[webkit-changes] [WebKit/WebKit] 784f2d: Crash under SVGImageChromeClient::invalidateConten...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 784f2d33e59cc08ee43227f5730de71b9d71b4f8 https://github.com/WebKit/WebKit/commit/784f2d33e59cc08ee43227f5730de71b9d71b4f8 Author: Chris Dumez Date: 2023-10-09 (Mon, 09 Oct 2023) Changed paths: M Source/WebCore/html/ImageBitmap.cpp M Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp M Source/WebCore/loader/cache/CachedImage.h M Source/WebCore/platform/graphics/BitmapImage.cpp M Source/WebCore/platform/graphics/GraphicsContextGL.cpp M Source/WebCore/platform/graphics/Image.cpp M Source/WebCore/platform/graphics/Image.h M Source/WebCore/platform/graphics/ImageObserver.h M Source/WebCore/platform/graphics/ImageSource.cpp M Source/WebCore/platform/graphics/cg/PDFDocumentImage.cpp M Source/WebCore/platform/graphics/texmap/TextureMapperTiledBackingStore.cpp M Source/WebCore/svg/graphics/SVGImage.cpp M Source/WebCore/svg/graphics/SVGImageClients.h M Tools/TestWebKitAPI/Tests/WebCore/SVGImageCasts.cpp Log Message: --- Crash under SVGImageChromeClient::invalidateContentsAndRootView() https://bugs.webkit.org/show_bug.cgi?id=258992 rdar://111456803 Reviewed by David Kilzer. Do hardening by deploying WeakPtr instead of raw pointers for SVGImage and ImageObserver. Also make it so that we can ref an ImageObserver. * Source/WebCore/html/ImageBitmap.cpp: * Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp: (WebCore::CanvasRenderingContext2DBase::drawImage): * Source/WebCore/loader/cache/CachedImage.h: * Source/WebCore/platform/graphics/BitmapImage.cpp: (WebCore::BitmapImage::draw): (WebCore::BitmapImage::drawPattern): (WebCore::BitmapImage::internalAdvanceAnimation): (WebCore::BitmapImage::imageFrameAvailableAtIndex): * Source/WebCore/platform/graphics/GraphicsContextGL.cpp: (WebCore::GraphicsContextGL::packImageData): * Source/WebCore/platform/graphics/Image.cpp: (WebCore::Image::imageObserver const): (WebCore::Image::setImageObserver): (WebCore::Image::drawPattern): * Source/WebCore/platform/graphics/Image.h: (WebCore::Image::imageObserver const): Deleted. (WebCore::Image::setImageObserver): Deleted. * Source/WebCore/platform/graphics/ImageObserver.h: (WebCore::ImageObserver::ref): (WebCore::ImageObserver::deref): * Source/WebCore/platform/graphics/ImageSource.cpp: (WebCore::ImageSource::encodedDataStatusChanged): (WebCore::ImageSource::decodedSizeChanged): * Source/WebCore/platform/graphics/cg/PDFDocumentImage.cpp: (WebCore::PDFDocumentImage::decodedSizeChanged): (WebCore::PDFDocumentImage::draw): * Source/WebCore/platform/graphics/texmap/TextureMapperTiledBackingStore.cpp: (WebCore::TextureMapperTiledBackingStore::updateContentsFromImageIfNeeded): * Source/WebCore/svg/graphics/SVGImage.cpp: (WebCore::SVGImage::drawForContainer): (WebCore::SVGImage::nativeImage): (WebCore::SVGImage::draw): (WebCore::SVGImage::dataChanged): * Source/WebCore/svg/graphics/SVGImageClients.h: * Tools/TestWebKitAPI/Tests/WebCore/SVGImageCasts.cpp: (TestWebKitAPI::TestImageObserver::create): (TestWebKitAPI::TEST): Originally-landed-as: 265870.5@safari-7616-branch (a06556a11b58). rdar://116423674 Canonical link: https://commits.webkit.org/269092@main Commit: 5837018e94d0032fd30410fcdb1da5569c4e214d https://github.com/WebKit/WebKit/commit/5837018e94d0032fd30410fcdb1da5569c4e214d Author: Jer Noble Date: 2023-10-09 (Mon, 09 Oct 2023) Changed paths: M Source/WebKit/UIProcess/mac/WKFullScreenWindowController.mm Log Message: --- [macOS] Do not attempt to create and restore "NSAutoresizingMaskLayoutConstraint" constraints when entering fullscreen https://bugs.webkit.org/show_bug.cgi?id=257942 rdar://107387499 Reviewed by Eric Carlson. These constraints are created by the NSView's autoresizingMask property, and will be re-created with the correct contents when the view is restored to its original heirarchy. * Source/WebKit/UIProcess/mac/WKFullScreenWindowController.mm: (-[WKFullScreenWindowController enterFullScreen:]): (-[WKFullScreenWindowController _saveConstraintsOf:]): Originally-landed-as: 265870.6@safari-7616-branch (9508936a5222). rdar://116423781 Canonical link: https://commits.webkit.org/269093@main Commit: 9cefcf4d2bb361b2075a899e10798b8edea5e123 https://github.com/WebKit/WebKit/commit/9cefcf4d2bb361b2075a899e10798b8edea5e123 Author: Jer Noble Date: 2023-10-09 (Mon, 09 Oct 2023) Changed paths: M Source/WebCore/platform/graphics/iso/ISOVTTCue.cpp Log Message: --- Crash due to massive allocation in ISOStringBox::parse() https://bugs.webkit.org/show_bug.cgi?id=258677 rdar://71885 Reviewed by Eric Carlson. A malformed or malicious box may report a m_size larger than the memory passed into the parser. In this case, do not attempt to create a larger destination than is available in the source buffer. * Source/WebCore/platform/graphics/iso/ISOVTTCue.cpp: Originally-l
[webkit-changes] [WebKit/WebKit] ce446a: Fix UAF in MediaPlayerPrivateMediaStreamAVFObjC::p...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: ce446a1cea9271f198c477ab095dfa9be68a659e https://github.com/WebKit/WebKit/commit/ce446a1cea9271f198c477ab095dfa9be68a659e Author: Chirag M Shah Date: 2023-07-31 (Mon, 31 Jul 2023) Changed paths: A LayoutTests/fast/media/media-player-uaf-expected.txt A LayoutTests/fast/media/media-player-uaf.html M Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm Log Message: --- Fix UAF in MediaPlayerPrivateMediaStreamAVFObjC::processNewVideoFrame https://bugs.webkit.org/show_bug.cgi?id=256173 rdar://108504399 Reviewed by Jer Noble and Youenn Fablet. This change fixes the heap UAF on MediaPlayer element by protecting the MediaPlayer object when executing callbacks/deferred tasks on the mainThread, so that MediaPlayerPrivateMediaStreamAVFObjC remains valid. * Source/WebCore/html/HTMLMediaElement.cpp: * Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::processNewVideoFrame): (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::scheduleDeferredTask): * LayoutTests/fast/media/media-player-uaf-expected.txt: Added. * LayoutTests/fast/media/media-player-uaf.html: Added. Originally-landed-as: 259548.728@safari-7615-branch (4206d483814c). rdar://108504399 Canonical link: https://commits.webkit.org/266444@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 4733e2: Fix MemoryBackingStoreTransaction::abort to restor...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 4733e28a253a7e8e571dce8dd265b81fd5990875 https://github.com/WebKit/WebKit/commit/4733e28a253a7e8e571dce8dd265b81fd5990875 Author: Chirag M Shah Date: 2023-07-10 (Mon, 10 Jul 2023) Changed paths: A LayoutTests/storage/indexeddb/aborted-rename-of-index-crash-expected.txt A LayoutTests/storage/indexeddb/aborted-rename-of-index-crash.html A LayoutTests/storage/indexeddb/same-name-index-added-after-rename-transaction-abort-expected.txt A LayoutTests/storage/indexeddb/same-name-index-added-after-rename-transaction-abort.html M Source/WebCore/Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp M Source/WebCore/Modules/indexeddb/server/MemoryObjectStore.cpp M Source/WebCore/Modules/indexeddb/server/MemoryObjectStore.h Log Message: --- Fix MemoryBackingStoreTransaction::abort to restore state correctly https://bugs.webkit.org/show_bug.cgi?id=258701 rdar://111503511 Reviewed by Brady Eidson. This change fixes what happens when we abort a transaction after attempting to rename an index. Before this change MemoryObjectStore kept the new name of the index in its internal state which led to crashes. * LayoutTests/storage/indexeddb/aborted-rename-of-index-crash-expected.txt: Added. * LayoutTests/storage/indexeddb/aborted-rename-of-index-crash.html: Added. * LayoutTests/storage/indexeddb/same-name-index-added-after-rename-transaction-abort-expected.txt: Added. * LayoutTests/storage/indexeddb/same-name-index-added-after-rename-transaction-abort.html: Added. * Source/WebCore/Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp: (WebCore::IDBServer::MemoryBackingStoreTransaction::abort): * Source/WebCore/Modules/indexeddb/server/MemoryObjectStore.cpp: (WebCore::IDBServer::MemoryObjectStore::renameIndex): * Source/WebCore/Modules/indexeddb/server/MemoryObjectStore.h: (WebCore::IDBServer::MemoryObjectStore::info): Canonical link: https://commits.webkit.org/265924@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] fa9c47: Fix MemoryBackingStoreTransaction::abort to restor...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: fa9c47e4f4e1b21433aa2d2a7173489facbafde6 https://github.com/WebKit/WebKit/commit/fa9c47e4f4e1b21433aa2d2a7173489facbafde6 Author: Chirag M Shah Date: 2023-07-06 (Thu, 06 Jul 2023) Changed paths: A LayoutTests/storage/indexeddb/aborted-rename-of-index-crash-expected.txt A LayoutTests/storage/indexeddb/aborted-rename-of-index-crash.html M Source/WebCore/Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp M Source/WebCore/Modules/indexeddb/server/MemoryObjectStore.cpp M Source/WebCore/Modules/indexeddb/server/MemoryObjectStore.h Log Message: --- Fix MemoryBackingStoreTransaction::abort to restore state correctly https://bugs.webkit.org/show_bug.cgi?id=258701 rdar://111503511 Reviewed by Brady Eidson. This change fixes what happens when we abort a transaction after attempting to rename an index. Before this change MemoryObjectStore kept the new name of the index in its internal state which led to crashes. * LayoutTests/storage/indexeddb/aborted-rename-of-index-crash-expected.txt: Added. * LayoutTests/storage/indexeddb/aborted-rename-of-index-crash.html: Added. * Source/WebCore/Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp: (WebCore::IDBServer::MemoryBackingStoreTransaction::abort): * Source/WebCore/Modules/indexeddb/server/MemoryObjectStore.cpp: (WebCore::IDBServer::MemoryObjectStore::renameIndex): * Source/WebCore/Modules/indexeddb/server/MemoryObjectStore.h: (WebCore::IDBServer::MemoryObjectStore::info): Canonical link: https://commits.webkit.org/265816@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] db8fe9: REGRESSION: (264863@main) Fix regression in CSSCal...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: db8fe90cd4538413b18338e2308c9754c37fffe3 https://github.com/WebKit/WebKit/commit/db8fe90cd4538413b18338e2308c9754c37fffe3 Author: Chirag M Shah Date: 2023-06-30 (Fri, 30 Jun 2023) Changed paths: A LayoutTests/fast/css/css-calc-rem-no-children-crash-expected.txt A LayoutTests/fast/css/css-calc-rem-no-children-crash.html M Source/WebCore/css/calc/CSSCalcValue.cpp Log Message: --- REGRESSION: (264863@main) Fix regression in CSSCalcValue https://bugs.webkit.org/show_bug.cgi?id=258684 rdar://111512503 Reviewed by Antti Koivisto. This change fixes a regression introduced in rdar://109503971 where we now create a step operation with no children. This makes sense for CalcOperator::Round, but not for CalcOperator::Mod and CalcOperator::Rem * LayoutTests/fast/css/css-calc-rem-no-children-crash-expected.txt: Added. * LayoutTests/fast/css/css-calc-rem-no-children-crash.html: Added. * Source/WebCore/css/calc/CSSCalcValue.cpp: (WebCore::createCSS): Canonical link: https://commits.webkit.org/265667@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 6f4718: Fix page load hang due to empty srcObject on HTMLM...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 6f4718092396a1be34874dd06cd69dc0db43ccca https://github.com/WebKit/WebKit/commit/6f4718092396a1be34874dd06cd69dc0db43ccca Author: Chirag M Shah Date: 2023-06-28 (Wed, 28 Jun 2023) Changed paths: A LayoutTests/media/media-src-empty-page-load-hang-expected.txt A LayoutTests/media/media-src-empty-page-load-hang.html M Source/WebCore/html/HTMLMediaElement.cpp Log Message: --- Fix page load hang due to empty srcObject on HTMLMediaElement https://bugs.webkit.org/show_bug.cgi?id=258633 rdar://55451 Reviewed by Eric Carlson. This change fixes the page load which never finishes when the source object is an empty blob. This happened because we don't treat it the same as we do the source attribute, which results in the noneSupported() error handler from not being called. * LayoutTests/media/media-src-empty-page-load-hang-expected.txt: Added. * LayoutTests/media/media-src-empty-page-load-hang.html: Added. * Source/WebCore/html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::selectMediaResource): Canonical link: https://commits.webkit.org/265601@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] e045db: Support 128bits/16 bytes in FlipBytes
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: e045dbf8f0c285737179adfd1f955390b1a3e616 https://github.com/WebKit/WebKit/commit/e045dbf8f0c285737179adfd1f955390b1a3e616 Author: Chirag M Shah Date: 2023-06-15 (Thu, 15 Jun 2023) Changed paths: M Source/WTF/wtf/FlipBytes.h Log Message: --- Support 128bits/16 bytes in FlipBytes https://bugs.webkit.org/show_bug.cgi?id=258153 rdar://110421259 Reviewed by Andy Estes. struct ExtendedType inside of ISOBox.cpp expects byte flipping to work on 16 byte types in the little endian case, which is why we need to support it so that we don't end up tripping over a release assert. * Source/WTF/wtf/FlipBytes.h: (WTF::flipBytes): Canonical link: https://commits.webkit.org/265229@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 211a03: Don't reserve vector capacity <= 0 in ISOTrackEncr...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 211a030a510d221c9286ee7a4166dddf79e352e0 https://github.com/WebKit/WebKit/commit/211a030a510d221c9286ee7a4166dddf79e352e0 Author: Chirag M Shah Date: 2023-06-15 (Thu, 15 Jun 2023) Changed paths: M Source/WebCore/platform/graphics/iso/ISOTrackEncryptionBox.cpp Log Message: --- Don't reserve vector capacity <= 0 in ISOTrackEncryptionBox::parsePayload https://bugs.webkit.org/show_bug.cgi?id=258156 rdar://110421682 Reviewed by Andy Estes. This change fixes an issue where we read something which is < 0 in an int8_t and then pass it to a size_t, which results in a crash because we attempt to allocate a huge buffer to due sign conversion. * Source/WebCore/platform/graphics/iso/ISOTrackEncryptionBox.cpp: (WebCore::ISOTrackEncryptionBox::parsePayload): Canonical link: https://commits.webkit.org/265227@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 425744: Fix termination for ApplyStyleCommand::applyRelati...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 4257443adecd96d4b749c44bb898c2eada6d1497 https://github.com/WebKit/WebKit/commit/4257443adecd96d4b749c44bb898c2eada6d1497 Author: Chirag M Shah Date: 2023-06-15 (Thu, 15 Jun 2023) Changed paths: A LayoutTests/fast/editing/editing-with-design-mode-crash-expected.txt A LayoutTests/fast/editing/editing-with-design-mode-crash.html M Source/WebCore/editing/ApplyStyleCommand.cpp Log Message: --- Fix termination for ApplyStyleCommand::applyRelativeFontStyleChange https://bugs.webkit.org/show_bug.cgi?id=258145 rdar://110319440 Reviewed by Ryosuke Niwa. This change fixes applyRelativeFontStyleChange in case where a node is removed when we try to add a surrounding span, but we cannot add the node back as removal makes it so that the surrounding span isn't editable. The fix ensures that we terminate the loop when the node in question doesn't have any parent. * LayoutTests/fast/editing/editing-with-design-mode-crash-expected.txt: Added. * LayoutTests/fast/editing/editing-with-design-mode-crash.html: Added. * Source/WebCore/editing/ApplyStyleCommand.cpp: (WebCore::ApplyStyleCommand::applyRelativeFontStyleChange): Canonical link: https://commits.webkit.org/265226@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 7ce8ae: Add support for printing RenderTree for RemoteFram...