[webkit-changes] [WebKit/WebKit] c1ba45: Cherry-pick 299363@main (3b9e70010b83). https://bu...

Tue, 02 Dec 2025 12:26:05 -0800 

  Branch: refs/heads/webkitglib/2.50
  Home:   https://github.com/WebKit/WebKit
  Commit: c1ba45eabe1e787340821bcbdab4f52e3b00f223
      
https://github.com/WebKit/WebKit/commit/c1ba45eabe1e787340821bcbdab4f52e3b00f223
  Author: Charlie Wolfe <[email protected]>
  Date:   2025-11-19 (Wed, 19 Nov 2025)

  Changed paths:
    M Source/WebCore/history/BackForwardCache.cpp
    M Tools/TestWebKitAPI/Tests/WTF/HashMap.cpp

  Log Message:
  -----------
  Cherry-pick 299363@main (3b9e70010b83). 
https://bugs.webkit.org/show_bug.cgi?id=290985

    REGRESSION (macOS 15.4): Eclipse crashes in 
BackForwardCache::markPagesForContentsSizeChanged
    https://bugs.webkit.org/show_bug.cgi?id=290985
    rdar://157132323

    Reviewed by Michael Catanzaro.

    In WebKitLegacy, m_cachedPageMap can be iterated while cached pages are 
being pruned. When this happens,
    the std::unique_ptr<CachedPage> remains in the map during ~CachedPage, but 
the unique_ptr is nulled,
    which can lead to a crash in the CachedPage destructor. We can avoid this 
by ensuring that the CachedPage
    is removed from the HashMap before its destructor is executed, which this 
change does.

    I’ve had trouble creating a layout test that hit this crash, but I have 
added tests that shows the
    HashMap behavior that leads to it.

    * Source/WebCore/history/BackForwardCache.cpp:
    (WebCore::BackForwardCache::prune):
    * Tools/TestWebKitAPI/Tests/WTF/HashMap.cpp:
    (TestWebKitAPI::TEST(WTF_HashMap, Set_Reenter)):
    (TestWebKitAPI::TEST(WTF_HashMap, Take_Set_Reenter)):

    Canonical link: https://commits.webkit.org/299363@main

Canonical link: https://commits.webkit.org/298234.296@webkitglib/2.50


  Commit: 730bffd856d2a1e56dd3bd2a0702282f19c5242a
      
https://github.com/WebKit/WebKit/commit/730bffd856d2a1e56dd3bd2a0702282f19c5242a
  Author: Adrian Perez de Castro <[email protected]>
  Date:   2025-11-20 (Thu, 20 Nov 2025)

  Changed paths:
    M Source/WebCore/Modules/credentialmanagement/BasicCredential.idl

  Log Message:
  -----------
  Unreviewed build fix after 298234.287@webkitglib/2.50

* Source/WebCore/Modules/credentialmanagement/BasicCredential.idl:
Remove the CustomToJSObject flag to avoid a link error due to an
undefined toJS() symbol, letting the binding generator write the
function is enough for the Google Accounts quirk to work.

Canonical link: https://commits.webkit.org/298234.297@webkitglib/2.50


Compare: https://github.com/WebKit/WebKit/compare/afc42aa21304...730bffd856d2

To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to