Branch: refs/heads/webkitglib/2.52
Home: https://github.com/WebKit/WebKit
Commit: 83368093edaf69b2f3d598bf66a085676a641fc7
https://github.com/WebKit/WebKit/commit/83368093edaf69b2f3d598bf66a085676a641fc7
Author: Kristian Monsen <[email protected]>
Date: 2026-05-04 (Mon, 04 May 2026)
Changed paths:
A LayoutTests/ipc/register-mdns-name-unpaired-surrogate-crash-expected.txt
A LayoutTests/ipc/register-mdns-name-unpaired-surrogate-crash.html
M Source/WTF/wtf/text/StringImpl.h
Log Message:
-----------
Cherry-pick 312057@main (fd0db67fd877).
https://bugs.webkit.org/show_bug.cgi?id=313333
[WTF] Fix crash in utf8ForCharacters when string ends with unpaired
surrogate
https://bugs.webkit.org/show_bug.cgi?id=313333
rdar://174924192
Reviewed by Yusuke Suzuki.
Replace grow with resize so the buffer is set to exactly characters.size()
* 3 bytes, satisfying the assert regardless of what simdutf estimated.
Test: ipc/register-mdns-name-unpaired-surrogate-crash.html
* LayoutTests/ipc/register-mdns-name-unpaired-surrogate-crash-expected.txt:
Added.
* LayoutTests/ipc/register-mdns-name-unpaired-surrogate-crash.html: Added.
* Source/WTF/wtf/text/StringImpl.h:
(WTF::StringImpl::tryGetUTF8ForCharacters):
Canonical link: https://commits.webkit.org/312057@main
Canonical link: https://commits.webkit.org/305877.463@webkitglib/2.52
Commit: e7d39c927b06026c29e458240ade9ec28cda5cac
https://github.com/WebKit/WebKit/commit/e7d39c927b06026c29e458240ade9ec28cda5cac
Author: Fady Farag <[email protected]>
Date: 2026-05-04 (Mon, 04 May 2026)
Changed paths:
M
Source/WebCore/style/values/primitives/StylePrimitiveNumericTypes+Conversions.h
Log Message:
-----------
Cherry-pick 311969@main (f7956b81207f).
https://bugs.webkit.org/show_bug.cgi?id=313092
Address Use-After-Move in primitives/StylePrimitiveNumericTypes+Conversions
https://bugs.webkit.org/show_bug.cgi?id=313092
rdar://175388744
Reviewed by Sam Weinig.
This fixes a use-after-move where the use and forward are unsequenced.
*
Source/WebCore/style/values/primitives/StylePrimitiveNumericTypes+Conversions.h:
Canonical link: https://commits.webkit.org/311969@main
Canonical link: https://commits.webkit.org/305877.464@webkitglib/2.52
Commit: 6476b06fc3f21eb5afef074765c0f2c7517f28d2
https://github.com/WebKit/WebKit/commit/6476b06fc3f21eb5afef074765c0f2c7517f28d2
Author: Chris Dumez <[email protected]>
Date: 2026-05-04 (Mon, 04 May 2026)
Changed paths:
M Source/WebKit/NetworkProcess/cache/NetworkCacheStorage.cpp
Log Message:
-----------
Cherry-pick 312200@main (a888adce0991).
https://bugs.webkit.org/show_bug.cgi?id=313537
Fix use-after-move in Storage::storeBodyAsBlob()
https://bugs.webkit.org/show_bug.cgi?id=313537
Reviewed by Anne van Kesteren.
Fix use-after-move of `blob` in Storage::storeBodyAsBlob(). It was moved
into the lambda capture and later on returned by the function.
* Source/WebKit/NetworkProcess/cache/NetworkCacheStorage.cpp:
(WebKit::NetworkCache::Storage::storeBodyAsBlob):
Canonical link: https://commits.webkit.org/312200@main
Canonical link: https://commits.webkit.org/305877.465@webkitglib/2.52
Commit: c03ce1b850ef71caf4ee1a5afd3a167969466305
https://github.com/WebKit/WebKit/commit/c03ce1b850ef71caf4ee1a5afd3a167969466305
Author: Tyler Wilcock <[email protected]>
Date: 2026-05-04 (Mon, 04 May 2026)
Changed paths:
M Source/WebCore/accessibility/AXLiveRegionManager.cpp
Log Message:
-----------
Cherry-pick 311773@main (4a5a2da864a3).
https://bugs.webkit.org/show_bug.cgi?id=312823
AX: AXLiveRegionManager::buildLiveRegionSnapshot can hang when iterating
giant live regions
https://bugs.webkit.org/show_bug.cgi?id=312823
rdar://175190959
Reviewed by Joshua Hoffman.
Web developers can pack arbitrary amounts of content into a live region,
causing
buildLiveRegionSnapshot to walk an unbounded accessibility tree and hang
the web
content process. Add a shared counter (maximumSnapshotObjects = 512) that
caps the
total objects visited across both the main buildObjectList walk and the
collectDescendants
walk for atomic regions.
* Source/WebCore/accessibility/AXLiveRegionManager.cpp:
(WebCore::AXLiveRegionManager::buildLiveRegionSnapshot const):
Canonical link: https://commits.webkit.org/311773@main
Canonical link: https://commits.webkit.org/305877.466@webkitglib/2.52
Compare: https://github.com/WebKit/WebKit/compare/b7eabfc1efa4...c03ce1b850ef
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