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 7ce8aed08237330dbdb86c0c944e2b4ff538fb57 https://github.com/WebKit/WebKit/commit/7ce8aed08237330dbdb86c0c944e2b4ff538fb57 Author: Chirag M Shah Date: 2023-06-09 (Fri, 09 Jun 2023) Changed paths: M LayoutTests/TestExpectations A LayoutTests/http/tests/site-isolation/basic-iframe-render-output-expected.txt A LayoutTests/http/tests/site-isolation/basic-iframe-render-output.html M LayoutTests/platform/mac-wk1/TestExpectations M Source/WebCore/accessibility/AccessibilityObject.cpp M Source/WebCore/accessibility/AccessibilityRenderObject.cpp M Source/WebCore/accessibility/mac/AccessibilityObjectMac.mm M Source/WebCore/editing/FrameSelection.cpp M Source/WebCore/page/FrameView.h M Source/WebCore/page/LocalFrameView.cpp M Source/WebCore/page/LocalFrameView.h M Source/WebCore/page/RemoteFrame.cpp M Source/WebCore/page/RemoteFrame.h M Source/WebCore/page/RemoteFrameClient.h M Source/WebCore/page/RemoteFrameView.cpp M Source/WebCore/page/RemoteFrameView.h M Source/WebCore/page/ios/EventHandlerIOS.mm M Source/WebCore/page/mac/EventHandlerMac.mm M Source/WebCore/platform/Widget.h M Source/WebCore/rendering/RenderTreeAsText.cpp M Source/WebCore/rendering/RenderTreeAsText.h M Source/WebCore/rendering/RenderWidget.cpp M Source/WebKit/Scripts/webkit/messages.py M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in M Source/WebKit/UIProcess/WebProcessProxy.cpp M Source/WebKit/UIProcess/WebProcessProxy.h M Source/WebKit/UIProcess/WebProcessProxy.messages.in M Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.cpp M Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.h M Source/WebKit/WebProcess/WebProcess.cpp M Source/WebKit/WebProcess/WebProcess.h M Source/WebKit/WebProcess/WebProcess.messages.in Log Message: --- Add support for printing RenderTree for RemoteFrame(s) https://bugs.webkit.org/show_bug.cgi?id=256972 rdar://105023551 Reviewed by Alex Christensen. This change adds infrastructure so that we can get RenderTree dumps for RemoteFrame's which are not hosted in the process which gets the request to print the RenderTreeAsText * LayoutTests/http/tests/site-isolation/basic-iframe-render-output-expected.txt: Added. * LayoutTests/http/tests/site-isolation/basic-iframe-render-output.html: Added. * Source/WebCore/accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::elementAccessibilityHitTest const): * Source/WebCore/accessibility/AccessibilityRenderObject.cpp: (WebCore::AccessibilityRenderObject::addAttachmentChildren): * Source/WebCore/accessibility/mac/AccessibilityObjectMac.mm: (WebCore::AccessibilityObject::accessibilityIgnoreAttachment const): * Source/WebCore/editing/FrameSelection.cpp: (WebCore::isFrameElement): * Source/WebCore/page/FrameView.h: (isType): * Source/WebCore/page/LocalFrameView.cpp: (WebCore::LocalFrameView::writeRenderTreeAsText): * Source/WebCore/page/LocalFrameView.h: (isType): * Source/WebCore/page/RemoteFrame.cpp: (WebCore::RemoteFrame::renderTreeAsText): * Source/WebCore/page/RemoteFrame.h: * Source/WebCore/page/RemoteFrameClient.h: * Source/WebCore/page/RemoteFrameView.cpp: (WebCore::RemoteFrameView::writeRenderTreeAsText): * Source/WebCore/page/RemoteFrameView.h: * Source/WebCore/page/ios/EventHandlerIOS.mm: (WebCore::EventHandler::passSubframeEventToSubframe): * Source/WebCore/page/mac/EventHandlerMac.mm: (WebCore::EventHandler::passSubframeEventToSubframe): (WebCore::EventHandler::platformCompletePlatformWidgetWheelEvent): * Source/WebCore/platform/Widget.h: (WebCore::Widget::isLocalFrameView const): (WebCore::Widget::isFrameView const): Deleted. * Source/WebCore/rendering/RenderTreeAsText.cpp: (WebCore::write): (WebCore::externalRepresentationForLocalFrame): * Source/WebCore/rendering/RenderTreeAsText.h: (WebCore::externalRepresentationForLocalFrame): * Source/WebCore/rendering/RenderWidget.cpp: (WebCore::RenderWidget::updateWidgetGeometry): * Source/WebKit/Scripts/webkit/messages.py: (headers_for_type): * Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in: * Source/WebKit/UIProcess/WebProcessProxy.cpp: (WebKit::WebProcessProxy::renderTreeAsText): * Source/WebKit/UIProcess/WebProcessProxy.h: * Source/WebKit/UIProcess/WebProcessProxy.messages.in: * Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.cpp: (WebKit::WebRemoteFrameClient::renderTreeAsText): * Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.h: * Source/WebKit/WebProcess/WebProcess.cpp: (WebKit::WebProcess::didReceiveSyncMessage): (WebKit::WebProcess::renderTreeAsText): * Source/WebKit/WebProcess/WebProcess.h: * Source/WebKit/WebProcess/WebProcess.messages.in: Canonical link: https://commits.webkit.org/265046@main ___ webkit-changes mailing list webkit-changes@lists.webki
[webkit-changes] [WebKit/WebKit] 569bdc: Ensure we don't crash with calc(round())
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 569bdcf08cfad1bb375fb6a15a4304b3ea3a4166 https://github.com/WebKit/WebKit/commit/569bdcf08cfad1bb375fb6a15a4304b3ea3a4166 Author: Chirag M Shah Date: 2023-06-05 (Mon, 05 Jun 2023) Changed paths: M LayoutTests/fast/css/calc-parsing-expected.txt M LayoutTests/fast/css/calc-parsing.html A LayoutTests/fast/css/calc-with-round-crash-expected.txt A LayoutTests/fast/css/calc-with-round-crash.html M Source/WebCore/css/calc/CSSCalcValue.cpp Log Message: --- Ensure we don't crash with calc(round()) https://bugs.webkit.org/show_bug.cgi?id=257157 rdar://109503971 Reviewed by Darin Adler. This change fixes the crash which happens due to us discarding the children in case of a round to nearest operation. * LayoutTests/fast/css/calc-parsing-expected.txt: * LayoutTests/fast/css/calc-parsing.html: * LayoutTests/fast/css/calc-with-round-crash-expected.txt: Added. * LayoutTests/fast/css/calc-with-round-crash.html: Added. * Source/WebCore/css/calc/CSSCalcValue.cpp: (WebCore::createCSS): Canonical link: https://commits.webkit.org/264863@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] ad0f3b: Fix crash in WebCore::ManagedMediaSource::isOpen()
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: ad0f3bf368a6e3a0a20eb9ec7f94da2fdf343d49 https://github.com/WebKit/WebKit/commit/ad0f3bf368a6e3a0a20eb9ec7f94da2fdf343d49 Author: Chirag M Shah Date: 2023-05-25 (Thu, 25 May 2023) Changed paths: A LayoutTests/fast/media/managed-media-source-open-crash-expected.txt A LayoutTests/fast/media/managed-media-source-open-crash.html M Source/WebCore/Modules/mediasource/ManagedMediaSource.cpp Log Message: --- Fix crash in WebCore::ManagedMediaSource::isOpen() https://bugs.webkit.org/show_bug.cgi?id=257345 rdar://109827653 Reviewed by Jer Noble. mediaElement() might have gone away when we're checking for ManagedMediaSource::isOpen(), which can cause a crash. This change fixes that. * Source/WebCore/Modules/mediasource/ManagedMediaSource.cpp: (WebCore::ManagedMediaSource::ensurePrefsRead): (WebCore::ManagedMediaSource::isOpen const): * LayoutTests/fast/media/managed-media-source-open-crash-expected.txt: Added. * LayoutTests/fast/media/managed-media-source-open-crash.html: Added. Canonical link: https://commits.webkit.org/264554@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 3cfb65: Fix buffer overflow in FEConvolveMatrixSoftwareApp...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 3cfb6575ec08a8458894f6323ab09cd03e2475a0 https://github.com/WebKit/WebKit/commit/3cfb6575ec08a8458894f6323ab09cd03e2475a0 Author: Chirag M Shah Date: 2023-05-25 (Thu, 25 May 2023) Changed paths: A LayoutTests/svg/filters/feconvolve-matrix-invalid-target-offset-crash-expected.txt A LayoutTests/svg/filters/feconvolve-matrix-invalid-target-offset-crash.html M Source/WebCore/platform/graphics/filters/FEConvolveMatrix.cpp M Source/WebCore/platform/graphics/filters/software/FEConvolveMatrixSoftwareApplier.cpp M Source/WebCore/platform/graphics/filters/software/FEConvolveMatrixSoftwareApplier.h M Source/WebCore/svg/SVGFEConvolveMatrixElement.cpp M Source/WebCore/svg/SVGFEConvolveMatrixElement.h Log Message: --- Fix buffer overflow in FEConvolveMatrixSoftwareApplier https://bugs.webkit.org/show_bug.cgi?id=253721 rdar://109800117 Reviewed by Said Abou-Hallawa. This change fixes a buffer overflow issue in the FEConvolveMatrixSoftwareApplier code which happens when dealing with the interior area and setting the destination pixels. This happens because when the targetX/targetY doesn't fit in the convolution kernel, we don't clip it, and that ends up moving the pixel offset by more than what is needed. This change fixes that by making sure that when the SVG attribute changes, we detect the invalid offset and rebuild the filter. * LayoutTests/svg/filters/feconvolve-matrix-invalid-target-offset-crash-expected.txt: Added. * LayoutTests/svg/filters/feconvolve-matrix-invalid-target-offset-crash.html: Added. * Source/WebCore/platform/graphics/filters/FEConvolveMatrix.cpp: (WebCore::FEConvolveMatrix::FEConvolveMatrix): * Source/WebCore/platform/graphics/filters/software/FEConvolveMatrixSoftwareApplier.cpp: (WebCore::FEConvolveMatrixSoftwareApplier::FEConvolveMatrixSoftwareApplier): * Source/WebCore/platform/graphics/filters/software/FEConvolveMatrixSoftwareApplier.h: * Source/WebCore/svg/SVGFEConvolveMatrixElement.cpp: (WebCore::SVGFEConvolveMatrixElement::isValidTargetXOffset const): (WebCore::SVGFEConvolveMatrixElement::isValidTargetYOffset const): (WebCore::SVGFEConvolveMatrixElement::svgAttributeChanged): (WebCore::SVGFEConvolveMatrixElement::createFilterEffect const): * Source/WebCore/svg/SVGFEConvolveMatrixElement.h: Originally-landed-as: 259548.425@safari-7615-branch (499c0bf6a8a9). rdar://97909186 Canonical link: https://commits.webkit.org/264527@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] f2875a: Fix crash when innerTextElement() can be null when...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: f2875a3ad7ac0693e0853f58d7884c85345f89a1 https://github.com/WebKit/WebKit/commit/f2875a3ad7ac0693e0853f58d7884c85345f89a1 Author: Chirag M Shah Date: 2023-05-22 (Mon, 22 May 2023) Changed paths: A LayoutTests/fast/rendering/render-text-control-crash-with-designmode-off-expected.txt A LayoutTests/fast/rendering/render-text-control-crash-with-designmode-off.html M Source/WebCore/rendering/RenderTextControl.cpp M Source/WebCore/rendering/RenderTextControlSingleLine.cpp Log Message: --- Fix crash when innerTextElement() can be null when designMode="off" https://bugs.webkit.org/show_bug.cgi?id=255423 rdar://107985448 Reviewed by Antti Koivisto. This change guards against innerTextElement() being null. The file already checked for this in some places, but it wasn't consistent. * LayoutTests/fast/rendering/render-text-control-crash-with-designmode-off-expected.txt: Added. * LayoutTests/fast/rendering/render-text-control-crash-with-designmode-off.html: Added. * Source/WebCore/rendering/RenderTextControl.cpp: (WebCore::RenderTextControl::textBlockLogicalWidth const): (WebCore::RenderTextControl::computeLogicalHeight const): (WebCore::RenderTextControl::computeIntrinsicLogicalWidths const): * Source/WebCore/rendering/RenderTextControlSingleLine.cpp: (WebCore::RenderTextControlSingleLine::layout): (WebCore::RenderTextControlSingleLine::preferredContentLogicalWidth const): Originally-landed-as: 259548.635@safari-7615-branch (064579d997ae). rdar://107985448 Canonical link: https://commits.webkit.org/264372@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 4899da: Fix equals() for GlyphDisplayListCacheEntryHash
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 4899da4a450aca002aebb22cb19b4d1437e48eab https://github.com/WebKit/WebKit/commit/4899da4a450aca002aebb22cb19b4d1437e48eab Author: Chirag M Shah Date: 2023-05-22 (Mon, 22 May 2023) Changed paths: A LayoutTests/fast/rendering/glyph-display-list-cache-crash-expected.txt A LayoutTests/fast/rendering/glyph-display-list-cache-crash.html M Source/WebCore/rendering/GlyphDisplayListCache.h Log Message: --- Fix equals() for GlyphDisplayListCacheEntryHash https://bugs.webkit.org/show_bug.cgi?id=254941 rdar://107416408 Reviewed by Cameron McCormack. This change fixes a heap use after free in GlyphDisplayListCache, which happens when the destructor of GlyphDisplayListCacheEntry tries to remove this from the HashSet. The change fixes the security issue by correcting the equal() implementation, which now only checks for pointer equality. * LayoutTests/fast/rendering/glyph-display-list-cache-crash-expected.txt: Added. * LayoutTests/fast/rendering/glyph-display-list-cache-crash.html: Added. * Source/WebCore/rendering/GlyphDisplayListCache.h: (WebCore::GlyphDisplayListCacheEntryHash::equal): Originally-landed-as: 259548.555@safari-7615-branch (707d4fb8838c). rdar://107416408 Canonical link: https://commits.webkit.org/264366@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 777fe1: Fix heap use-after-free in Update::addSVGRendererU...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 777fe1501522cc907234a327b306b3cafffb1501 https://github.com/WebKit/WebKit/commit/777fe1501522cc907234a327b306b3cafffb1501 Author: Chirag M Shah Date: 2023-05-22 (Mon, 22 May 2023) Changed paths: A LayoutTests/svg/animations/svg-element-attribute-changed-crash-expected.txt A LayoutTests/svg/animations/svg-element-attribute-changed-crash.html M Source/WebCore/svg/properties/SVGAnimatedProperty.cpp Log Message: --- Fix heap use-after-free in Update::addSVGRendererUpdate https://bugs.webkit.org/show_bug.cgi?id=254281 rdar://107052707 Reviewed by Ryosuke Niwa. Update::addSVGRendererUpdate can end up removing the SVGElement from m_roots, which can result in SVGElement being deleted when an attribute change happens. This change prevents that by protecting the SVGElement using a RefPtr. * LayoutTests/svg/animations/svg-element-attribute-changed-crash-expected.txt: Added. * LayoutTests/svg/animations/svg-element-attribute-changed-crash.html: Added. * Source/WebCore/svg/properties/SVGAnimatedProperty.cpp: (WebCore::SVGAnimatedProperty::commitPropertyChange): Originally-landed-as: 259548.475@safari-7615-branch (aaa1c998206d). rdar://107052707 Canonical link: https://commits.webkit.org/264355@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 272d45: Clear UserActionElement state for the node when it...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 272d45367b3566bd8836ec791248c6916710fc04 https://github.com/WebKit/WebKit/commit/272d45367b3566bd8836ec791248c6916710fc04 Author: Chirag M Shah Date: 2023-05-19 (Fri, 19 May 2023) Changed paths: A LayoutTests/fast/html/element-moving-to-new-document-crash-expected.txt A LayoutTests/fast/html/element-moving-to-new-document-crash.html M Source/WebCore/dom/Element.cpp M Source/WebCore/dom/UserActionElementSet.cpp M Source/WebCore/dom/UserActionElementSet.h Log Message: --- Clear UserActionElement state for the node when it is moved from the Document to a different one https://bugs.webkit.org/show_bug.cgi?id=253012 rdar://105876245 Reviewed by Ryosuke Niwa. Before this change, when an element was moved from oldDocument to newDocument, and we had UserActionElementSet state for it, we never cleared that. This meant that the element was still marked to have this state, which the newDocument doesn't know about. This change fixes that. * LayoutTests/fast/html/element-moving-to-new-document-crash-expected.txt: Added. * LayoutTests/fast/html/element-moving-to-new-document-crash.html: Added. * Source/WebCore/dom/Element.cpp: (WebCore::Element::removedFromAncestor): * Source/WebCore/dom/UserActionElementSet.cpp: (WebCore::UserActionElementSet::clear): * Source/WebCore/dom/UserActionElementSet.h: (WebCore::UserActionElementSet::clearAllForElement): Originally-landed-as: 259548.353@safari-7615-branch (b82284c1f8c5). rdar://105876245 Canonical link: https://commits.webkit.org/264272@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 1ef1b7: Bail out early if m_element is deleted
