Branch: refs/heads/webkitglib/2.48
Home: https://github.com/WebKit/WebKit
Commit: b5c5d8947aabcbbe857aacef3f802d0b2ef92027
https://github.com/WebKit/WebKit/commit/b5c5d8947aabcbbe857aacef3f802d0b2ef92027
Author: Nikolas Zimmermann <[email protected]>
Date: 2025-10-09 (Thu, 09 Oct 2025)
Changed paths:
M Source/WebCore/html/HTMLMediaElement.cpp
Log Message:
-----------
Cherry-pick 301219@main (3c79ffefbb7c).
https://bugs.webkit.org/show_bug.cgi?id=300393
HTMLMediaElement: Fix two uninitialized member variables
https://bugs.webkit.org/show_bug.cgi?id=300393
Reviewed by Alicia Boya Garcia.
m_buffering / m_stalled were missing in the initializer list.
Initialize them to false -- ideally the whole variable initialization
should move to the header where those variables are declared.
Covered by e.g.
imported/w3c/web-platform-tests/media-source/mediasource-append-buffer.html.
* Source/WebCore/html/HTMLMediaElement.cpp:
Canonical link: https://commits.webkit.org/301219@main
Canonical link: https://commits.webkit.org/290945.406@webkitglib/2.48
Commit: fcef5dde11af2340f4ba78f575f2ea84bced0e27
https://github.com/WebKit/WebKit/commit/fcef5dde11af2340f4ba78f575f2ea84bced0e27
Author: Ryan Reno <[email protected]>
Date: 2025-10-14 (Tue, 14 Oct 2025)
Changed paths:
M Source/WebCore/page/Navigation.cpp
Log Message:
-----------
Cherry-pick 301357@main (2b43f90a5e59).
https://bugs.webkit.org/show_bug.cgi?id=300536
Missed optional value check in Navigation::canGoBack and
Navigation::canGoForward can cause a crash.
https://bugs.webkit.org/show_bug.cgi?id=300536
rdar://129921367
Reviewed by Rupin Mittal.
The Navigation.canGoBack/canGoForward properties can be accessed when we
don't have a current index.
This adds a check to see if the optional value is engaged before we try to
dereference it.
No tests as there's no new behavior.
* Source/WebCore/page/Navigation.cpp:
(WebCore::Navigation::canGoBack const):
(WebCore::Navigation::canGoForward const):
Canonical link: https://commits.webkit.org/301357@main
Canonical link: https://commits.webkit.org/290945.407@webkitglib/2.48
Commit: 3de6e63e79b860d58c93a4f8e1705b0bfc44aa70
https://github.com/WebKit/WebKit/commit/3de6e63e79b860d58c93a4f8e1705b0bfc44aa70
Author: Ruthvik Konda <[email protected]>
Date: 2025-10-14 (Tue, 14 Oct 2025)
Changed paths:
A LayoutTests/ipc/decode-feConvolveMatrix-kernelSize-overflow-expected.txt
A LayoutTests/ipc/decode-feConvolveMatrix-kernelSize-overflow.html
M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
Log Message:
-----------
Cherry-pick 301246@main (97d27fbddaca).
https://bugs.webkit.org/show_bug.cgi?id=300303
Fix integer overflow during FEConvolveMatrix IPC decoder validator
https://bugs.webkit.org/show_bug.cgi?id=300303
rdar://161647030
Reviewed by Mike Wyrzykowski.
In the IPC decoder validator for FEConvolveMatrix, the kernelSize()->area()
overflows if given large width and height values. This causes a crash in
GPUP.
The fix is to use unclampedArea() which will never overflow.
The fuzzer test case is altered slightly to consume the DidInitialize
message
that gets sent back to WebContent to prevent it from reaching the dummy
MessageReceiver
and hitting ASSERT_NOT_REACHED()
Test: ipc/decode-feConvolveMatrix-kernelSize-overflow.html
* LayoutTests/ipc/decode-feConvolveMatrix-kernelSize-overflow-expected.txt:
Added.
* LayoutTests/ipc/decode-feConvolveMatrix-kernelSize-overflow.html: Added.
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
Canonical link: https://commits.webkit.org/301246@main
Canonical link: https://commits.webkit.org/290945.408@webkitglib/2.48
Commit: 3fc54964d288c6421090f687c65382b98fb3aa0d
https://github.com/WebKit/WebKit/commit/3fc54964d288c6421090f687c65382b98fb3aa0d
Author: Youenn Fablet <[email protected]>
Date: 2025-10-14 (Tue, 14 Oct 2025)
Changed paths:
M LayoutTests/http/wpt/mediastream/worker-mediastreamtrack.worker.js
M LayoutTests/webrtc/video.html
M Source/WebCore/Modules/mediastream/MediaStreamTrack.cpp
Log Message:
-----------
Cherry-pick 300017@main (547b9eb67f0c).
https://bugs.webkit.org/show_bug.cgi?id=298060
ASSERTION FAILED: !std::isnan(value) -
RTCRtpReceiver-track-settings.tentative.html WPT test case
https://bugs.webkit.org/show_bug.cgi?id=298060
rdar://159882460
Reviewed by Jean-Yves Avenard.
We do not expose width and height if their value is zero.
This also prevents aspectration value to be NaN.
Instead they will be undefined, which aligns with Chrome and Firefox.
* LayoutTests/http/wpt/mediastream/worker-mediastreamtrack.worker.js:
(promise_test.async t):
* LayoutTests/webrtc/video.html:
* Source/WebCore/Modules/mediastream/MediaStreamTrack.cpp:
(WebCore::MediaStreamTrack::getSettings const):
Canonical link: https://commits.webkit.org/300017@main
Canonical link: https://commits.webkit.org/290945.409@webkitglib/2.48
Compare: https://github.com/WebKit/WebKit/compare/74691bd47c1c...3fc54964d288
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
