoBack const):
(WebCore::Navigation::canGoForward const):
Canonical link: https://commits.webkit.org/301357@main
Canonical link: https://commits.webkit.org/298234.193@webkitglib/2.50
Commit: c6337f6960a8f944c386afa7ed9095fc91a8fbbf
https://github.com/WebKit/WebKit/commit/c6337f6960a8f944c386afa7ed9095fc91a8fbbf
Author: Nipun Shukla <[email protected]>
Date: 2025-10-14 (Tue, 14 Oct 2025)
Changed paths:
A LayoutTests/webaudio/audioworklet-does-not-leak-expected.txt
A LayoutTests/webaudio/audioworklet-does-not-leak.html
A LayoutTests/webaudio/resources/audioworklet-leak-test-frame.html
M Source/WebCore/Modules/webaudio/AudioWorkletMessagingProxy.cpp
M Source/WebCore/Modules/webaudio/AudioWorkletMessagingProxy.h
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
Log Message:
-----------
Cherry-pick 301328@main (eadd64122b83).
https://bugs.webkit.org/show_bug.cgi?id=299312
[World Leaks] Investigate leaks in
LayoutTests/imported/w3c/web-platform-tests/webaudio/the-audio-api/the-audioworklet-interface/
https://bugs.webkit.org/show_bug.cgi?id=299312
rdar://161118548
Reviewed by Chris Dumez.
AudioWorkletMessagingProxy holds a strong const Ref<Document>. Removing
this reference and
using a ScriptExecutionContextIdentifier to post tasks when necessary fixes
approximately
30 leaky tests.
Test: webaudio/audioworklet-does-not-leak.html
* LayoutTests/webaudio/audioworklet-does-not-leak-expected.txt: Added.
* LayoutTests/webaudio/audioworklet-does-not-leak.html: Added.
* LayoutTests/webaudio/resources/audioworklet-leak-test-frame.html: Added.
* Source/WebCore/Modules/webaudio/AudioWorkletMessagingProxy.cpp:
(WebCore::AudioWorkletMessagingProxy::AudioWorkletMessagingProxy):
(WebCore::AudioWorkletMessagingProxy::createRTCDataChannelRemoteHandlerConnection):
(WebCore::AudioWorkletMessagingProxy::loaderContextIdentifier const):
(WebCore::AudioWorkletMessagingProxy::postTaskToLoader):
(WebCore::AudioWorkletMessagingProxy::postTaskToAudioWorklet):
* Source/WebCore/Modules/webaudio/AudioWorkletMessagingProxy.h:
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::messagePortDisentangled):
Canonical link: https://commits.webkit.org/301328@main
Canonical link: https://commits.webkit.org/298234.194@webkitglib/2.50
Commit: da71e81d4993dc9274e2b3462d0fa4558beaaa78
https://github.com/WebKit/WebKit/commit/da71e81d4993dc9274e2b3462d0fa4558beaaa78
Author: Ruthvik Konda <[email protected]>
Date: 2025-10-14 (Tue, 14 Oct 2025)
Changed paths:
A LayoutTests/ipc/decode-feConvolveMatrix-kernelSize-overflow-expected.txt
A LayoutTests/ipc/decode-feConvolveMatrix-kernelSize-overflow.html
M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
Log Message:
-----------
Cherry-pick 301246@main (97d27fbddaca).
https://bugs.webkit.org/show_bug.cgi?id=300303
Fix integer overflow during FEConvolveMatrix IPC decoder validator
https://bugs.webkit.org/show_bug.cgi?id=300303
rdar://161647030
Reviewed by Mike Wyrzykowski.
In the IPC decoder validator for FEConvolveMatrix, the kernelSize()->area()
overflows if given large width and height values. This causes a crash in
GPUP.
The fix is to use unclampedArea() which will never overflow.
The fuzzer test case is altered slightly to consume the DidInitialize
message
that gets sent back to WebContent to prevent it from reaching the dummy
MessageReceiver
and hitting ASSERT_NOT_REACHED()
Test: ipc/decode-feConvolveMatrix-kernelSize-overflow.html
* LayoutTests/ipc/decode-feConvolveMatrix-kernelSize-overflow-expected.txt:
Added.
* LayoutTests/ipc/decode-feConvolveMatrix-kernelSize-overflow.html: Added.
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
Canonical link: https://commits.webkit.org/301246@main
Canonical link: https://commits.webkit.org/298234.195@webkitglib/2.50
Commit: 8adb5acfcbbcdb63415cbe83a91991988db4b8aa
https://github.com/WebKit/WebKit/commit/8adb5acfcbbcdb63415cbe83a91991988db4b8aa
Author: Youenn Fablet <[email protected]>
Date: 2025-10-14 (Tue, 14 Oct 2025)
Changed paths:
M LayoutTests/http/wpt/mediastream/worker-mediastreamtrack.worker.js
M LayoutTests/webrtc/video.html
M Source/WebCore/Modules/mediastream/MediaStreamTrack.cpp
Log Message:
-----------
Cherry-pick 300017@main (547b9eb67f0c).
https://bugs.webkit.org/show_bug.cgi?id=298060
ASSERTION FAILED: !std::isnan(value) -
RTCRtpReceiver-track-settings.tentative.html WPT test case
https://bugs.webkit.org/show_bug.cgi?id=298060
rdar://159882460
Reviewed by Jean-Yves Avenard.
We do not expose width and height if their value is zero.
This also prevents aspectration value to be NaN.
Instead they will be undefined, which aligns with Chrome and Firefox.
* LayoutTests/http/wpt/mediastream/worker-mediastreamtrack.worker.js:
(promise_test.async t):
* LayoutTests/webrtc/video.html:
* Source/WebCore/Modules/mediastream/MediaStreamTrack.cpp:
(WebCore::MediaStreamTrack::getSettings const):
Canonical link: https://commits.webkit.org/300017@main
Canonical link: https://commits.webkit.org/298234.196@webkitglib/2.50
Compare: https://github.com/WebKit/WebKit/compare/30171ff68bd0...8adb5acfcbbc
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