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 1ef1b775b5ae7b6ae0e2124fc5faa7ec0916401b https://github.com/WebKit/WebKit/commit/1ef1b775b5ae7b6ae0e2124fc5faa7ec0916401b Author: Chirag M Shah Date: 2023-05-19 (Fri, 19 May 2023) Changed paths: A LayoutTests/fullscreen/element-clear-during-fullscreen-crash-expected.txt A LayoutTests/fullscreen/element-clear-during-fullscreen-crash.html M Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp Log Message: --- Bail out early if m_element is deleted https://bugs.webkit.org/show_bug.cgi?id=253129 rdar://104290899 Reviewed by Jer Noble. A call to WebFullScreenManager::willEnterFullScreen() can end up calling WebFullScreenManager::clearElement() which can happen when location.hash is changed. This clears the m_element which is then later used in willEnterFullScreen(). This change bails out early if this happens and cleans up the state-machine. * LayoutTests/fullscreen/element-clear-during-fullscreen-crash-expected.txt: Added. * LayoutTests/fullscreen/element-clear-during-fullscreen-crash.html: Added. * Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp: (WebKit::WebFullScreenManager::willEnterFullScreen): Originally-landed-as: 259548.352@safari-7615-branch (9f301d9e042e). rdar://104290899 Canonical link: https://commits.webkit.org/264263@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 4ca041: Support navigating cross-site iframe to mainFrame ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 4ca041a13dfafa4a2fbe427511dd2705969b1be8 https://github.com/WebKit/WebKit/commit/4ca041a13dfafa4a2fbe427511dd2705969b1be8 Author: Chirag M Shah Date: 2023-05-05 (Fri, 05 May 2023) Changed paths: M Source/WebCore/page/Page.cpp M Source/WebCore/page/Page.h M Source/WebKit/UIProcess/SubframePageProxy.cpp M Source/WebKit/UIProcess/WebFrameProxy.h M Source/WebKit/UIProcess/WebPageProxy.cpp M Source/WebKit/UIProcess/WebPageProxy.h M Source/WebKit/UIProcess/WebProcessPool.cpp M Source/WebKit/WebProcess/WebPage/WebFrame.cpp M Source/WebKit/WebProcess/WebPage/WebPage.cpp M Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm Log Message: --- Support navigating cross-site iframe to mainFrame domain https://bugs.webkit.org/show_bug.cgi?id=256339 Reviewed by Alex Christensen. This change adds support so that an iframe can navigate back to the mainFrame domain, and so that the load happens in the mainFrame process. * Source/WebCore/page/Page.cpp: (WebCore::Page::addRootFrame): * Source/WebCore/page/Page.h: (WebCore::Page::addRootFrame): Deleted. * Source/WebKit/UIProcess/SubframePageProxy.cpp: (WebKit::SubframePageProxy::didCommitLoadForFrame): * Source/WebKit/UIProcess/WebFrameProxy.h: (WebKit::WebFrameProxy::provisionalFrame): * Source/WebKit/UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::receivedNavigationPolicyDecision): (WebKit::WebPageProxy::didCommitLoadForFrame): (WebKit::WebPageProxy::decidePolicyForNavigationAction): (WebKit::WebPageProxy::decidePolicyForResponse): * Source/WebKit/UIProcess/WebPageProxy.h: * Source/WebKit/UIProcess/WebProcessPool.cpp: (WebKit::WebProcessPool::processForNavigation): * Source/WebKit/WebProcess/WebPage/WebFrame.cpp: (WebKit::WebFrame::transitionToLocal): * Source/WebKit/WebProcess/WebPage/WebPage.cpp: (WebKit::WebPage::SandboxExtensionTracker::beginLoad): * Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm: (TestWebKitAPI::TEST): Canonical link: https://commits.webkit.org/263747@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 4c2f5f: Add frame transition tests for site isolation
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 4c2f5f2e7bf3525c16ed6905d5afa5e7abc985eb https://github.com/WebKit/WebKit/commit/4c2f5f2e7bf3525c16ed6905d5afa5e7abc985eb Author: Chirag M Shah Date: 2023-04-27 (Thu, 27 Apr 2023) Changed paths: M Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm Log Message: --- Add frame transition tests for site isolation https://bugs.webkit.org/show_bug.cgi?id=255573 Reviewed by Alex Christensen. This change adds more tests for parent and child navigations and validates the result with site isolation. Note that not all tests currently enableSiteIsolation() because of a few failures, but these tests will be used as a baseline to fix those. * Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm: (TestWebKitAPI::TEST): Canonical link: https://commits.webkit.org/263485@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 1d37f3: Fix type confusion in BuilderConverter::convertPat...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 1d37f36651144308e8d2c27a3cdabc939f3cf384 https://github.com/WebKit/WebKit/commit/1d37f36651144308e8d2c27a3cdabc939f3cf384 Author: Chirag M Shah Date: 2023-04-21 (Fri, 21 Apr 2023) Changed paths: A LayoutTests/fast/css/style-builder-type-confusion-crash-expected.txt A LayoutTests/fast/css/style-builder-type-confusion-crash.html M Source/WebCore/style/StyleBuilderConverter.h Log Message: --- Fix type confusion in BuilderConverter::convertPathOperation https://bugs.webkit.org/show_bug.cgi?id=255735 rdar://108253315 Reviewed by Chris Dumez. This change fixes convertPathOperation so that it can deal with single values instead of expecting a list of values towards the end. * LayoutTests/fast/css/style-builder-type-confusion-crash-expected.txt: Added. * LayoutTests/fast/css/style-builder-type-confusion-crash.html: Added. * Source/WebCore/style/StyleBuilderConverter.h: (WebCore::Style::BuilderConverter::convertPathOperation): Canonical link: https://commits.webkit.org/263226@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] b29168: Disable site-isolation in MainFrameWithTwoIFramesI...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: b29168acce031cea9f034d0e2151052d33e74c65 https://github.com/WebKit/WebKit/commit/b29168acce031cea9f034d0e2151052d33e74c65 Author: Chirag M Shah Date: 2023-04-21 (Fri, 21 Apr 2023) Changed paths: M Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm Log Message: --- Disable site-isolation in MainFrameWithTwoIFramesInTheSameProcess https://bugs.webkit.org/show_bug.cgi?id=255751 rdar://108342215 Reviewed by Alex Christensen. We're seeing some flakiness with this test, so lets disable it until we investigate and fix the flakiness. * Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm: (TestWebKitAPI::TEST): Canonical link: https://commits.webkit.org/263217@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 390532: Use CheckedRef in Provisional[Frame|Page]Proxy for...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 39053215a8c091f8f3ce2d54bf2603b3801c3c93 https://github.com/WebKit/WebKit/commit/39053215a8c091f8f3ce2d54bf2603b3801c3c93 Author: Chirag M Shah Date: 2023-04-18 (Tue, 18 Apr 2023) Changed paths: M Source/WebKit/UIProcess/ProvisionalFrameProxy.cpp M Source/WebKit/UIProcess/ProvisionalFrameProxy.h M Source/WebKit/UIProcess/ProvisionalPageProxy.cpp M Source/WebKit/UIProcess/ProvisionalPageProxy.h M Source/WebKit/UIProcess/WebFrameProxy.h M Source/WebKit/UIProcess/WebPageProxy.h Log Message: --- Use CheckedRef in Provisional[Frame|Page]Proxy for Web[Frame|Page]Proxy https://bugs.webkit.org/show_bug.cgi?id=255572 Reviewed by Alex Christensen and Chris Dumez. So that we don't store raw pointers, we should use CheckedRef where applicable. * Source/WebKit/UIProcess/ProvisionalFrameProxy.cpp: (WebKit::ProvisionalFrameProxy::ProvisionalFrameProxy): (WebKit::ProvisionalFrameProxy::~ProvisionalFrameProxy): (WebKit::ProvisionalFrameProxy::didReceiveMessage): (WebKit::ProvisionalFrameProxy::messageSenderDestinationID const): * Source/WebKit/UIProcess/ProvisionalFrameProxy.h: * Source/WebKit/UIProcess/ProvisionalPageProxy.cpp: (WebKit::ProvisionalPageProxy::ProvisionalPageProxy): (WebKit::ProvisionalPageProxy::~ProvisionalPageProxy): (WebKit::ProvisionalPageProxy::processDidTerminate): (WebKit::ProvisionalPageProxy::initializeWebPage): (WebKit::ProvisionalPageProxy::loadData): (WebKit::ProvisionalPageProxy::loadRequest): (WebKit::ProvisionalPageProxy::goToBackForwardItem): (WebKit::ProvisionalPageProxy::didCreateMainFrame): (WebKit::ProvisionalPageProxy::didPerformClientRedirect): (WebKit::ProvisionalPageProxy::didStartProvisionalLoadForFrame): (WebKit::ProvisionalPageProxy::didFailProvisionalLoadForFrame): (WebKit::ProvisionalPageProxy::didCommitLoadForFrame): (WebKit::ProvisionalPageProxy::didNavigateWithNavigationData): (WebKit::ProvisionalPageProxy::didChangeProvisionalURLForFrame): (WebKit::ProvisionalPageProxy::decidePolicyForNavigationActionAsync): (WebKit::ProvisionalPageProxy::decidePolicyForResponse): (WebKit::ProvisionalPageProxy::didPerformServerRedirect): (WebKit::ProvisionalPageProxy::didReceiveServerRedirectForProvisionalLoadForFrame): (WebKit::ProvisionalPageProxy::startURLSchemeTask): (WebKit::ProvisionalPageProxy::backForwardGoToItem): (WebKit::ProvisionalPageProxy::decidePolicyForNavigationActionSync): (WebKit::ProvisionalPageProxy::logDiagnosticMessageFromWebProcess): (WebKit::ProvisionalPageProxy::logDiagnosticMessageWithEnhancedPrivacyFromWebProcess): (WebKit::ProvisionalPageProxy::logDiagnosticMessageWithValueDictionaryFromWebProcess): (WebKit::ProvisionalPageProxy::backForwardAddItem): (WebKit::ProvisionalPageProxy::requestPasswordForQuickLookDocumentInMainFrame): (WebKit::ProvisionalPageProxy::contentFilterDidBlockLoadForFrame): (WebKit::ProvisionalPageProxy::didReceiveMessage): (WebKit::ProvisionalPageProxy::didReceiveSyncMessage): * Source/WebKit/UIProcess/ProvisionalPageProxy.h: (WebKit::ProvisionalPageProxy::page): (WebKit::ProvisionalPageProxy::page const): * Source/WebKit/UIProcess/WebFrameProxy.h: * Source/WebKit/UIProcess/WebPageProxy.h: Canonical link: https://commits.webkit.org/263066@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 0fb46c: Fix typo in downcast template specialization in We...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 0fb46c57f3e30f8f3c95e2be03fc3078e671fa9a https://github.com/WebKit/WebKit/commit/0fb46c57f3e30f8f3c95e2be03fc3078e671fa9a Author: Chirag M Shah Date: 2023-04-17 (Mon, 17 Apr 2023) Changed paths: M Source/WTF/wtf/WeakPtr.h Log Message: --- Fix typo in downcast template specialization in WeakPtr https://bugs.webkit.org/show_bug.cgi?id=255578 Reviewed by Chris Dumez. Fix the typo in the specialization I introduced. Verified that using the new downcast on a WeakPtr builds fine. * Source/WTF/wtf/WeakPtr.h: (WTF::downcast): Canonical link: https://commits.webkit.org/263058@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 62a375: Fix SEGV in ReplaceSelectionCommand::makeInsertedC...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 62a3751abfbc0bda4a9fff41c52e1f4d98e6293e https://github.com/WebKit/WebKit/commit/62a3751abfbc0bda4a9fff41c52e1f4d98e6293e Author: Chirag M Shah Date: 2023-04-17 (Mon, 17 Apr 2023) Changed paths: A LayoutTests/fast/editing/replace-selection-command-crash-expected.txt A LayoutTests/fast/editing/replace-selection-command-crash.html M Source/WebCore/editing/ReplaceSelectionCommand.cpp Log Message: --- Fix SEGV in ReplaceSelectionCommand::makeInsertedContentRoundTrippableWithHTMLTreeBuilder https://bugs.webkit.org/show_bug.cgi?id=255510 rdar://107979390 Reviewed by Ryosuke Niwa. This change fixes a crash which is caused because we end up in state where m_lastNodeInserted is NULL after a call to ReplaceSelectionCommand::InsertedNodes::willRemoveNode, which means that when makeInsertedContentRoundTrippableWithHTMLTreeBuilder calls pastLastLeaf() we trip over an assertion. * LayoutTests/fast/editing/replace-selection-command-crash-expected.txt: Added. * LayoutTests/fast/editing/replace-selection-command-crash.html: Added. * Source/WebCore/editing/ReplaceSelectionCommand.cpp: (WebCore::ReplaceSelectionCommand::InsertedNodes::willRemoveNode): Canonical link: https://commits.webkit.org/263051@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 4d2fb2: Make same origin i-frames load in the same process...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 4d2fb292a80797dbc2f76aeffa5e4b1728fe0a75 https://github.com/WebKit/WebKit/commit/4d2fb292a80797dbc2f76aeffa5e4b1728fe0a75 Author: Chirag M Shah Date: 2023-04-13 (Thu, 13 Apr 2023) Changed paths: M Source/WebKit/CMakeLists.txt M Source/WebKit/DerivedSources-input.xcfilelist M Source/WebKit/DerivedSources.make A Source/WebKit/Shared/LocalFrameCreationParameters.h A Source/WebKit/Shared/LocalFrameCreationParameters.serialization.in M Source/WebKit/UIProcess/ProvisionalFrameProxy.cpp M Source/WebKit/UIProcess/ProvisionalFrameProxy.h M Source/WebKit/UIProcess/SubframePageProxy.cpp M Source/WebKit/UIProcess/SubframePageProxy.h M Source/WebKit/UIProcess/WebFrameProxy.cpp M Source/WebKit/UIProcess/WebFrameProxy.h M Source/WebKit/UIProcess/WebPageProxy.cpp M Source/WebKit/UIProcess/WebPageProxy.h M Source/WebKit/UIProcess/WebProcessPool.cpp M Source/WebKit/UIProcess/WebProcessPool.h M Source/WebKit/WebKit.xcodeproj/project.pbxproj M Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp M Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.h M Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.h M Source/WebKit/WebProcess/WebPage/WebFrame.cpp M Source/WebKit/WebProcess/WebPage/WebFrame.h M Source/WebKit/WebProcess/WebPage/WebPage.cpp M Source/WebKit/WebProcess/WebPage/WebPage.h M Source/WebKit/WebProcess/WebPage/WebPage.messages.in M Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm Log Message: --- Make same origin i-frames load in the same process with site-isolation https://bugs.webkit.org/show_bug.cgi?id=255070 rdar://107618125 Reviewed by Alex Christensen. This change makes it so that we don't load each iframe in a new process, but club together the same origin iframes in the same webcontent process. * Source/WebKit/CMakeLists.txt: * Source/WebKit/DerivedSources-input.xcfilelist: * Source/WebKit/DerivedSources.make: * Source/WebKit/Shared/LocalFrameCreationParameters.h: Copied from Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.h. * Source/WebKit/Shared/LocalFrameCreationParameters.serialization.in: Added. * Source/WebKit/UIProcess/ProvisionalFrameProxy.cpp: (WebKit::ProvisionalFrameProxy::ProvisionalFrameProxy): (WebKit::ProvisionalFrameProxy::~ProvisionalFrameProxy): (WebKit::ProvisionalFrameProxy::didReceiveMessage): (WebKit::ProvisionalFrameProxy::decidePolicyForResponse): Deleted. (WebKit::ProvisionalFrameProxy::didCommitLoadForFrame): Deleted. * Source/WebKit/UIProcess/ProvisionalFrameProxy.h: (): Deleted. * Source/WebKit/UIProcess/SubframePageProxy.cpp: (WebKit::SubframePageProxy::SubframePageProxy): (WebKit::SubframePageProxy::~SubframePageProxy): (WebKit::SubframePageProxy::didReceiveMessage): (WebKit::SubframePageProxy::decidePolicyForResponse): (WebKit::SubframePageProxy::didCommitLoadForFrame): * Source/WebKit/UIProcess/SubframePageProxy.h: (WebKit::SubframePageProxy::process): * Source/WebKit/UIProcess/WebFrameProxy.cpp: (WebKit::WebFrameProxy::~WebFrameProxy): (WebKit::WebFrameProxy::didFinishLoad): (WebKit::WebFrameProxy::swapToProcess): (WebKit::WebFrameProxy::commitProvisionalFrame): (WebKit::WebFrameProxy::updateRemoteFrameSize): Deleted. * Source/WebKit/UIProcess/WebFrameProxy.h: * Source/WebKit/UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::receivedNavigationPolicyDecision): (WebKit::WebPageProxy::continueNavigationInNewProcess): (WebKit::WebPageProxy::updateRemoteFrameSize): (WebKit::WebPageProxy::subframePageProxyForFrameID const): (WebKit::WebPageProxy::didFinishLoadForFrame): (WebKit::WebPageProxy::addSubframePageProxyForFrameID): * Source/WebKit/UIProcess/WebPageProxy.h: * Source/WebKit/UIProcess/WebProcessPool.cpp: (WebKit::WebProcessPool::processForNavigation): * Source/WebKit/UIProcess/WebProcessPool.h: * Source/WebKit/WebKit.xcodeproj/project.pbxproj: * Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp: (WebKit::WebFrameLoaderClient::WebFrameLoaderClient): * Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.h: * Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.h: * Source/WebKit/WebProcess/WebPage/WebFrame.cpp: (WebKit::WebFrame::createLocalSubframeHostedInAnotherProcess): * Source/WebKit/WebProcess/WebPage/WebFrame.h: * Source/WebKit/WebProcess/WebPage/WebPage.cpp: (WebKit::WebPage::constructFrameTree): (WebKit::WebPage::loadRequestByCreatingNewLocalFrameOrConvertingRemoteFrame): (WebKit::WebPage::loadRequest): * Source/WebKit/WebProcess/WebPage/WebPage.h: * Source/WebKit/WebProcess/WebPage/WebPage.messages.in: * Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm: (TestWebKitAPI::TEST): Canonical link: https://commits.webkit.org/262943@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mai
[webkit-changes] [WebKit/WebKit] 4bfd15: Move HashCountedSet to WeakHashCountedSet in Style...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 4bfd15d8cdc7d90dc7674237addf934a3d5c7be4 https://github.com/WebKit/WebKit/commit/4bfd15d8cdc7d90dc7674237addf934a3d5c7be4 Author: Chirag M Shah Date: 2023-04-01 (Sat, 01 Apr 2023) Changed paths: M Source/WebCore/html/CanvasBase.cpp M Source/WebCore/rendering/style/StyleCanvasImage.cpp M Source/WebCore/rendering/style/StyleCrossfadeImage.cpp M Source/WebCore/rendering/style/StyleFilterImage.cpp M Source/WebCore/rendering/style/StyleGeneratedImage.cpp M Source/WebCore/rendering/style/StyleGeneratedImage.h M Source/WebCore/rendering/style/StyleGradientImage.cpp Log Message: --- Move HashCountedSet to WeakHashCountedSet in StyleGeneratedImage https://bugs.webkit.org/show_bug.cgi?id=254835 rdar://107480319 Reviewed by Chris Dumez. Generated images should use a Weak container to keep track of RenderElements so that we don't trigger UAF issues. * Source/WebCore/html/CanvasBase.cpp: (WebCore:: const): * Source/WebCore/rendering/style/StyleCanvasImage.cpp: (WebCore::StyleCanvasImage::image const): (WebCore::StyleCanvasImage::canvasChanged): (WebCore::StyleCanvasImage::canvasResized): * Source/WebCore/rendering/style/StyleCrossfadeImage.cpp: (WebCore::StyleCrossfadeImage::imageChanged): * Source/WebCore/rendering/style/StyleFilterImage.cpp: (WebCore::StyleFilterImage::imageChanged): * Source/WebCore/rendering/style/StyleGeneratedImage.cpp: (WebCore::StyleGeneratedImage::addClient): (WebCore::StyleGeneratedImage::removeClient): (WebCore::StyleGeneratedImage::hasClient const): * Source/WebCore/rendering/style/StyleGeneratedImage.h: (WebCore::StyleGeneratedImage::clients const): (WebCore::StyleGeneratedImage:: const): Deleted. * Source/WebCore/rendering/style/StyleGradientImage.cpp: (WebCore::StyleGradientImage::image const): Canonical link: https://commits.webkit.org/262469@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 96ab27: Cherry-pick 259548.22@safari-7615-branch (433aae06...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 96ab27ee5dab69647ffea2ceb433d617f3c5e1e9 https://github.com/WebKit/WebKit/commit/96ab27ee5dab69647ffea2ceb433d617f3c5e1e9 Author: Gerald Squelart Date: 2023-03-31 (Fri, 31 Mar 2023) Changed paths: M Source/WebCore/platform/graphics/IntRect.h M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in Log Message: --- Cherry-pick 259548.22@safari-7615-branch (433aae06c3e1). rdar://107445621 Validate IPC-decoded IntRect's rdar://101324985 Reviewed by Dean Jackson. * Source/WebCore/platform/graphics/IntRect.h: * Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in: Canonical link: https://commits.webkit.org/259548.22@safari-7615-branch Canonical link: https://commits.webkit.org/262412@main Commit: b3d58f33f176547ce13963aee482b6697537ea24 https://github.com/WebKit/WebKit/commit/b3d58f33f176547ce13963aee482b6697537ea24 Author: Simon Fraser Date: 2023-03-31 (Fri, 31 Mar 2023) Changed paths: M Source/WebKit/UIProcess/RemoteLayerTree/ios/RemoteScrollingCoordinatorProxyIOS.mm Log Message: --- Cherry-pick 252432.1040@safari-7614-branch (5f64e30a652b). rdar://107445664 [CoreIPC] Type confusion bugs in RemoteScrollingCoordinatorProxyIOS::establishLayerTreeScrollingRelations https://bugs.webkit.org/show_bug.cgi?id=250812 Reviewed by Jonathan Bedard and Ryosuke Niwa. Add MESSAGE_CHECKing for two node types in code that runs in response to an IPC message. Add an early return checking the root node type in code that runs from user events. * Source/WebKit/UIProcess/RemoteLayerTree/ios/RemoteScrollingCoordinatorProxyIOS.mm: (WebKit::RemoteScrollingCoordinatorProxy::establishLayerTreeScrollingRelations): (WebKit::RemoteScrollingCoordinatorProxy::nearestActiveContentInsetAdjustedSnapOffset const): Canonical link: https://commits.webkit.org/252432.1040@safari-7614-branch Canonical link: https://commits.webkit.org/262413@main Commit: 8256763cced0d44f93e2d41a8de38396cc50bcdf https://github.com/WebKit/WebKit/commit/8256763cced0d44f93e2d41a8de38396cc50bcdf Author: Rob Buis Date: 2023-03-31 (Fri, 31 Mar 2023) Changed paths: A LayoutTests/fast/table/table-cell-crash-when-detached-state-2-expected.txt A LayoutTests/fast/table/table-cell-crash-when-detached-state-2.html M Source/WebCore/rendering/RenderLayerModelObject.cpp Log Message: --- Cherry-pick 256843.4@webkit-2022.12-embargoed (6234ec9c65b9). rdar://107445724 Do not issue repaints when in detached state https://bugs.webkit.org/show_bug.cgi?id=248773 rdar://102808328 Reviewed by Antti Koivisto. Do not issue repaints when the RenderObject is in detached state while removing render subtrees. * LayoutTests/fast/table/table-cell-crash-when-detached-state-2-expected.txt: Added. * LayoutTests/fast/table/table-cell-crash-when-detached-state-2.html: Added. * Source/WebCore/rendering/RenderLayerModelObject.cpp: (WebCore::RenderTableCell::willBeRemovedFromTree const): Canonical link: https://commits.webkit.org/256843.4@webkit-2022.12-embargoed Canonical link: https://commits.webkit.org/262414@main Commit: 8a9408e8fc80e4be499eb9b34e5a816b4b4e4c1e https://github.com/WebKit/WebKit/commit/8a9408e8fc80e4be499eb9b34e5a816b4b4e4c1e Author: Justin Michaud Date: 2023-03-31 (Fri, 31 Mar 2023) Changed paths: A JSTests/wasm/stress/many-locals-small-wasm-stack.js A JSTests/wasm/stress/many-locals-small-wasm-stack.wasm A JSTests/wasm/stress/many-locals-small-wasm-stack.wat M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp Log Message: --- Cherry-pick 259548.25@safari-7615-branch (1a20160f826c). rdar://107446004 Locals should update max stack size rdar://104692168 Reviewed by Yusuke Suzuki. We can forget to update the max stack size, causing an OOB stack read in OSR entry. This only happens if you create a bunch of locals and never push anything to the stack, so it should be very rare and difficult to abuse. * JSTests/wasm/stress/many-locals-small-wasm-stack.js: Added. (async let): * JSTests/wasm/stress/many-locals-small-wasm-stack.wasm: Added. * JSTests/wasm/stress/many-locals-small-wasm-stack.wat: Added. * Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::addLocal): Canonical link: https://commits.webkit.org/259548.25@safari-7615-branch Canonical link: https://commits.webkit.org/262415@main Commit: 2365ae2ca2bdf6abfe47b97f025413f746f3 https://github.com/WebKit/WebKit/commit/2365ae2ca2bdf6abfe47b97f025413f746f3 Author: Rob Buis Date: 2023-03-31 (Fri, 31 Mar 2023) Changed paths: A LayoutTests/fast/dom/set-outer-text-on-moved-element-expected.html A LayoutTests/fast/dom/set-outer-t
[webkit-changes] [WebKit/WebKit] 5eb3a3: Make postMessage work for site-isolation
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 5eb3a34b116bdda06cc92e3b2c5c289ceb82074a https://github.com/WebKit/WebKit/commit/5eb3a34b116bdda06cc92e3b2c5c289ceb82074a Author: Chirag M Shah Date: 2023-03-30 (Thu, 30 Mar 2023) Changed paths: M Source/WebCore/page/DOMWindow.cpp M Source/WebCore/page/DOMWindow.h M Source/WebCore/page/LocalDOMWindow.cpp M Source/WebCore/page/LocalDOMWindow.h M Source/WebCore/page/Page.cpp M Source/WebCore/page/PageConfiguration.cpp M Source/WebCore/page/PageConfiguration.h M Source/WebCore/page/RemoteDOMWindow.cpp M Source/WebCore/page/RemoteDOMWindow.h M Source/WebCore/page/RemoteFrame.cpp M Source/WebCore/page/RemoteFrame.h M Source/WebCore/page/RemoteFrameClient.h M Source/WebKit/Shared/FrameTreeCreationParameters.h M Source/WebKit/Shared/FrameTreeCreationParameters.serialization.in M Source/WebKit/UIProcess/WebFrameProxy.cpp M Source/WebKit/UIProcess/WebProcessProxy.cpp M Source/WebKit/UIProcess/WebProcessProxy.h M Source/WebKit/UIProcess/WebProcessProxy.messages.in M Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.cpp M Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.h M Source/WebKit/WebProcess/WebPage/WebFrame.cpp M Source/WebKit/WebProcess/WebPage/WebFrame.h M Source/WebKit/WebProcess/WebPage/WebFrame.messages.in M Source/WebKit/WebProcess/WebPage/WebPage.cpp M Source/WebKit/WebProcess/WebProcess.cpp M Source/WebKit/WebProcess/WebProcess.h M Source/WebKit/WebProcess/WebProcess.messages.in M Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm Log Message: --- Make postMessage work for site-isolation https://bugs.webkit.org/show_bug.cgi?id=253588 rdar://106439413 Reviewed by Alex Christensen. This change makes postMessage ping pong work by creating the Frame with the correct identifiers and remote processIDs so that message sending and reception between cross origin iframes can work with postMessage. * Source/WebCore/page/DOMWindow.cpp: (WebCore::DOMWindow::createTargetOriginForPostMessage): * Source/WebCore/page/DOMWindow.h: * Source/WebCore/page/LocalDOMWindow.cpp: (WebCore::LocalDOMWindow::processPostMessage): (WebCore::LocalDOMWindow::postMessage): (WebCore::LocalDOMWindow::postMessageFromRemoteFrame): * Source/WebCore/page/LocalDOMWindow.h: * Source/WebCore/page/Page.cpp: (WebCore::createMainFrame): * Source/WebCore/page/PageConfiguration.cpp: (WebCore::PageConfiguration::PageConfiguration): * Source/WebCore/page/PageConfiguration.h: * Source/WebCore/page/RemoteDOMWindow.cpp: (WebCore::RemoteDOMWindow::postMessage): * Source/WebCore/page/RemoteDOMWindow.h: * Source/WebCore/page/RemoteFrame.cpp: (WebCore::RemoteFrame::createMainFrame): (WebCore::RemoteFrame::createSubframe): (WebCore::RemoteFrame::createSubframeWithContentsInAnotherProcess): (WebCore::RemoteFrame::RemoteFrame): (WebCore::m_remoteProcessIdentifier): (WebCore::m_layerHostingContextIdentifier): Deleted. * Source/WebCore/page/RemoteFrame.h: * Source/WebCore/page/RemoteFrameClient.h: * Source/WebKit/Shared/FrameTreeCreationParameters.h: * Source/WebKit/Shared/FrameTreeCreationParameters.serialization.in: * Source/WebKit/UIProcess/ProvisionalFrameProxy.cpp: (WebKit::ProvisionalFrameProxy::ProvisionalFrameProxy): * Source/WebKit/UIProcess/WebFrameProxy.cpp: (WebKit::WebFrameProxy::commitProvisionalFrame): (WebKit::WebFrameProxy::frameTreeCreationParameters const): * Source/WebKit/UIProcess/WebProcessProxy.cpp: (WebKit::WebProcessProxy::postMessageToRemote): * Source/WebKit/UIProcess/WebProcessProxy.h: * Source/WebKit/UIProcess/WebProcessProxy.messages.in: * Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.cpp: (WebKit::WebRemoteFrameClient::postMessageToRemote): * Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.h: * Source/WebKit/WebProcess/WebPage/WebFrame.cpp: (WebKit::WebFrame::createRemoteSubframe): (WebKit::WebFrame::didCommitLoadInAnotherProcess): * Source/WebKit/WebProcess/WebPage/WebFrame.h: * Source/WebKit/WebProcess/WebPage/WebFrame.messages.in: * Source/WebKit/WebProcess/WebPage/WebPage.cpp: (WebKit::clientForMainFrame): (WebKit::m_appHighlightsVisible): (WebKit::WebPage::constructFrameTree): * Source/WebKit/WebProcess/WebProcess.cpp: (WebKit::WebProcess::remotePostMessage): * Source/WebKit/WebProcess/WebProcess.h: * Source/WebKit/WebProcess/WebProcess.messages.in: * Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm: (TestWebKitAPI::TEST): Canonical link: https://commits.webkit.org/262334@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] e233ab: Use smart pointers for ScriptExecutionContext and ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: e233ab4568b25c084d63488de1ea116928aadc13 https://github.com/WebKit/WebKit/commit/e233ab4568b25c084d63488de1ea116928aadc13 Author: Chirag M Shah Date: 2023-03-28 (Tue, 28 Mar 2023) Changed paths: M Source/WTF/wtf/CheckedRef.h M Source/WTF/wtf/Ref.h M Source/WTF/wtf/RefPtr.h M Source/WTF/wtf/WeakPtr.h M Source/WebCore/Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp M Source/WebCore/Modules/websockets/ThreadableWebSocketChannelClientWrapper.h M Source/WebCore/bindings/js/ScriptModuleLoader.cpp M Source/WebCore/bindings/js/ScriptModuleLoader.h M Source/WebCore/dom/RejectedPromiseTracker.cpp M Source/WebCore/dom/RejectedPromiseTracker.h M Source/WebCore/dom/ScriptExecutionContext.h M Source/WebCore/html/canvas/CanvasRenderingContext.h M Source/WebCore/inspector/InspectorCanvas.cpp M Source/WebCore/inspector/InspectorCanvas.h M Source/WebCore/page/DOMTimer.cpp M Source/WebCore/page/DOMTimer.h Log Message: --- Use smart pointers for ScriptExecutionContext and CanvasRenderingContext (m_context) https://bugs.webkit.org/show_bug.cgi?id=254347 rdar://107142041 Reviewed by Chris Dumez and Ryosuke Niwa. This change adopts Ref's for m_context member variable to align with the smart pointer usage guidelines. * Source/WTF/wtf/CheckedRef.h: (WTF::downcast): * Source/WTF/wtf/Ref.h: (WTF::downcast): * Source/WTF/wtf/RefPtr.h: (WTF::downcast): * Source/WTF/wtf/WeakPtr.h: (WTF::downcast): * Source/WebCore/Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp: (WebCore::ThreadableWebSocketChannelClientWrapper::processPendingTasks): * Source/WebCore/Modules/websockets/ThreadableWebSocketChannelClientWrapper.h: * Source/WebCore/bindings/js/ScriptModuleLoader.cpp: (WebCore::ScriptModuleLoader::shadowRealmLoader const): (WebCore::ScriptModuleLoader::resolve): (WebCore::ScriptModuleLoader::fetch): (WebCore::ScriptModuleLoader::moduleURL): (WebCore::ScriptModuleLoader::responseURLFromRequestURL): (WebCore::ScriptModuleLoader::evaluate): (WebCore::ScriptModuleLoader::importModule): (WebCore::ScriptModuleLoader::notifyFinished): * Source/WebCore/bindings/js/ScriptModuleLoader.h: * Source/WebCore/dom/RejectedPromiseTracker.cpp: (WebCore::RejectedPromiseTracker::promiseHandled): (WebCore::RejectedPromiseTracker::processQueueSoon): (WebCore::RejectedPromiseTracker::reportUnhandledRejections): (WebCore::RejectedPromiseTracker::reportRejectionHandled): * Source/WebCore/dom/RejectedPromiseTracker.h: * Source/WebCore/dom/ScriptExecutionContext.h: * Source/WebCore/html/canvas/CanvasRenderingContext.h: * Source/WebCore/inspector/InspectorCanvas.cpp: (WebCore::InspectorCanvas::InspectorCanvas): (WebCore::InspectorCanvas::canvasElement const): (WebCore::InspectorCanvas::scriptExecutionContext const): (WebCore::InspectorCanvas::resolveContext const): (WebCore:: const): (WebCore::InspectorCanvas::canvasChanged): (WebCore::InspectorCanvas::resetRecordingData): (WebCore::InspectorCanvas::buildObjectForCanvas): (WebCore::InspectorCanvas::buildInitialState): * Source/WebCore/inspector/InspectorCanvas.h: * Source/WebCore/page/DOMTimer.cpp: (WebCore::DOMTimerFireState::DOMTimerFireState): (WebCore::DOMTimerFireState::~DOMTimerFireState): Canonical link: https://commits.webkit.org/262252@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] f99559: Fix crash in FetchResponse::jsonForBindings
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: f99559013074175c3a128e0f935f57b8878eb6cc https://github.com/WebKit/WebKit/commit/f99559013074175c3a128e0f935f57b8878eb6cc Author: Chirag M Shah Date: 2023-03-27 (Mon, 27 Mar 2023) Changed paths: A LayoutTests/js/fetch-response-json-crash-expected.txt A LayoutTests/js/fetch-response-json-crash.html M Source/WebCore/Modules/fetch/FetchResponse.cpp Log Message: --- Fix crash in FetchResponse::jsonForBindings https://bugs.webkit.org/show_bug.cgi?id=254536 rdar://107265435 Reviewed by Youenn Fablet. Make sure context.globalObject() is non-null before passing it to JSC::JSONStringify which tries to dereference it. * LayoutTests/js/fetch-response-json-crash-expected.txt: Added. * LayoutTests/js/fetch-response-json-crash.html: Added. * Source/WebCore/Modules/fetch/FetchResponse.cpp: (WebCore::FetchResponse::jsonForBindings): Canonical link: https://commits.webkit.org/262171@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 992dbd: Fix bug in DOMWindow::DOMWindow
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 992dbdd3b27e5b3a337dfa80a5367c8a7a2ca9ce https://github.com/WebKit/WebKit/commit/992dbdd3b27e5b3a337dfa80a5367c8a7a2ca9ce Author: Chirag M Shah Date: 2023-03-17 (Fri, 17 Mar 2023) Changed paths: M Source/WebCore/page/DOMWindow.cpp Log Message: --- Fix bug in DOMWindow::DOMWindow rdar://106882760 https://bugs.webkit.org/show_bug.cgi?id=254095 Reviewed by Chris Dumez. DOMWindow currently uses the moved out element, which it shouldn't as the ownership was transferred. * Source/WebCore/page/DOMWindow.cpp: (WebCore::DOMWindow::DOMWindow): Canonical link: https://commits.webkit.org/261818@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 52c77e: Fix smart pointer usage when dealing with ScriptEx...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 52c77eeabac7a55ff15036c291650bb19d07887e https://github.com/WebKit/WebKit/commit/52c77eeabac7a55ff15036c291650bb19d07887e Author: Chirag M Shah Date: 2023-03-17 (Fri, 17 Mar 2023) Changed paths: M Source/WebCore/Modules/speech/SpeechSynthesisUtterance.h Log Message: --- Fix smart pointer usage when dealing with ScriptExecutionContext https://bugs.webkit.org/show_bug.cgi?id=254045 rdar://106721110 Reviewed by Ryosuke Niwa. This change fixes uses of ScriptExecutionContext so that it conforms with the smart pointer usage guidelines. * Source/WebCore/Modules/speech/SpeechSynthesisUtterance.h: Canonical link: https://commits.webkit.org/261817@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] cdf472: Fix ASSERTION FAILED: lastDocument->fullscreenMana...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: cdf4725166dd5bc60b6bb881455e1f43094dc031 https://github.com/WebKit/WebKit/commit/cdf4725166dd5bc60b6bb881455e1f43094dc031 Author: Chirag M Shah Date: 2023-03-15 (Wed, 15 Mar 2023) Changed paths: A LayoutTests/fullscreen/webkit-exit-full-screen-crash-expected.txt A LayoutTests/fullscreen/webkit-exit-full-screen-crash.html M Source/WebCore/dom/DocumentFullscreen.cpp Log Message: --- Fix ASSERTION FAILED: lastDocument->fullscreenManager().fullscreenElement() https://bugs.webkit.org/show_bug.cgi?id=253987 rdar://106776257 Reviewed by Tim Nguyen. We don't handle document not being a fullScreenElement in webkitExitFullscreen which causes a crash on debug builds. This change fixes that. * LayoutTests/fullscreen/webkit-exit-full-screen-crash-expected.txt: Added. * LayoutTests/fullscreen/webkit-exit-full-screen-crash.html: Added. * Source/WebCore/dom/DocumentFullscreen.cpp: (WebCore::DocumentFullscreen::webkitExitFullscreen): Canonical link: https://commits.webkit.org/261735@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] db12f6: Fix crash in Document::topmostAutoPopover()
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: db12f6fd8603d4a56bc07e7072aae0c934fa1f15 https://github.com/WebKit/WebKit/commit/db12f6fd8603d4a56bc07e7072aae0c934fa1f15 Author: Chirag M Shah Date: 2023-03-08 (Wed, 08 Mar 2023) Changed paths: A LayoutTests/fast/html/popover-with-fullscreen-crash-expected.txt A LayoutTests/fast/html/popover-with-fullscreen-crash.html M Source/WebCore/dom/Document.cpp Log Message: --- Fix crash in Document::topmostAutoPopover() https://bugs.webkit.org/show_bug.cgi?id=253597 rdar://106423630 Reviewed by Tim Nguyen and Chris Dumez. This change fixes a crash introduced recently by making sure candidate is non-null before dereferencing it. * LayoutTests/fast/html/popover-with-fullscreen-crash-expected.txt: Added. * LayoutTests/fast/html/popover-with-fullscreen-crash.html: Added. * Source/WebCore/dom/Document.cpp: (WebCore::Document::topmostAutoPopover const): Canonical link: https://commits.webkit.org/261391@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] f2c293: Move uses of PlatformGamepad* to being WeakPtrs or...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: f2c293349a71f5fd06594bf3a334e2e7a965ea74 https://github.com/WebKit/WebKit/commit/f2c293349a71f5fd06594bf3a334e2e7a965ea74 Author: Chirag M Shah Date: 2023-03-06 (Mon, 06 Mar 2023) Changed paths: M Source/WebCore/Modules/gamepad/GamepadManager.cpp M Source/WebCore/Modules/gamepad/NavigatorGamepad.cpp M Source/WebCore/platform/gamepad/EmptyGamepadProvider.cpp M Source/WebCore/platform/gamepad/EmptyGamepadProvider.h M Source/WebCore/platform/gamepad/GamepadProvider.cpp M Source/WebCore/platform/gamepad/GamepadProvider.h M Source/WebCore/platform/gamepad/cocoa/GameControllerGamepadProvider.h M Source/WebCore/platform/gamepad/cocoa/GameControllerGamepadProvider.mm M Source/WebCore/platform/gamepad/libwpe/GamepadProviderLibWPE.cpp M Source/WebCore/platform/gamepad/libwpe/GamepadProviderLibWPE.h M Source/WebCore/platform/gamepad/mac/HIDGamepadProvider.h M Source/WebCore/platform/gamepad/mac/HIDGamepadProvider.mm M Source/WebCore/platform/gamepad/mac/MultiGamepadProvider.h M Source/WebCore/platform/gamepad/mac/MultiGamepadProvider.mm M Source/WebCore/platform/gamepad/manette/ManetteGamepadProvider.cpp M Source/WebCore/platform/gamepad/manette/ManetteGamepadProvider.h M Source/WebCore/testing/MockGamepadProvider.cpp M Source/WebCore/testing/MockGamepadProvider.h M Source/WebKit/WebProcess/Gamepad/WebGamepadProvider.cpp M Source/WebKit/WebProcess/Gamepad/WebGamepadProvider.h Log Message: --- Move uses of PlatformGamepad* to being WeakPtrs or containers that support WeakPtrs https://bugs.webkit.org/show_bug.cgi?id=253331 rdar://106168221 Reviewed by Ryosuke Niwa and David Kilzer. Now that GamepadProviderClient and PlatformGamepad inherit from CanHaveWeakPtr, we should stop storing raw pointers where possible. * Source/WebCore/Modules/gamepad/GamepadManager.cpp: (WebCore::GamepadManager::platformGamepadConnected): (WebCore::GamepadManager::platformGamepadInputActivity): * Source/WebCore/Modules/gamepad/NavigatorGamepad.cpp: (WebCore::NavigatorGamepad::gamepads): (WebCore::NavigatorGamepad::gamepadsBecameVisible): * Source/WebCore/platform/gamepad/EmptyGamepadProvider.cpp: (WebCore::EmptyGamepadProvider::platformGamepads): (): Deleted. * Source/WebCore/platform/gamepad/EmptyGamepadProvider.h: * Source/WebCore/platform/gamepad/GamepadProvider.cpp: (WebCore::GamepadProvider::dispatchPlatformGamepadInputActivity): * Source/WebCore/platform/gamepad/GamepadProvider.h: * Source/WebCore/platform/gamepad/cocoa/GameControllerGamepadProvider.h: * Source/WebCore/platform/gamepad/cocoa/GameControllerGamepadProvider.mm: (WebCore::GameControllerGamepadProvider::controllerDidConnect): (WebCore::GameControllerGamepadProvider::controllerDidDisconnect): (WebCore::GameControllerGamepadProvider::startMonitoringGamepads): (WebCore::GameControllerGamepadProvider::stopMonitoringGamepads): (WebCore::GameControllerGamepadProvider::makeInvisibleGamepadsVisible): (WebCore::GameControllerGamepadProvider::playEffect): (WebCore::GameControllerGamepadProvider::stopEffects): * Source/WebCore/platform/gamepad/libwpe/GamepadProviderLibWPE.cpp: (WebCore::GamepadProviderLibWPE::startMonitoringGamepads): (WebCore::GamepadProviderLibWPE::stopMonitoringGamepads): (WebCore::GamepadProviderLibWPE::gamepadConnected): (WebCore::GamepadProviderLibWPE::gamepadDisconnected): * Source/WebCore/platform/gamepad/libwpe/GamepadProviderLibWPE.h: * Source/WebCore/platform/gamepad/mac/HIDGamepadProvider.h: * Source/WebCore/platform/gamepad/mac/HIDGamepadProvider.mm: (WebCore::HIDGamepadProvider::startMonitoringGamepads): (WebCore::HIDGamepadProvider::stopMonitoringGamepads): (WebCore::HIDGamepadProvider::deviceAdded): (WebCore::HIDGamepadProvider::deviceRemoved): * Source/WebCore/platform/gamepad/mac/MultiGamepadProvider.h: * Source/WebCore/platform/gamepad/mac/MultiGamepadProvider.mm: (WebCore::MultiGamepadProvider::startMonitoringGamepads): (WebCore::MultiGamepadProvider::stopMonitoringGamepads): (WebCore::MultiGamepadProvider::platformGamepadConnected): (WebCore::MultiGamepadProvider::platformGamepadDisconnected): (WebCore::MultiGamepadProvider::platformGamepadInputActivity): * Source/WebCore/platform/gamepad/manette/ManetteGamepadProvider.cpp: (WebCore::ManetteGamepadProvider::startMonitoringGamepads): (WebCore::ManetteGamepadProvider::stopMonitoringGamepads): (WebCore::ManetteGamepadProvider::deviceConnected): (WebCore::ManetteGamepadProvider::deviceDisconnected): * Source/WebCore/platform/gamepad/manette/ManetteGamepadProvider.h: * Source/WebCore/testing/MockGamepadProvider.cpp: (WebCore::MockGamepadProvider::startMonitoringGamepads): (WebCore::MockGamepadProvider::stopMonitoringGamepads): (WebCore::MockGamepadProvider::connectMockGamepad): (WebCore::MockGamepadProvider::disconnectMockGamepad): * Source/WebCore/testing/MockGamepadProvider.h: * Source/WebKit/WebProcess/Gamepa
[webkit-changes] [WebKit/WebKit] 81bc2a: RenderElement::updateOutlineAutoAncestor should de...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 81bc2a0b0fb755976082c1ae57a0667cb9c4e2be https://github.com/WebKit/WebKit/commit/81bc2a0b0fb755976082c1ae57a0667cb9c4e2be Author: Chirag M Shah Date: 2023-03-03 (Fri, 03 Mar 2023) Changed paths: A LayoutTests/fast/rendering/outline-auto-for-moved-out-element-crash-expected.txt A LayoutTests/fast/rendering/outline-auto-for-moved-out-element-crash.html M Source/WebCore/rendering/RenderElement.cpp Log Message: --- RenderElement::updateOutlineAutoAncestor should deal with moved out renderers https://bugs.webkit.org/show_bug.cgi?id=253270 rdar://105873104 Reviewed by Alan Baradlay. Before this change, when RenderElement::updateOutlineAutoAncestor was called on RenderMultiColumnSpannerPlaceholder, we never looked at the children of the moved out element. This means that we would have an invalid outline auto set in the hierarchy of the moved out element, which can cause stack overflow. This change fixes it by making it so that we recurse through children of the moved out element to set the right state when dealing with RenderMultiColumnSpannerPlaceholder. * LayoutTests/fast/rendering/outline-auto-for-moved-out-element-crash-expected.txt: Added. * LayoutTests/fast/rendering/outline-auto-for-moved-out-element-crash.html: Added. * Source/WebCore/rendering/RenderElement.cpp: (WebCore::RenderElement::updateOutlineAutoAncestor): Canonical link: https://commits.webkit.org/261148@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 074120: Add tests to make sure confirm/prompt work from cr...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 07412048195177731c9cc21937bd440add942d1d https://github.com/WebKit/WebKit/commit/07412048195177731c9cc21937bd440add942d1d Author: Chirag M Shah Date: 2023-02-27 (Mon, 27 Feb 2023) Changed paths: M Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm M Tools/TestWebKitAPI/cocoa/TestUIDelegate.h M Tools/TestWebKitAPI/cocoa/TestUIDelegate.mm Log Message: --- Add tests to make sure confirm/prompt work from cross-origin iframes with site isolation. https://bugs.webkit.org/show_bug.cgi?id=252923 rdar://99897405 Reviewed by Alex Christensen. alert/confirm/prompt dialogs are expected to work from cross-origin iframes with site isolation. We already tests that alert works, but this change adds tests for confirm/prompt as well. * Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm: (TestWebKitAPI::TEST): * Tools/TestWebKitAPI/cocoa/TestUIDelegate.h: * Tools/TestWebKitAPI/cocoa/TestUIDelegate.mm: (-[TestUIDelegate webView:runJavaScriptConfirmPanelWithMessage:initiatedByFrame:completionHandler:]): (-[TestUIDelegate webView:runJavaScriptTextInputPanelWithPrompt:defaultText:initiatedByFrame:completionHandler:]): (-[TestUIDelegate waitForConfirm]): (-[TestUIDelegate waitForPromptWithDefaultInput:]): (-[WKWebView _test_waitForConfirm]): (-[WKWebView _test_waitForPromptWithDefaultInput:]): Canonical link: https://commits.webkit.org/260867@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 6ea95f: Make Page::mainFrame() return an AbstractFrame
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 6ea95fe00133c4a2cba4cafcb7501a64dc553169 https://github.com/WebKit/WebKit/commit/6ea95fe00133c4a2cba4cafcb7501a64dc553169 Author: Chirag M Shah Date: 2023-02-22 (Wed, 22 Feb 2023) Changed paths: M Source/WebCore/accessibility/atspi/AccessibilityRootAtspi.cpp M Source/WebCore/accessibility/mac/WebAccessibilityObjectWrapperMac.mm M Source/WebCore/editing/ReplaceSelectionCommand.cpp M Source/WebCore/editing/cocoa/WebContentReaderCocoa.mm M Source/WebCore/editing/markup.cpp M Source/WebCore/history/BackForwardCache.cpp M Source/WebCore/history/CachedPage.cpp M Source/WebCore/inspector/InspectorFrontendAPIDispatcher.cpp M Source/WebCore/inspector/InspectorFrontendClientLocal.cpp M Source/WebCore/inspector/InspectorFrontendHost.cpp M Source/WebCore/inspector/InspectorOverlay.cpp M Source/WebCore/inspector/agents/InspectorDOMAgent.cpp M Source/WebCore/inspector/agents/InspectorPageAgent.cpp M Source/WebCore/inspector/agents/InspectorTimelineAgent.cpp M Source/WebCore/inspector/agents/page/PageAuditAgent.cpp M Source/WebCore/inspector/agents/page/PageDebuggerAgent.cpp M Source/WebCore/inspector/agents/page/PageRuntimeAgent.cpp M Source/WebCore/loader/FrameLoader.cpp M Source/WebCore/loader/archive/mhtml/MHTMLArchive.cpp M Source/WebCore/page/AutoscrollController.cpp M Source/WebCore/page/Chrome.cpp M Source/WebCore/page/ContextMenuController.cpp M Source/WebCore/page/DOMWindow.cpp M Source/WebCore/page/DebugPageOverlays.cpp M Source/WebCore/page/DragController.cpp M Source/WebCore/page/EventHandler.cpp M Source/WebCore/page/FocusController.cpp M Source/WebCore/page/Frame.cpp M Source/WebCore/page/Frame.h M Source/WebCore/page/FrameView.cpp M Source/WebCore/page/History.cpp M Source/WebCore/page/Page.cpp M Source/WebCore/page/Page.h M Source/WebCore/page/PageColorSampler.cpp M Source/WebCore/page/PageConsoleClient.cpp M Source/WebCore/page/PageDebuggable.cpp M Source/WebCore/page/PageGroupLoadDeferrer.cpp M Source/WebCore/page/PageOverlay.cpp M Source/WebCore/page/PageOverlayController.cpp M Source/WebCore/page/PageSerializer.cpp M Source/WebCore/page/PerformanceLogging.cpp M Source/WebCore/page/PerformanceMonitor.cpp M Source/WebCore/page/PointerCaptureController.cpp M Source/WebCore/page/ResourceUsageOverlay.cpp M Source/WebCore/page/SettingsBase.cpp M Source/WebCore/page/SpatialNavigation.cpp M Source/WebCore/page/mac/DragControllerMac.mm M Source/WebCore/page/mac/ImageOverlayControllerMac.mm M Source/WebCore/page/mac/PageMac.mm M Source/WebCore/page/mac/ServicesOverlayController.mm M Source/WebCore/page/scrolling/AsyncScrollingCoordinator.cpp M Source/WebCore/page/scrolling/ScrollingCoordinator.cpp M Source/WebCore/page/scrolling/mac/ScrollingCoordinatorMac.mm M Source/WebCore/plugins/PluginData.cpp M Source/WebCore/plugins/PluginInfoProvider.cpp M Source/WebCore/rendering/RenderLayerCompositor.cpp M Source/WebCore/replay/UserInputBridge.cpp M Source/WebCore/style/StyleScopeRuleSets.cpp M Source/WebCore/style/StyleTreeResolver.cpp M Source/WebCore/svg/graphics/SVGImage.cpp M Source/WebCore/testing/InternalSettings.cpp M Source/WebCore/testing/Internals.cpp M Source/WebCore/testing/MockPageOverlayClient.cpp M Source/WebCore/workers/service/ServiceWorkerContainer.cpp M Source/WebCore/workers/service/ServiceWorkerGlobalScope.cpp M Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.cpp M Source/WebCore/workers/shared/context/SharedWorkerThreadProxy.cpp M Source/WebKit/UIProcess/MediaKeySystemPermissionRequestManagerProxy.cpp M Source/WebKit/WebProcess/FullScreen/WebFullScreenManager.cpp M Source/WebKit/WebProcess/Geolocation/WebGeolocationManager.cpp M Source/WebKit/WebProcess/InjectedBundle/API/c/WKBundlePage.cpp M Source/WebKit/WebProcess/Inspector/WebInspector.cpp M Source/WebKit/WebProcess/UserContent/WebUserContentController.cpp M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp M Source/WebKit/WebProcess/WebCoreSupport/WebContextMenuClient.cpp M Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp M Source/WebKit/WebProcess/WebCoreSupport/mac/WebContextMenuClientMac.mm M Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm M Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp M Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp M Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHostTextureMapper.cpp M Source/WebKit/WebProcess/WebPage/FindController.cpp M Source/WebKit/WebProcess/WebPage/WebFoundTextRangeController.cpp M Source/WebKit/WebProcess/WebPage/WebPage.cpp M Source/WebKit/We
[webkit-changes] [WebKit/WebKit] 3fb058: Move GridLineNamesClass before ValueListClass
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 3fb0588a949df9c7c58ab9a6c2c4f7c65f9e7b9e https://github.com/WebKit/WebKit/commit/3fb0588a949df9c7c58ab9a6c2c4f7c65f9e7b9e Author: Chirag M Shah Date: 2023-02-22 (Wed, 22 Feb 2023) Changed paths: A LayoutTests/fast/css/css-grid-line-names-crash-expected.txt A LayoutTests/fast/css/css-grid-line-names-crash.html M Source/WebCore/css/CSSValue.cpp M Source/WebCore/css/CSSValue.h Log Message: --- Move GridLineNamesClass before ValueListClass https://bugs.webkit.org/show_bug.cgi?id=252767 rdar://105773172 Reviewed by Darin Adler. We need to move GridLineNamesClass above ValueListClass so that CSSGridLineNamesValue is not treated as CSSValueContainingVector which will result in a crash. * LayoutTests/fast/css/css-grid-line-names-crash-expected.txt: Added. * LayoutTests/fast/css/css-grid-line-names-crash.html: Added. * Source/WebCore/css/CSSValue.cpp: (WebCore::CSSValue::createDeprecatedCSSOMWrapper const): * Source/WebCore/css/CSSValue.h: Canonical link: https://commits.webkit.org/260703@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 52ec37: Make mainFrame() return an AbstractFrame
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 52ec37994c2d2ff334b0e6ee531ac662872e231e https://github.com/WebKit/WebKit/commit/52ec37994c2d2ff334b0e6ee531ac662872e231e Author: Chirag M Shah Date: 2023-02-16 (Thu, 16 Feb 2023) Changed paths: M Source/WebCore/accessibility/AccessibilityObject.cpp M Source/WebCore/contentextensions/ContentExtensionsBackend.cpp M Source/WebCore/css/query/MediaQueryFeatures.cpp M Source/WebCore/dom/Document.cpp M Source/WebCore/dom/DocumentMarkerController.cpp M Source/WebCore/dom/EventDispatcher.cpp M Source/WebCore/editing/Editor.cpp M Source/WebCore/editing/EditorCommand.cpp M Source/WebCore/html/HTMLAnchorElement.cpp M Source/WebCore/html/MediaElementSession.cpp M Source/WebCore/inspector/agents/InspectorPageAgent.cpp M Source/WebCore/loader/DocumentLoader.cpp M Source/WebCore/loader/FrameLoader.cpp M Source/WebCore/loader/HistoryController.cpp M Source/WebCore/loader/NavigationDisabler.h M Source/WebCore/loader/cache/CachedResource.cpp M Source/WebCore/loader/cache/CachedResourceLoader.cpp M Source/WebCore/page/AutoscrollController.cpp M Source/WebCore/page/DOMWindow.cpp M Source/WebCore/page/EventHandler.cpp M Source/WebCore/page/Frame.h M Source/WebCore/page/FrameTree.cpp M Source/WebCore/page/FrameView.cpp M Source/WebCore/page/InteractionRegion.cpp M Source/WebCore/page/IntersectionObserver.cpp M Source/WebCore/page/Screen.cpp M Source/WebCore/page/UserContentProvider.cpp M Source/WebCore/page/scrolling/ScrollingCoordinator.cpp M Source/WebCore/testing/Internals.cpp M Source/WebCore/testing/Internals.mm M Source/WebKit/WebProcess/Automation/WebAutomationSessionProxy.cpp M Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp M Source/WebKit/WebProcess/Network/WebSocketChannel.cpp M Source/WebKit/WebProcess/WebCoreSupport/ShareableBitmapUtilities.cpp M Source/WebKit/WebProcess/WebCoreSupport/WebResourceLoadObserver.cpp M Source/WebKit/WebProcess/WebCoreSupport/mac/WebDragClientMac.mm M Source/WebKit/WebProcess/WebPage/WebFrame.cpp M Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm M Source/WebKitLegacy/mac/WebView/WebImmediateActionController.mm Log Message: --- Make mainFrame() return an AbstractFrame https://bugs.webkit.org/show_bug.cgi?id=252186 rdar://105412703 Reviewed by Alex Christensen. In preparation for website isolation, lets make Frame::mainFrame() return an AbstractFrame. Going forward, the callers of this method will need to decide if they are dealing with a LocalFrame or not, and take action accordingly. * Source/WebCore/accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::mainFrame const): * Source/WebCore/contentextensions/ContentExtensionsBackend.cpp: (WebCore::ContentExtensions::ContentExtensionsBackend::processContentRuleListsForLoad): * Source/WebCore/css/query/MediaQueryFeatures.cpp: (WebCore::MQ::Features::color): (WebCore::MQ::Features::colorGamut): (WebCore::MQ::Features::deviceAspectRatio): (WebCore::MQ::Features::deviceHeight): (WebCore::MQ::Features::deviceWidth): (WebCore::MQ::Features::dynamicRange): (WebCore::MQ::Features::monochrome): * Source/WebCore/dom/Document.cpp: (WebCore::Document::resolveStyle): (WebCore::Document::topDocument const): (WebCore::computeIntersectionState): * Source/WebCore/dom/DocumentMarkerController.cpp: (WebCore::updateMainFrameLayoutIfNeeded): * Source/WebCore/dom/EventDispatcher.cpp: (WebCore::shouldSuppressEventDispatchInDOM): * Source/WebCore/editing/Editor.cpp: (WebCore::Editor::canPaste const): (WebCore::Editor::shouldInsertText const): * Source/WebCore/editing/EditorCommand.cpp: (WebCore::allowExecutionWhenDisabledPaste): * Source/WebCore/html/HTMLAnchorElement.cpp: (WebCore::HTMLAnchorElement::mainDocumentRegistrableDomainForPCM const): (WebCore::HTMLAnchorElement::parsePrivateClickMeasurement const): * Source/WebCore/html/MediaElementSession.cpp: (WebCore::isElementMainContentForPurposesOfAutoplay): (WebCore::isElementRectMostlyInMainFrame): (WebCore::isElementLargeRelativeToMainFrame): * Source/WebCore/inspector/agents/InspectorPageAgent.cpp: (WebCore::InspectorPageAgent::didPaint): * Source/WebCore/loader/DocumentLoader.cpp: (WebCore::DocumentLoader::disallowWebArchive const): * Source/WebCore/loader/FrameLoader.cpp: (WebCore::FrameLoader::userAgent const): (WebCore::FrameLoader::navigatorPlatform const): (WebCore::FrameLoader::updateRequestAndAddExtraFields): (WebCore::FrameLoader::loadResourceSynchronously): (WebCore::FrameLoader::continueLoadAfterNavigationPolicy): (WebCore::FrameLoader::loadDifferentDocumentItem): (WebCore::FrameLoader::loadProgressingStatusChanged): * Source/WebCore/loader/HistoryController.cpp: (WebCore::FrameLoader::HistoryController::updateForCommit): (WebCore::FrameLoader::HistoryController::updateForSameDocumentNavigation): (WebCore::Fr
[webkit-changes] [WebKit/WebKit] a36079: Move m_invisibleGamepadsForClient to being a WeakH...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: a36079d20158fc7cc3b0ee3b2ce63f7bd7fe2e61 https://github.com/WebKit/WebKit/commit/a36079d20158fc7cc3b0ee3b2ce63f7bd7fe2e61 Author: Chirag M Shah Date: 2023-02-16 (Thu, 16 Feb 2023) Changed paths: M Source/WebCore/platform/gamepad/GamepadProviderClient.h M Source/WebCore/platform/gamepad/PlatformGamepad.h M Source/WebCore/testing/MockGamepadProvider.cpp M Source/WebCore/testing/MockGamepadProvider.h Log Message: --- Move m_invisibleGamepadsForClient to being a WeakHashMap https://bugs.webkit.org/show_bug.cgi?id=252439 rdar://105567085 Reviewed by Ryosuke Niwa and David Kilzer. Make GamepadProviderClient and PlatformGamepad support WeakPtr and use them in m_invisibleGamepadsForClient. * Source/WebCore/platform/gamepad/GamepadProviderClient.h: * Source/WebCore/platform/gamepad/PlatformGamepad.h: * Source/WebCore/testing/MockGamepadProvider.cpp: (WebCore::MockGamepadProvider::startMonitoringGamepads): (WebCore::MockGamepadProvider::stopMonitoringGamepads): (WebCore::MockGamepadProvider::connectMockGamepad): (WebCore::MockGamepadProvider::disconnectMockGamepad): * Source/WebCore/testing/MockGamepadProvider.h: Canonical link: https://commits.webkit.org/260411@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 9605dc: Check for fileSystemPath being non-null when addin...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 9605dc730f989f14ed646967fd70ab807d54ab36 https://github.com/WebKit/WebKit/commit/9605dc730f989f14ed646967fd70ab807d54ab36 Author: Chirag M Shah Date: 2023-02-15 (Wed, 15 Feb 2023) Changed paths: A LayoutTests/fast/history/add-file-with-invalid-utf8-crash-expected.txt A LayoutTests/fast/history/add-file-with-invalid-utf8-crash.html M Source/WebKit/UIProcess/WebProcessProxy.cpp Log Message: --- Check for fileSystemPath being non-null when adding to set https://bugs.webkit.org/show_bug.cgi?id=252341 rdar://99575855 Reviewed by Chris Dumez. This change fixes the crash in the UI process when the fileSystemPath is not a valid UTF-8. * LayoutTests/fast/history/add-file-with-invalid-utf8-crash-expected.txt: Added. * LayoutTests/fast/history/add-file-with-invalid-utf8-crash.html: Added. * Source/WebKit/UIProcess/WebProcessProxy.cpp: (WebKit::WebProcessProxy::addPreviouslyApprovedFileURL): (WebKit::WebProcessProxy::wasPreviouslyApprovedFileURL const): Canonical link: https://commits.webkit.org/260351@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 32eaf3: Make mainFrame() return an AbstractFrame
Branch: refs/heads/eng/return-abstractframe-for-mainframe Home: https://github.com/WebKit/WebKit Commit: 32eaf3f6ae87efc23e35a54cfb5bef1524be546a https://github.com/WebKit/WebKit/commit/32eaf3f6ae87efc23e35a54cfb5bef1524be546a Author: Chirag M Shah Date: 2023-02-10 (Fri, 10 Feb 2023) Changed paths: M Source/WebCore/accessibility/AccessibilityObject.cpp M Source/WebCore/contentextensions/ContentExtensionsBackend.cpp M Source/WebCore/css/query/MediaQueryFeatures.cpp M Source/WebCore/dom/Document.cpp M Source/WebCore/dom/DocumentMarkerController.cpp M Source/WebCore/dom/EventDispatcher.cpp M Source/WebCore/editing/Editor.cpp M Source/WebCore/editing/EditorCommand.cpp M Source/WebCore/html/HTMLAnchorElement.cpp M Source/WebCore/html/MediaElementSession.cpp M Source/WebCore/loader/DocumentLoader.cpp M Source/WebCore/loader/FrameLoader.cpp M Source/WebCore/loader/HistoryController.cpp M Source/WebCore/loader/NavigationDisabler.h M Source/WebCore/loader/cache/CachedResource.cpp M Source/WebCore/loader/cache/CachedResourceLoader.cpp M Source/WebCore/page/AutoscrollController.cpp M Source/WebCore/page/DOMWindow.cpp M Source/WebCore/page/EventHandler.cpp M Source/WebCore/page/Frame.cpp M Source/WebCore/page/Frame.h M Source/WebCore/page/Screen.cpp M Source/WebCore/testing/Internals.cpp M Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp M Source/WebKit/WebProcess/WebCoreSupport/mac/WebDragClientMac.mm M Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm Log Message: --- Make mainFrame() return an AbstractFrame Include a Radar link (OOPS!). Reviewed by NOBODY (OOPS!). Work in progress... * Source/WebCore/accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::mainFrame const): * Source/WebCore/contentextensions/ContentExtensionsBackend.cpp: (WebCore::ContentExtensions::ContentExtensionsBackend::processContentRuleListsForLoad): * Source/WebCore/css/query/MediaQueryFeatures.cpp: (WebCore::MQ::Features::color): (WebCore::MQ::Features::colorGamut): (WebCore::MQ::Features::deviceAspectRatio): (WebCore::MQ::Features::deviceHeight): (WebCore::MQ::Features::deviceWidth): (WebCore::MQ::Features::dynamicRange): (WebCore::MQ::Features::monochrome): * Source/WebCore/dom/Document.cpp: (WebCore::Document::resolveStyle): (WebCore::Document::topDocument const): (WebCore::computeIntersectionState): * Source/WebCore/dom/DocumentMarkerController.cpp: (WebCore::updateMainFrameLayoutIfNeeded): * Source/WebCore/dom/EventDispatcher.cpp: (WebCore::shouldSuppressEventDispatchInDOM): * Source/WebCore/editing/Editor.cpp: (WebCore::Editor::canPaste const): (WebCore::Editor::shouldInsertText const): * Source/WebCore/editing/EditorCommand.cpp: (WebCore::allowExecutionWhenDisabledPaste): * Source/WebCore/html/HTMLAnchorElement.cpp: (WebCore::HTMLAnchorElement::mainDocumentRegistrableDomainForPCM const): (WebCore::HTMLAnchorElement::parsePrivateClickMeasurement const): * Source/WebCore/html/MediaElementSession.cpp: (WebCore::isElementMainContentForPurposesOfAutoplay): (WebCore::isElementRectMostlyInMainFrame): (WebCore::isElementLargeRelativeToMainFrame): * Source/WebCore/loader/DocumentLoader.cpp: (WebCore::DocumentLoader::disallowWebArchive const): * Source/WebCore/loader/FrameLoader.cpp: (WebCore::FrameLoader::checkLoadComplete): (WebCore::FrameLoader::userAgent const): (WebCore::FrameLoader::navigatorPlatform const): (WebCore::FrameLoader::updateRequestAndAddExtraFields): (WebCore::FrameLoader::loadResourceSynchronously): (WebCore::FrameLoader::continueLoadAfterNavigationPolicy): (WebCore::FrameLoader::loadDifferentDocumentItem): (WebCore::FrameLoader::loadProgressingStatusChanged): * Source/WebCore/loader/HistoryController.cpp: (WebCore::FrameLoader::HistoryController::updateForCommit): (WebCore::FrameLoader::HistoryController::updateForSameDocumentNavigation): (WebCore::FrameLoader::HistoryController::updateBackForwardListClippedAtTarget): (WebCore::FrameLoader::HistoryController::pushState): * Source/WebCore/loader/NavigationDisabler.h: (WebCore::NavigationDisabler::NavigationDisabler): (WebCore::NavigationDisabler::~NavigationDisabler): (WebCore::NavigationDisabler::isNavigationAllowed): * Source/WebCore/loader/cache/CachedResource.cpp: (WebCore::CachedResource::load): * Source/WebCore/loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::requestResource): * Source/WebCore/page/AutoscrollController.cpp: (WebCore::AutoscrollController::stopAutoscrollTimer): * Source/WebCore/page/DOMWindow.cpp: (WebCore::DOMWindow::outerHeight const): (WebCore::DOMWindow::outerWidth const): (WebCore::DOMWindow::isSameSecurityOriginAsMainFrame const): (WebCore::DOMWindow::open): * Source/WebCore/page/EventHandler.cpp: (WebCore::EventHandler::hitTestResultAtPoint const): (WebCore::EventHandler::selectCursor): (WebCore::EventHandler::handleMousePressEvent): (WebCore::EventHandler::i
[webkit-changes] [WebKit/WebKit] c7229d: Add allowsFirstPartyForCookies in WebSharedWorkerS...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: c7229df52bd1e42c1508970472b0e4792d24140c https://github.com/WebKit/WebKit/commit/c7229df52bd1e42c1508970472b0e4792d24140c Author: Chirag M Shah Date: 2023-02-04 (Sat, 04 Feb 2023) Changed paths: M Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp Log Message: --- Add allowsFirstPartyForCookies in WebSharedWorkerServerConnection::requestSharedWorker https://bugs.webkit.org/show_bug.cgi?id=251720 rdar://105018668 Reviewed by Alex Christensen. We need to add allowsFirstPartyForCookies when requesting shared worker so that a compromised web process doesn't access cookies its not supposed to. * Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp: (WebKit::WebSharedWorkerServerConnection::requestSharedWorker): Canonical link: https://commits.webkit.org/259859@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 37ea76: Fix infinite recursion in propagateRepaintToParent...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 37ea7633b1ef5a3fab0620cc7f6df2b7ddf89c2c https://github.com/WebKit/WebKit/commit/37ea7633b1ef5a3fab0620cc7f6df2b7ddf89c2c Author: Chirag M Shah Date: 2023-02-01 (Wed, 01 Feb 2023) Changed paths: M Source/WebCore/rendering/RenderObject.cpp Log Message: --- Fix infinite recursion in propagateRepaintToParentWithOutlineAutoIfNeeded https://bugs.webkit.org/show_bug.cgi?id=251409 rdar://104814038 Reviewed by Alan Baradlay. Now that we map the removed element to the placeholder, we need to use the original renderer for comparison otherwise we would cause infinite recursion. * Source/WebCore/rendering/RenderObject.cpp: (WebCore::RenderObject::propagateRepaintToParentWithOutlineAutoIfNeeded const): Canonical link: https://commits.webkit.org/259725@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] e80607: Don't create renderer for foreignElement when it h...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: e806076966607b8327822663338316299261960b https://github.com/WebKit/WebKit/commit/e806076966607b8327822663338316299261960b Author: Chirag M Shah Date: 2023-02-01 (Wed, 01 Feb 2023) Changed paths: A LayoutTests/svg/foreignObject/foreign-object-without-svgroot-crash-expected.txt A LayoutTests/svg/foreignObject/foreign-object-without-svgroot-crash.html M Source/WebCore/svg/SVGForeignObjectElement.cpp Log Message: --- Don't create renderer for foreignElement when it has no parent https://bugs.webkit.org/show_bug.cgi?id=241778 rdar://102916021 Reviewed by Nikolas Zimmermann. If the body is replaced by foreignElement, it results in a DOM which doesn't have anything to render or layout, but it crashes WebKit because we trip over an assert because isPaintOffsetCacheEnabled is not disabled (which happens only when there is a SVGRoot). This change makes it so that we don't generate the useless renderer in the first place, which is what happens with other SVGElements. * LayoutTests/svg/foreignObject/foreign-object-without-svgroot-crash-expected.txt: Added. * LayoutTests/svg/foreignObject/foreign-object-without-svgroot-crash.html: Added. * Source/WebCore/svg/SVGForeignObjectElement.cpp: (WebCore::SVGForeignObjectElement::rendererIsNeeded): Canonical link: https://commits.webkit.org/259685@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 020e4c: Make chirags27 a WebKit committer.
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 020e4ca50944304fb1fb99315e8449f7b37f1a50 https://github.com/WebKit/WebKit/commit/020e4ca50944304fb1fb99315e8449f7b37f1a50 Author: Chirag M Shah Date: 2023-01-26 (Thu, 26 Jan 2023) Changed paths: M metadata/contributors.json Log Message: --- Make chirags27 a WebKit committer. Reviewed by Jonathan Bedard. Add myself to committers list after being invited to become a WebKit committer. * metadata/contributors.json: Canonical link: https://commits.webkit.org/259453@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 7d8ee9: Cherry-pick 252432.954@safari-7614-branch (1144077...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 7d8ee943ec4d6a93b3e74f8dc0edd5044ebd5831 https://github.com/WebKit/WebKit/commit/7d8ee943ec4d6a93b3e74f8dc0edd5044ebd5831 Author: Chirag M Shah Date: 2023-01-26 (Thu, 26 Jan 2023) Changed paths: M Source/WebKit/UIProcess/mac/LegacySessionStateCoding.cpp Log Message: --- Cherry-pick 252432.954@safari-7614-branch (114407780ae6). rdar://104668013 Guard against overflow when growing the buffer rdar://problem/103000322 Reviewed by Jonathan Bedard and Chris Dumez. * Source/WebKit/UIProcess/mac/LegacySessionStateCoding.cpp: (WebKit::HistoryEntryDataEncoder::grow): (WebKit::HistoryEntryDataEncoder::growCapacity): Canonical link: https://commits.webkit.org/252432.954@safari-7614-branch Canonical link: https://commits.webkit.org/259452@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 0ff58f: Fix traversal for moved out elements by mapping pl...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 0ff58f04d04d4c6b1aa1e2635dce38903db82f9a https://github.com/WebKit/WebKit/commit/0ff58f04d04d4c6b1aa1e2635dce38903db82f9a Author: Chirag M Shah Date: 2023-01-25 (Wed, 25 Jan 2023) Changed paths: A LayoutTests/fast/rendering/render-multi-column-set-invalidate-crash-expected.txt A LayoutTests/fast/rendering/render-multi-column-set-invalidate-crash.html M Source/WebCore/rendering/RenderLayerModelObject.cpp M Source/WebCore/rendering/RenderMultiColumnFlow.cpp M Source/WebCore/rendering/RenderMultiColumnFlow.h M Source/WebCore/rendering/RenderObject.cpp M Source/WebCore/rendering/updating/RenderTreeBuilder.cpp Log Message: --- Fix traversal for moved out elements by mapping placeholders https://bugs.webkit.org/show_bug.cgi?id=251126 rdar://94017781 Reviewed by Alan Baradlay. Before this change, when we used to traverse the ancestor chain for autoinline validation in propagateRepaintToParentWithOutlineAutoIfNeeded, we just looked at the direct parent of the moved out element. That was incorrect, because the moved out elements have a placeholder inserted in their original position and hence we need to look it up in the enclosing scope. This change fixes that. * LayoutTests/fast/rendering/render-multi-column-set-invalidate-crash-expected.txt: Added. * LayoutTests/fast/rendering/render-multi-column-set-invalidate-crash.html: Added. * Source/WebCore/rendering/RenderLayerModelObject.cpp: (WebCore::RenderLayerModelObject::willBeRemovedFromTree): * Source/WebCore/rendering/RenderMultiColumnFlow.cpp: (WebCore::RenderMultiColumnFlow::findColumnSpannerPlaceholder const): * Source/WebCore/rendering/RenderMultiColumnFlow.h: * Source/WebCore/rendering/RenderObject.cpp: (WebCore::RenderObject::propagateRepaintToParentWithOutlineAutoIfNeeded const): * Source/WebCore/rendering/updating/RenderTreeBuilder.cpp: (WebCore::RenderTreeBuilder::detachFromRenderElement): Canonical link: https://commits.webkit.org/259412@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] feab6d: Make MockGamepadProvider robust so that it doesn't...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: feab6de8fb5ee04b52a859ee7066266258c13b30 https://github.com/WebKit/WebKit/commit/feab6de8fb5ee04b52a859ee7066266258c13b30 Author: Chirag M Shah Date: 2023-01-25 (Wed, 25 Jan 2023) Changed paths: M Source/WebCore/testing/MockGamepadProvider.cpp M Source/WebCore/testing/MockGamepadProvider.h Log Message: --- Make MockGamepadProvider robust so that it doesn't end up crashing the test runner https://bugs.webkit.org/show_bug.cgi?id=250605 rdar://104165858 Reviewed by David Kilzer. This change adds more state to MockGamepadProvider so that it can track the gamepads that were connected before the GamepadProviderClient starts monitoring. Before this change, a simple snippet like: testRunner.setMockGamepadDetails(0); testRunner.connectMockGamepad(0); addEventListener('gamepadconnected', () => {}); would crash the test runner. * Source/WebCore/testing/MockGamepadProvider.cpp: (WebCore::MockGamepadProvider::startMonitoringGamepads): (WebCore::MockGamepadProvider::stopMonitoringGamepads): (WebCore::MockGamepadProvider::connectMockGamepad): (WebCore::MockGamepadProvider::disconnectMockGamepad): * Source/WebCore/testing/MockGamepadProvider.h: Canonical link: https://commits.webkit.org/259411@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 6dd569: Cherry-pick 252432.940@safari-7614-branch (e34a3c3...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 6dd5690bed2cc05518d594287d6520a1847c1e96 https://github.com/WebKit/WebKit/commit/6dd5690bed2cc05518d594287d6520a1847c1e96 Author: Chirag M Shah Date: 2023-01-25 (Wed, 25 Jan 2023) Changed paths: M Source/WebCore/Modules/websockets/WebSocketDeflater.cpp Log Message: --- Cherry-pick 252432.940@safari-7614-branch (e34a3c3b5918). rdar://problem/104648708 Fix int overflow leading to OOB write rdar://problem/80071711 Reviewed by Chris Dumez and Ryan Haddad. * Source/WebCore/Modules/websockets/WebSocketDeflater.cpp: (WebCore::WebSocketDeflater::addBytes): (WebCore::WebSocketDeflater::finish): (WebCore::WebSocketInflater::addBytes): (WebCore::WebSocketInflater::finish): * Source/WebCore/rendering/updating/RenderTreeBuilder.cpp: (WebCore::RenderTreeBuilder::destroy): (WebCore::RenderTreeBuilder::attach): (WebCore::RenderTreeBuilder::attachToRenderElementInternal): * Source/WebCore/rendering/updating/RenderTreeUpdater.cpp: (WebCore::RenderTreeUpdater::createTextRenderer): Canonical link: https://commits.webkit.org/252432.940@safari-7614-branch Canonical link: https://commits.webkit.org/259375@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 00b88f: Autogenerate serializers for font attributes and n...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 00b88f5cfcd77748f2192e071871822189045af3 https://github.com/WebKit/WebKit/commit/00b88f5cfcd77748f2192e071871822189045af3 Author: Chirag M Shah Date: 2023-01-13 (Fri, 13 Jan 2023) Changed paths: M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml M Source/WebCore/editing/FontAttributes.h M Source/WebCore/editing/VisibleSelection.h M Source/WebCore/editing/WritingDirection.h M Source/WebCore/editing/cocoa/DataDetectorType.h M Source/WebCore/html/AutocapitalizeTypes.h M Source/WebCore/loader/FrameLoader.cpp M Source/WebCore/page/Settings.yaml M Source/WebKit/Shared/WebCoreArgumentCoders.cpp M Source/WebKit/Shared/WebCoreArgumentCoders.h M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in Log Message: --- Autogenerate serializers for font attributes and nested enums inside it https://bugs.webkit.org/show_bug.cgi?id=250465 rdar://104130124 Reviewed by Alex Christensen. * Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml: * Source/WebCore/editing/FontAttributes.h: (WebCore::TextList::encode const): Deleted. (WebCore::TextList::decode): Deleted. * Source/WebCore/editing/VisibleSelection.h: * Source/WebCore/editing/WritingDirection.h: * Source/WebCore/editing/cocoa/DataDetectorType.h: * Source/WebCore/html/AutocapitalizeTypes.h: * Source/WebCore/loader/FrameLoader.cpp: (WebCore::FrameLoader::checkLoadCompleteForThisFrame): * Source/WebCore/page/Settings.yaml: * Source/WebKit/Shared/WebCoreArgumentCoders.cpp: (IPC::ArgumentCoder::encode): Deleted. (IPC::ArgumentCoder::decode): Deleted. * Source/WebKit/Shared/WebCoreArgumentCoders.h: * Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in: Canonical link: https://commits.webkit.org/258877@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] b6d6c6: Start autogenerating isValidEnum() definition for ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: b6d6c675d032c68d47cedfb7568e2f6e8bc75c4b https://github.com/WebKit/WebKit/commit/b6d6c675d032c68d47cedfb7568e2f6e8bc75c4b Author: Chirag M Shah Date: 2023-01-10 (Tue, 10 Jan 2023) Changed paths: M Source/WebCore/bindings/js/ExceptionDetails.h M Source/WebCore/dom/DOMPasteAccess.h M Source/WebCore/dom/DeviceOrientationOrMotionPermissionState.h M Source/WebCore/dom/SecurityPolicyViolationEventDisposition.h M Source/WebCore/editing/FontAttributeChanges.h M Source/WebCore/editing/TextGranularity.h M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in Log Message: --- Start autogenerating isValidEnum() definition for various enums https://bugs.webkit.org/show_bug.cgi?id=250422 rdar://104098282 Reviewed by Alex Christensen. * Source/WebCore/bindings/js/ExceptionDetails.h: * Source/WebCore/dom/DOMPasteAccess.h: * Source/WebCore/dom/DeviceOrientationOrMotionPermissionState.h: * Source/WebCore/dom/SecurityPolicyViolationEventDisposition.h: * Source/WebCore/editing/FontAttributeChanges.h: * Source/WebCore/editing/FontAttributes.h: * Source/WebCore/editing/TextGranularity.h: * Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in: Canonical link: https://commits.webkit.org/258773@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] db5cab: Stop returning nullptr for system font keywords on...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: db5cab0a4aaaf397271d4422ae417a6f39ea18cb https://github.com/WebKit/WebKit/commit/db5cab0a4aaaf397271d4422ae417a6f39ea18cb Author: Chirag M Shah Date: 2023-01-10 (Tue, 10 Jan 2023) Changed paths: A LayoutTests/fast/css/css-text-border-menu-expected.txt A LayoutTests/fast/css/css-text-border-menu.html M Source/WebCore/css/StyleProperties.cpp Log Message: --- Stop returning nullptr for system font keywords on non-font related properties https://bugs.webkit.org/show_bug.cgi?id=250245 rdar://103916548 Reviewed by Darin Adler and Tim Nguyen. The code that is handling font: menu shouldn’t apply to non-font properties. * LayoutTests/fast/css/css-text-border-menu-expected.txt: Added. * LayoutTests/fast/css/css-text-border-menu.html: Added. * Source/WebCore/css/StyleProperties.cpp: (WebCore::StyleProperties::getPropertyCSSValue const): Canonical link: https://commits.webkit.org/258742@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 096f18: Encode 128 bits for IPC's destination identifier
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 096f18835da5d23891a76c17b4f010f057dcdee2 https://github.com/WebKit/WebKit/commit/096f18835da5d23891a76c17b4f010f057dcdee2 Author: Chirag M Shah Date: 2023-01-05 (Thu, 05 Jan 2023) Changed paths: M Source/WTF/wtf/Int128.h M Source/WTF/wtf/ObjectIdentifier.h M Source/WebKit/NetworkProcess/NetworkProcess.cpp M Source/WebKit/Platform/IPC/Connection.cpp M Source/WebKit/Platform/IPC/Connection.h M Source/WebKit/Platform/IPC/Decoder.cpp M Source/WebKit/Platform/IPC/Decoder.h M Source/WebKit/Platform/IPC/Encoder.cpp M Source/WebKit/Platform/IPC/Encoder.h M Source/WebKit/Platform/IPC/MessageReceiveQueueMap.h M Source/WebKit/Platform/IPC/MessageReceiverMap.cpp M Source/WebKit/Platform/IPC/MessageReceiverMap.h M Source/WebKit/Platform/IPC/MessageSender.h M Source/WebKit/Platform/IPC/ReceiverMatcher.h M Source/WebKit/Platform/IPC/StreamClientConnection.h M Source/WebKit/Platform/IPC/StreamServerConnection.cpp M Source/WebKit/Platform/IPC/StreamServerConnection.h M Source/WebKit/Scripts/webkit/messages.py M Source/WebKit/Shared/AuxiliaryProcess.cpp M Source/WebKit/Shared/AuxiliaryProcess.h M Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp M Source/WebKit/UIProcess/AuxiliaryProcessProxy.h M Source/WebKit/UIProcess/WebProcessPool.cpp M Source/WebKit/UIProcess/WebProcessPool.h M Source/WebKit/WebProcess/Automation/WebAutomationSessionProxy.cpp M Source/WebKit/WebProcess/WebPage/IPCTestingAPI.cpp M Source/WebKit/WebProcess/WebProcess.cpp M Tools/TestWebKitAPI/Tests/IPC/ConnectionTests.cpp M Tools/TestWebKitAPI/Tests/IPC/IPCTestUtilities.h M Tools/TestWebKitAPI/Tests/IPC/StreamConnectionTests.cpp M Tools/TestWebKitAPI/Tests/WebKitCocoa/IPCTestingAPI.mm Log Message: --- Encode 128 bits for IPC's destination identifier https://bugs.webkit.org/show_bug.cgi?id=248929 Reviewed by Alex Christensen. This will allow me to fit a FrameIdentifier which is 128 bits. * Source/WTF/wtf/Int128.h: (WTF::DefaultHash::hash): (WTF::DefaultHash::equal): (WTF::DefaultHash::hash): (WTF::DefaultHash::equal): (WTF::HashTraits::constructDeletedValue): (WTF::HashTraits::isDeletedValue): (WTF::HashTraits::constructDeletedValue): (WTF::HashTraits::isDeletedValue): (IPC::ArgumentCoder::encode): (IPC::ArgumentCoder::decode): (IPC::ArgumentCoder::encode): (IPC::ArgumentCoder::decode): * Source/WTF/wtf/ObjectIdentifier.h: (WTF::makeObjectIdentifier): * Source/WebKit/NetworkProcess/NetworkProcess.cpp: (WebKit::NetworkProcess::didReceiveMessage): (WebKit::NetworkProcess::didReceiveSyncMessage): (WebKit::NetworkProcess::findPendingDownloadLocation): * Source/WebKit/Platform/IPC/Connection.cpp: (IPC::Connection::WaitForMessageState::WaitForMessageState): (IPC::Connection::SyncMessageState::dispatchMessages): (IPC::Connection::addWorkQueueMessageReceiver): (IPC::Connection::removeWorkQueueMessageReceiver): (IPC::Connection::addMessageReceiver): (IPC::Connection::removeMessageReceiver): (IPC::Connection::createSyncMessageEncoder): (IPC::Connection::waitForMessage): * Source/WebKit/Platform/IPC/Connection.h: (IPC::Connection::sendWithAsyncReply): (IPC::Connection::send): (IPC::Connection::sendSync): (IPC::Connection::waitForAndDispatchImmediately): (IPC::Connection::waitForAsyncReplyAndDispatchImmediately): (IPC::Connection::waitForMessageForTesting): * Source/WebKit/Platform/IPC/Decoder.cpp: (IPC::Decoder::Decoder): * Source/WebKit/Platform/IPC/Decoder.h: (IPC::Decoder::destinationID const): * Source/WebKit/Platform/IPC/Encoder.cpp: (IPC::Encoder::Encoder): * Source/WebKit/Platform/IPC/Encoder.h: * Source/WebKit/Platform/IPC/MessageReceiveQueueMap.h: * Source/WebKit/Platform/IPC/MessageReceiverMap.cpp: (IPC::MessageReceiverMap::addMessageReceiver): (IPC::MessageReceiverMap::removeMessageReceiver): * Source/WebKit/Platform/IPC/MessageReceiverMap.h: * Source/WebKit/Platform/IPC/MessageSender.h: (IPC::MessageSender::send): (IPC::MessageSender::sendSync): (IPC::MessageSender::sendWithAsyncReply): * Source/WebKit/Platform/IPC/ReceiverMatcher.h: (IPC::ReceiverMatcher::ReceiverMatcher): (IPC::ReceiverMatcher::createWithZeroAsAnyDestination): (IPC::ReceiverMatcher::matches const): * Source/WebKit/Platform/IPC/StreamClientConnection.h: (IPC::StreamClientConnection::trySendDestinationIDIfNeeded): * Source/WebKit/Platform/IPC/StreamServerConnection.cpp: (IPC::StreamServerConnection::startReceivingMessages): (IPC::StreamServerConnection::stopReceivingMessages): (IPC::StreamServerConnection::processSetStreamDestinationID): * Source/WebKit/Platform/IPC/StreamServerConnection.h: * Source/WebKit/Scripts/webkit/messages.py: (generate_message_handler): * Source/WebKit/Shared/AuxiliaryProcess.cpp: (WebKit::AuxiliaryProcess::addMessageReceiver): (WebKit::AuxiliaryProcess::removeMessageReceiver): * Source/WebKit/Shared/AuxiliaryProcess.h: * Source
[webkit-changes] [WebKit/WebKit] d030f8: Cherry-pick 252432.689@safari-7614-branch (706a069...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: d030f866382e08d435256019406253718dc11a17 https://github.com/WebKit/WebKit/commit/d030f866382e08d435256019406253718dc11a17 Author: Chirag M Shah Date: 2022-12-19 (Mon, 19 Dec 2022) Changed paths: M Source/WebCore/dom/ContainerNode.cpp Log Message: --- Cherry-pick 252432.689@safari-7614-branch (706a0693c737). rdar://103520049 Correctly teardown children for elements with NULL renderer which have display contents changed. rdar://problem/99616850 Reviewed by Antti Koivisto. - When an element has display-contents:true, we don't created a renderer for it, but its children may still have rendenders which point to nodes in the DOM. When certain nodes in the DOM are torn down, these renderers were holding stale references, which caused use-after-free issues. The patch fixes the issue by correcting the teardown logic for such nodes. * Source/WebCore/dom/ContainerNode.cpp: (WebCore::destroyRenderTreeIfNeeded): Canonical link: https://commits.webkit.org/252432.689@safari-7614-branch Canonical link: https://commits.webkit.org/258098@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 482b2f: Cherry-pick 252432.570@safari-7614-branch (899c452...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 482b2f4161de044365b2314587b9256c57845fa3 https://github.com/WebKit/WebKit/commit/482b2f4161de044365b2314587b9256c57845fa3 Author: Chirag M Shah Date: 2022-12-19 (Mon, 19 Dec 2022) Changed paths: M Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.mm Log Message: --- Cherry-pick 252432.570@safari-7614-branch (899c452932ee). rdar://103519902 Sanitize origin/size of rect so that we don't trip over assertions in AppKit rdar://problem/99246860 Reviewed by Aditya Keerthi. * Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.mm: (-[WKDataListSuggestionsController dropdownRectForElementRect:]): Canonical link: https://commits.webkit.org/252432.570@safari-7614-branch Canonical link: https://commits.webkit.org/258092@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] a3c4cf: Add serialization support for new type (baseclass/...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: a3c4cf83fb2630f50af6aae5a6e5e67c54e6bf69 https://github.com/WebKit/WebKit/commit/a3c4cf83fb2630f50af6aae5a6e5e67c54e6bf69 Author: Chirag M Shah Date: 2022-12-12 (Mon, 12 Dec 2022) Changed paths: M Source/WebKit/Scripts/generate-serializers.py M Source/WebKit/Scripts/webkit/tests/GeneratedSerializers.cpp M Source/WebKit/Scripts/webkit/tests/GeneratedSerializers.h M Source/WebKit/Scripts/webkit/tests/SerializedTypeInfo.cpp M Source/WebKit/Scripts/webkit/tests/TestSerializedType.serialization.in M Source/WebKit/Shared/WebCoreArgumentCoders.cpp M Source/WebKit/Shared/WebCoreArgumentCoders.h M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in M Source/WebKit/WebProcess/WebPage/RemoteLayerTree/PlatformCAAnimationRemote.mm Log Message: --- Add serialization support for new type (baseclass/subclass relations) rdar://problem/103048679 Reviewed by Alex Christensen. * Source/WebKit/Scripts/generate-serializers.py: (SerializedType.__init__): (SerializedType.subclass_enum_name): (SerializedType): (SerializedType.function_name_for_enum): (MemberVariable.__init__): (EnumMember.__init__): (encode_type): (decode_type.is): (decode_type): (generate_impl): (generate_serialized_type_info): (parse_serialized_types): * Source/WebKit/Scripts/webkit/tests/GeneratedSerializers.cpp: (IPC::ArgumentCoder::decode): (IPC::ArgumentCoder::decode): (IPC::ArgumentCoder::decode): (IPC::ArgumentCoder::decode): (IPC::ArgumentCoder::decode): (IPC::ArgumentCoder::encode): (IPC::ArgumentCoder::decode): (WTF::void>): * Source/WebKit/Scripts/webkit/tests/GeneratedSerializers.h: * Source/WebKit/Scripts/webkit/tests/SerializedTypeInfo.cpp: * Source/WebKit/Scripts/webkit/tests/TestSerializedType.serialization.in: * Source/WebKit/Shared/WebCoreArgumentCoders.cpp: (IPC::ArgumentCoder::encode): Deleted. (IPC::ArgumentCoder::decode): Deleted. * Source/WebKit/Shared/WebCoreArgumentCoders.h: * Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in: * Source/WebKit/WebProcess/WebPage/RemoteLayerTree/PlatformCAAnimationRemote.mm: (WebKit::PlatformCAAnimationRemote::Properties::encode const): Canonical link: https://commits.webkit.org/257739@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 08d448: Add checks to allowsFirstPartyForCookies before ad...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 08d448e0d6740cf5a2e6356c433d8ac9c23d61fe https://github.com/WebKit/WebKit/commit/08d448e0d6740cf5a2e6356c433d8ac9c23d61fe Author: Chirag M Shah Date: 2022-12-05 (Mon, 05 Dec 2022) Changed paths: M Source/WebCore/workers/service/server/SWServer.cpp M Source/WebCore/workers/service/server/SWServer.h M Source/WebCore/workers/service/server/SWServerJobQueue.cpp M Source/WebCore/workers/service/server/SWServerJobQueue.h M Source/WebKit/NetworkProcess/NetworkProcess.cpp M Source/WebKit/NetworkProcess/NetworkProcess.h M Source/WebKit/NetworkProcess/NetworkSession.cpp Log Message: --- Add checks to allowsFirstPartyForCookies before adding a new ID<->origin mapping https://bugs.webkit.org/show_bug.cgi?id=248541 Reviewed by Alex Christensen. * Source/WebCore/workers/service/server/SWServer.cpp: (WebCore::SWServer::Connection::finishFetchingScriptInServer): (WebCore::SWServer::startScriptFetch): (WebCore::SWServer::scriptFetchFinished): (WebCore::SWServer::refreshImportedScripts): (WebCore::SWServer::refreshImportedScriptsFinished): (WebCore::SWServer::updateWorker): (WebCore::SWServer::tryInstallContextData): (WebCore::SWServer::contextConnectionCreated): * Source/WebCore/workers/service/server/SWServer.h: * Source/WebCore/workers/service/server/SWServerJobQueue.cpp: (WebCore::SWServerJobQueue::scriptFetchFinished): (WebCore::SWServerJobQueue::importedScriptsFetchFinished): * Source/WebCore/workers/service/server/SWServerJobQueue.h: * Source/WebKit/NetworkProcess/NetworkProcess.cpp: (WebKit::NetworkProcess::allowsFirstPartyForCookies): * Source/WebKit/NetworkProcess/NetworkProcess.h: * Source/WebKit/NetworkProcess/NetworkSession.cpp: (WebKit::NetworkSession::ensureSWServer): Canonical link: https://commits.webkit.org/257376@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 324460: Don't crash when RenderStyle is NULL for elements ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 324460324818d8c11892d690a58d5b7b37b2209d https://github.com/WebKit/WebKit/commit/324460324818d8c11892d690a58d5b7b37b2209d Author: Chirag M Shah Date: 2022-12-02 (Fri, 02 Dec 2022) Changed paths: A LayoutTests/fast/rendering/render-style-null-optgroup-crash-expected.txt A LayoutTests/fast/rendering/render-style-null-optgroup-crash.html M Source/WebCore/rendering/RenderListBox.cpp Log Message: --- Don't crash when RenderStyle is NULL for elements like optgroup when rendering https://bugs.webkit.org/show_bug.cgi?id=248575 Reviewed by Simon Fraser. * LayoutTests/fast/rendering/render-style-null-optgroup-crash-expected.txt: Added. * LayoutTests/fast/rendering/render-style-null-optgroup-crash.html: Added. * Source/WebCore/rendering/RenderListBox.cpp: (WebCore::RenderListBox::paintItemForeground): (WebCore::RenderListBox::paintItemBackground): Canonical link: https://commits.webkit.org/257295@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 903247: Update NetworkConnectionToWebProcess::domCookiesFo...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 903247bccc5b18689cf77da705c3214c55d8982e https://github.com/WebKit/WebKit/commit/903247bccc5b18689cf77da705c3214c55d8982e Author: Chirag M Shah Date: 2022-11-09 (Wed, 09 Nov 2022) Changed paths: M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in M Source/WebKit/WebProcess/WebPage/WebCookieCache.cpp Log Message: --- Update NetworkConnectionToWebProcess::domCookiesForHost to call into allowsFirstPartyForCookies https://bugs.webkit.org/show_bug.cgi?id=247510 rdar://problem/101981247 Reviewed by Alex Christensen. * Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp: (WebKit::NetworkConnectionToWebProcess::domCookiesForHost): * Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h: * Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in: * Source/WebKit/WebProcess/WebPage/WebCookieCache.cpp: (WebKit::WebCookieCache::cookiesForDOM): Canonical link: https://commits.webkit.org/256520@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 162415: Make sure scriptExecutionContext stays around when...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 1624156ba5f959a0e7cdb9e804271e3a493853ed https://github.com/WebKit/WebKit/commit/1624156ba5f959a0e7cdb9e804271e3a493853ed Author: Chirag M Shah Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: A LayoutTests/js/frame-application-cache-with-listener-crash-expected.txt A LayoutTests/js/frame-application-cache-with-listener-crash.html M Source/WebCore/loader/appcache/DOMApplicationCache.cpp Log Message: --- Make sure scriptExecutionContext stays around when invoking listeners https://bugs.webkit.org/show_bug.cgi?id=247380 Reviewed by Ryosuke Niwa. This change fixes DOMApplicationCache::scriptExecutionContext to get the correct scriptExecutionContext by getting it from the window instead of the frame because the frame can navigate when invoking event listeners, in which case the scriptExecutionContext will become NULL. * LayoutTests/js/frame-application-cache-with-listener-crash-expected.txt: Added. * LayoutTests/js/frame-application-cache-with-listener-crash.html: Added. * Source/WebCore/loader/appcache/DOMApplicationCache.cpp: (WebCore::DOMApplicationCache::scriptExecutionContext const): Canonical link: https://commits.webkit.org/256402@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 63c86a: Change m_node to being a WeakPtr
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 63c86a3d1b189a4136c0cefeb3959394aac596d3 https://github.com/WebKit/WebKit/commit/63c86a3d1b189a4136c0cefeb3959394aac596d3 Author: Chirag M Shah Date: 2022-11-03 (Thu, 03 Nov 2022) Changed paths: M Source/WebCore/rendering/RenderObject.cpp M Source/WebCore/rendering/RenderObject.h Log Message: --- Change m_node to being a WeakPtr https://bugs.webkit.org/show_bug.cgi?id=247288 Reviewed by Geoffrey Garen. m_node in RenderObject used to be a plain old C++ reference to the node, which means that if the node is de-allocated, m_node would be referring to something that is freed. This change adds hardening so that such bugs are manifested as crashes rather than use-after-free bugs. * Source/WebCore/rendering/RenderObject.h: (WebCore::RenderObject::isDocumentElementRenderer const): (WebCore::RenderObject::node const): (WebCore::RenderObject::document const): (WebCore::RenderObject::nodeForNonAnonymous const): Canonical link: https://commits.webkit.org/256282@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] cf7b17: Fix hasRareData() check in Element
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: cf7b17d7b271c61e6175cf6f6b5d5ae049b1a815 https://github.com/WebKit/WebKit/commit/cf7b17d7b271c61e6175cf6f6b5d5ae049b1a815 Author: Chirag M Shah Date: 2022-10-28 (Fri, 28 Oct 2022) Changed paths: M Source/WebCore/dom/Element.cpp Log Message: --- Fix hasRareData() check in Element https://bugs.webkit.org/show_bug.cgi?id=247215 We should be calling hasRareData() on the element parameter instead of this, so that we don't trip over the security assertion. Reviewed by Ryosuke Niwa. * Source/WebCore/dom/Element.cpp: (WebCore::Element::attributeChanged): Canonical link: https://commits.webkit.org/256125@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 3070b3: Add PropertyWrapperFontWeight to bound the values ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 3070b3d704a3a9364da1442c873419a7b6757343 https://github.com/WebKit/WebKit/commit/3070b3d704a3a9364da1442c873419a7b6757343 Author: Chirag M Shah Date: 2022-10-28 (Fri, 28 Oct 2022) Changed paths: A LayoutTests/fonts/font-weight-invalid-crash-expected.txt A LayoutTests/fonts/font-weight-invalid-crash.html M LayoutTests/imported/w3c/web-platform-tests/css/css-fonts/animations/system-fonts-expected.txt M LayoutTests/platform/gtk/imported/w3c/web-platform-tests/css/css-fonts/animations/system-fonts-expected.txt M LayoutTests/platform/ios/imported/w3c/web-platform-tests/css/css-fonts/animations/system-fonts-expected.txt M LayoutTests/platform/wpe/imported/w3c/web-platform-tests/css/css-fonts/animations/system-fonts-expected.txt M Source/WebCore/animation/CSSPropertyAnimation.cpp Log Message: --- Add PropertyWrapperFontWeight to bound the values for weight https://bugs.webkit.org/show_bug.cgi?id=247140 rdar://problem/100986499 Reviewed by Myles C. Maxfield. Currently, fontWeight wasn't bounded based on the CSS specs, which led to scenarios where FontSelectionRequest had a 0 fontWeight, and which resulted in an empty FontSelectionRequest, which is an invalid key based for the HashMap segmentedFontFaceCache. This resulted in map corruption, which led to a crash. The change fixes the issue by correctly defining PropertyWrapperFontWeight, which doesn't allow the blend() to set invalid weight values. Test: fonts/font-weight-invalid-crash.html * LayoutTests/fonts/font-weight-invalid-crash-expected.txt: Added. * LayoutTests/fonts/font-weight-invalid-crash.html: Added. * Source/WebCore/animation/CSSPropertyAnimation.cpp: (WebCore::blendFunc): (WebCore::CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap): * LayoutTests/imported/w3c/web-platform-tests/css/css-fonts/animations/system-fonts-expected.txt: * LayoutTests/platform/gtk/imported/w3c/web-platform-tests/css/css-fonts/animations/system-fonts-expected.txt: * LayoutTests/platform/ios/imported/w3c/web-platform-tests/css/css-fonts/animations/system-fonts-expected.txt: * LayoutTests/platform/wpe/imported/w3c/web-platform-tests/css/css-fonts/animations/system-fonts-expected.txt: Canonical link: https://commits.webkit.org/256123@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 4cc516: Add serializer for struct Cookie, struct VideoFram...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 4cc516b4855a16144a814fea1d9f02a32b8e0259 https://github.com/WebKit/WebKit/commit/4cc516b4855a16144a814fea1d9f02a32b8e0259 Author: Chirag M Shah Date: 2022-10-18 (Tue, 18 Oct 2022) Changed paths: M Source/WebCore/platform/Cookie.h M Source/WebCore/platform/VideoFrameMetadata.h M Source/WebCore/platform/WebCorePersistentCoders.cpp M Source/WebCore/workers/service/NavigationPreloadState.h M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in Log Message: --- Add serializer for struct Cookie, struct VideoFrameMetadata, struct NavigationPreloadState rdar://problem/101179936 Reviewed by Alex Christensen. * Source/WebCore/platform/Cookie.h: (WebCore::Cookie::encode const): Deleted. (WebCore::Cookie::decode): Deleted. * Source/WebCore/platform/VideoFrameMetadata.h: (WebCore::VideoFrameMetadata::encode const): Deleted. (WebCore::VideoFrameMetadata::decode): Deleted. * Source/WebCore/platform/WebCorePersistentCoders.cpp: (WTF::Persistence::Coder::encode): (WTF::Persistence::Coder::decode): * Source/WebCore/workers/service/NavigationPreloadState.h: (WebCore::NavigationPreloadState::encode const): Deleted. (WebCore::NavigationPreloadState::decode): Deleted. * Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in: Canonical link: https://commits.webkit.org/255698@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] f6b5d0: Add name to contributors
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: f6b5d0356727b913f934a7f8dcfef6167e7cbde8 https://github.com/WebKit/WebKit/commit/f6b5d0356727b913f934a7f8dcfef6167e7cbde8 Author: Chirag M Shah Date: 2022-10-14 (Fri, 14 Oct 2022) Changed paths: M metadata/contributors.json Log Message: --- Add name to contributors Reviewed by Alex Christensen. * metadata/contributors.json: Canonical link: https://commits.webkit.org/255545@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 4cb2ab: Generate serializers for struct AudioConfiguration
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 4cb2ab98ee18015c864ec4ecb0f9e9a9054d7956 https://github.com/WebKit/WebKit/commit/4cb2ab98ee18015c864ec4ecb0f9e9a9054d7956 Author: Chirag M Shah Date: 2022-10-13 (Thu, 13 Oct 2022) Changed paths: M Source/WebCore/platform/mediacapabilities/AudioConfiguration.h M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in Log Message: --- Generate serializers for struct AudioConfiguration https://bugs.webkit.org/show_bug.cgi?id=246476 rdar://problem/101141357 Reviewed by Alex Christensen. * Source/WebCore/platform/mediacapabilities/AudioConfiguration.h: (WebCore::AudioConfiguration::encode const): Deleted. (WebCore::AudioConfiguration::decode): Deleted. * Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in: Canonical link: https://commits.webkit.org/255519@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes