[webkit-changes] [WebKit/WebKit] c53621: Versioning.
Branch: refs/heads/safari-7618.3.11.11-branch Home: https://github.com/WebKit/WebKit Commit: c5362127111b42249784671dbdb835edd9bc8e96 https://github.com/WebKit/WebKit/commit/c5362127111b42249784671dbdb835edd9bc8e96 Author: Mohsin Qureshi Date: 2024-07-02 (Tue, 02 Jul 2024) Changed paths: M Configurations/Version.xcconfig Log Message: --- Versioning. WebKit-7618.3.11.11.1 Canonical link: https://commits.webkit.org/272448.1100@safari-7618.3.11.11-branch Commit: 830f7ba72e969a8c5f2d99464fcb3064bf9bed94 https://github.com/WebKit/WebKit/commit/830f7ba72e969a8c5f2d99464fcb3064bf9bed94 Author: Chris Dumez Date: 2024-07-02 (Tue, 02 Jul 2024) Changed paths: M Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp Log Message: --- Cherry-pick bb685c487850. rdar://130531570 REGRESSION (iOS 17.6 beta): Hangs on realmahjongg.com and realcanasta.com (both Safari and WKWebView) https://bugs.webkit.org/show_bug.cgi?id=275852 rdar://130531570 Reviewed by Jer Noble. AudioBufferSourceNode::setBufferForBindings() was running on the main thread and acquiring first the graphLock and then the processLock. AudioBufferSourceNode::process() would then run on the audio thread and acquire the processLock first and then ref the AudioBufferSourceNode, which would acquire the graphLock. The reversed ordering in which the locks are acquired would mean that we could deadlock. * Source/WebCore/Modules/webaudio/AudioBufferSourceNode.cpp: (WebCore::AudioBufferSourceNode::setBufferForBindings): Canonical link: https://commits.webkit.org/272448.1101@safari-7618-branch Canonical link: https://commits.webkit.org/272448.1101@safari-7618.3.11.11-branch Commit: 4d7e1206db7a8c83c2ee6aa6b3742f2e696b5f0e https://github.com/WebKit/WebKit/commit/4d7e1206db7a8c83c2ee6aa6b3742f2e696b5f0e Author: Mohsin Qureshi Date: 2024-07-03 (Wed, 03 Jul 2024) Changed paths: M Configurations/Version.xcconfig Log Message: --- Versioning. WebKit-7618.3.11.11.2 Canonical link: https://commits.webkit.org/272448.1102@safari-7618.3.11.11-branch Commit: 52d543a7d2f24b503480c2e70515216cd591a856 https://github.com/WebKit/WebKit/commit/52d543a7d2f24b503480c2e70515216cd591a856 Author: Daniel Liu Date: 2024-07-03 (Wed, 03 Jul 2024) Changed paths: A JSTests/wasm/stress/funcref-types.js M Source/JavaScriptCore/wasm/WasmFunctionParser.h Log Message: --- Cherry-pick 5b25ef6f6add. rdar://130746587 ref.as_non_null does not validate argument type https://bugs.webkit.org/show_bug.cgi?id=276097 rdar://130746587 Reviewed by Yusuke Suzuki. The function parser does not ensure ref.as_not_null takes in the correct type; this may lead to issues downstream because of incorrect validation. * Source/JavaScriptCore/wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser::parseExpression): Canonical link: https://commits.webkit.org/272448.1102@safari-7618-branch Canonical link: https://commits.webkit.org/272448.1103@safari-7618.3.11.11-branch Commit: cc3803a8ab5f541b0dfc9a1da0a21dfd18595fa2 https://github.com/WebKit/WebKit/commit/cc3803a8ab5f541b0dfc9a1da0a21dfd18595fa2 Author: Wenson Hsieh Date: 2024-07-03 (Wed, 03 Jul 2024) Changed paths: M Source/WebKit/UIProcess/ios/WKContentViewInteraction.h M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm Log Message: --- Cherry-pick bf0c0decaac7. rdar://130610141 Cherry-pick 703a5b6bfcf1. rdar://130610141 REGRESSION (iOS 17.2): Infinite recursion in -[WKContentView(WKInteraction) inputViewForWebView] https://bugs.webkit.org/show_bug.cgi?id=275171 rdar://127722998 Reviewed by Richard Robinson. The changes in rdar://116751305&104994662 seem to have made it possible for `-inputViewForWebView` to trigger infinite recursion, due to a new `-[UITextInputAssistantItem leadingBarButtonGroups]` KVO listener in UIKit. Underneath this new KVO logic, UIKit calls into some internal methods which ultimately call back into `-[WKContentView inputViewForWebView]`. In order of stack depth (growing downwards), the reentrant calls to update the input accessory view look like this: ``` -[WKContentView(WKInteraction) _updateAccessory] -[WKContentView(WKInteraction) formAccessoryView] -[WKFormAccessoryView _initForUniversalControlBar:] // <--- Setting up WKFormAccessoryView … (KVO triggered by setting leading/trailing bar button groups) -[UISystemInputAssistantViewController observeValueForKeyPath:ofObject:change:context:] -[TUISystemInputAssistantView setInputAssistantItem:force:] … (UIKit internals) -[UIKeyboardSceneDelegate expectedInputViewSetIsCustom] -[WKContentView(WKInteraction)
[webkit-changes] [WebKit/WebKit] 127c06: Cherry-pick 272448.946@safari-7618-branch (110ae76...
Branch: refs/heads/webkitglib/2.44 Home: https://github.com/WebKit/WebKit Commit: 127c061152a06f045188e7cdbd1715a0884a29e1 https://github.com/WebKit/WebKit/commit/127c061152a06f045188e7cdbd1715a0884a29e1 Author: Nitin Mahendru Date: 2024-07-31 (Wed, 31 Jul 2024) Changed paths: M Source/WebCore/bindings/js/SerializedScriptValue.cpp M Tools/TestWebKitAPI/Tests/WebCore/SerializedScriptValue.cpp Log Message: --- Cherry-pick 272448.946@safari-7618-branch (110ae765d426). https://bugs.webkit.org/show_bug.cgi?id=272530 CloneDeserializer readTerminal crash rdar://126132442 https://bugs.webkit.org/show_bug.cgi?id=272530 Reviewed by Alex Christensen. Limiting the the depth for serializing/deserializing recursive objects like: var array = []... 2000 times * Tools/TestWebKitAPI/Tests/WebCore/SerializedScriptValue.cpp: (TestWebKitAPI::TEST): * Source/WebCore/bindings/js/SerializedScriptValue.cpp: (WebCore::CloneBase::CloneBase): (WebCore::CloneBase::isSafeToRecurse): (WebCore::CloneDeserializer::readArrayBufferViewImpl): (WebCore::CloneDeserializer::readArrayBufferView): (WebCore::CloneDeserializer::readTerminal): Canonical link: https://commits.webkit.org/274313.329@webkitglib/2.44 Commit: c4c067615638587b793b01829338318089b88eb2 https://github.com/WebKit/WebKit/commit/c4c067615638587b793b01829338318089b88eb2 Author: Nisha Jain Date: 2024-07-31 (Wed, 31 Jul 2024) Changed paths: A LayoutTests/fast/css/font-size-adjust-from-style-invalid-value-expected.txt A LayoutTests/fast/css/font-size-adjust-from-style-invalid-value.html M Source/WebCore/css/ComputedStyleExtractor.cpp Log Message: --- Cherry-pick 272448.951@safari-7618-branch (5e92cb84fde1). https://bugs.webkit.org/show_bug.cgi?id=272821 WebCore::fontSizeAdjustFromStyle; WebCore::ComputedStyleExtractor::valueForPropertyInStyle; WebCore::ComputedStyleExtractor::propertyValue https://bugs.webkit.org/show_bug.cgi?id=272821 rdar://126112927 Reviewed by Sihui Liu and Darin Adler. Crash happens in fontSizeAdjustFromStyle API due to invalid 'value' (float:NaN). Added check to validate the 'value'. * LayoutTests/fast/css/font-size-adjust-from-style-invalid-value-expected.txt: Added. * LayoutTests/fast/css/font-size-adjust-from-style-invalid-value.html: Added. * Source/WebCore/css/ComputedStyleExtractor.cpp: (WebCore::fontSizeAdjustFromStyle): Canonical link: https://commits.webkit.org/274313.330@webkitglib/2.44 Commit: 53cd328d9c5442feceda87f683b2d35d468e5d16 https://github.com/WebKit/WebKit/commit/53cd328d9c5442feceda87f683b2d35d468e5d16 Author: Nisha Jain Date: 2024-07-31 (Wed, 31 Jul 2024) Changed paths: M Source/JavaScriptCore/yarr/YarrPattern.cpp M Tools/TestWebKitAPI/Tests/WebCore/SerializedScriptValue.cpp Log Message: --- Cherry-pick 272448.957@safari-7618-branch (aee8743b069b). https://bugs.webkit.org/show_bug.cgi?id=272932 Fuzz blocker for WebCore-SerializedScriptValue-Deserialize-fuzzer in readTerminal() | Yarr::CharacterClassConstructor::unicodeOpSorted https://bugs.webkit.org/show_bug.cgi?id=272932 rdar://126631719 Reviewed by Yusuke Suzuki. During deserialization of IDBValueToJSValue based on RegExpTag, the YarrParser crashes as unsorted list is passed to unicodeOpSorted API. To fix this issue sorted list is created and check is made before addChar API call. * Source/JavaScriptCore/yarr/YarrPattern.cpp: (JSC::Yarr::CharacterClassConstructor::putCharNonUnion): * Tools/TestWebKitAPI/Tests/WebCore/SerializedScriptValue.cpp: (TestWebKitAPI::TEST): Canonical link: https://commits.webkit.org/274313.331@webkitglib/2.44 Commit: b951404ea74ae432312a83138f5c8945a0d09e1b https://github.com/WebKit/WebKit/commit/b951404ea74ae432312a83138f5c8945a0d09e1b Author: Jean-Yves Avenard Date: 2024-07-31 (Wed, 31 Jul 2024) Changed paths: A LayoutTests/webaudio/crashtest/audioworklet-concurrent-resampler-crash-expected.txt A LayoutTests/webaudio/crashtest/audioworklet-concurrent-resampler-crash.html M Source/WebCore/platform/audio/MultiChannelResampler.cpp M Source/WebCore/platform/audio/MultiChannelResampler.h Log Message: --- Cherry-pick 272448.960@safari-7618-branch (b7ccdb65258e). https://bugs.webkit.org/show_bug.cgi?id=273176 Always copy all audio channels to the AudioBus to guarantee data lifetime. https://bugs.webkit.org/show_bug.cgi?id=273176 rdar://125166710 Reviewed by Chris Dumez. Following 275262@main, a task is dispatched on the audio render thread. This task dispatch takes a reference to the source and destination AudioBus however when a MultiChannelResampler is in use, the source AudioBus may contain a raw pointer to the resampled's AudioArray and the lifetime of this object may be shorter than the AudioBus. In 232182@main, a speed and memory optimisation was added by passed-in buffer as memory for the first channel in the
[webkit-changes] [WebKit/WebKit] 779b59: Follow-up to bug 268132
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 779b5972512b34ecfff9cccf320e83df132a9d14 https://github.com/WebKit/WebKit/commit/779b5972512b34ecfff9cccf320e83df132a9d14 Author: Scott Marcy Date: 2024-06-11 (Tue, 11 Jun 2024) Changed paths: M Source/WebCore/dom/Element.cpp Log Message: --- Follow-up to bug 268132 https://bugs.webkit.org/show_bug.cgi?id=275334 rdar://129528145 Reviewed by David Kilzer. This is a change that should have been included in the fix for bug 268132. https://github.com/WebKit/WebKit/pull/23283 * Source/WebCore/dom/Element.cpp: (WebCore::Element::removedFromAncestor): Canonical link: https://commits.webkit.org/279903@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 53e67f: REGRESSION(277450@main): OOB array read with SVG a...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 53e67f679530f17b29fa09c1ca2af78cb1b0e0e4 https://github.com/WebKit/WebKit/commit/53e67f679530f17b29fa09c1ca2af78cb1b0e0e4 Author: Scott Marcy Date: 2024-05-01 (Wed, 01 May 2024) Changed paths: A LayoutTests/svg/animations/animate-zero-keyPoints-should-not-crash-expected.txt A LayoutTests/svg/animations/animate-zero-keyPoints-should-not-crash.html M Source/WebCore/svg/SVGAnimationElement.cpp Log Message: --- REGRESSION(277450@main): OOB array read with SVG animation where keyPoints = 0. https://bugs.webkit.org/show_bug.cgi?id=272929 rdar://126636733 Reviewed by Said Abou-Hallawa. This change makes a couple additional, similar changes to the original changes to better track the SVG spec. (See the original bug for more information.) * LayoutTests/svg/animations/animate-zero-keyPoints-should-not-crash-expected.txt: Added. * LayoutTests/svg/animations/animate-zero-keyPoints-should-not-crash.html: Added. * Source/WebCore/svg/SVGAnimationElement.cpp: (WebCore::SVGAnimationElement::keyTimes const): (WebCore::SVGAnimationElement::startedActiveInterval): Canonical link: https://commits.webkit.org/278212@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 09eff9: rdar://119489615 ([CoreIPC] SEGV in WebKit::Remote...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 09eff921fc9a28f36ed936bbfcb56d5f5d722cfe https://github.com/WebKit/WebKit/commit/09eff921fc9a28f36ed936bbfcb56d5f5d722cfe Author: Scott Marcy Date: 2024-03-19 (Tue, 19 Mar 2024) Changed paths: M LayoutTests/TestExpectations A LayoutTests/ipc/invalid-message-to-addTrackBuffer-expected.txt A LayoutTests/ipc/invalid-message-to-addTrackBuffer.html M Source/WebKit/GPUProcess/media/RemoteSourceBufferProxy.cpp Log Message: --- rdar://119489615 ([CoreIPC] SEGV in WebKit::RemoteSourceBufferProxy::addTrackBuffer) Checks that the TrackPrivateRemoteIdentifier argument for the IPC call RemoteSourceBufferProxy::addTrackBuffer() is valid and invalidates the IPC message if not. Reviewed by David Kilzer. If the TrackPrivateRemoteIdentifier value is not a known value, the IPC message will be marked as invalid, which is supposed to crash the content process thereby thwarting any attempted attack through this mechanism. * LayoutTests/TestExpectations: * LayoutTests/ipc/invalid-message-to-addTrackBuffer-expected.txt: Added. * LayoutTests/ipc/invalid-message-to-addTrackBuffer.html: Added. * Source/WebKit/GPUProcess/media/RemoteSourceBufferProxy.cpp: (WebKit::RemoteSourceBufferProxy::addTrackBuffer): Originally-landed-as: 272448.259@safari-7618-branch (60f8c4667d7a). rdar://124555372 Canonical link: https://commits.webkit.org/276351@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 2527c3: Generate serialization for SecAccessControlRef
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 2527c3339eccf0579abe0d025409a07676d0f224 https://github.com/WebKit/WebKit/commit/2527c3339eccf0579abe0d025409a07676d0f224 Author: Scott Marcy Date: 2024-02-08 (Thu, 08 Feb 2024) Changed paths: M Source/WebKit/DerivedSources-input.xcfilelist M Source/WebKit/DerivedSources.make M Source/WebKit/Shared/cf/ArgumentCodersCF.cpp M Source/WebKit/Shared/cf/ArgumentCodersCF.h M Source/WebKit/Shared/cf/CFTypes.serialization.in A Source/WebKit/Shared/cf/CoreIPCSecAccessControl.h A Source/WebKit/Shared/cf/CoreIPCSecAccessControl.serialization.in M Source/WebKit/Shared/cf/CoreIPCSecCertificate.serialization.in M Source/WebKit/WebKit.xcodeproj/project.pbxproj M Tools/TestWebKitAPI/Tests/IPC/IPCSerialization.mm Log Message: --- Generate serialization for SecAccessControlRef https://bugs.webkit.org/show_bug.cgi?id=268571 rdar://122128719 Reviewed by achristensen07 (Alex Christensen). * Source/WebKit/DerivedSources-input.xcfilelist: * Source/WebKit/DerivedSources.make: * Source/WebKit/Shared/cf/ArgumentCodersCF.cpp: (IPC::ArgumentCoder::encode): Deleted. (IPC::ArgumentCoder>::decode): Deleted. * Source/WebKit/Shared/cf/ArgumentCodersCF.h: * Source/WebKit/Shared/cf/CFTypes.serialization.in: * Source/WebKit/Shared/cf/CoreIPCSecAccessControl.h: Added. (WebKit::CoreIPCSecAccessControl::CoreIPCSecAccessControl): (WebKit::CoreIPCSecAccessControl::createSecAccessControl const): (WebKit::CoreIPCSecAccessControl::dataReference const): (WebKit::CoreIPCSecAccessControl::dataFromAccessControl const): * Source/WebKit/Shared/cf/CoreIPCSecAccessControl.serialization.in: Copied from Source/WebKit/Shared/cf/CoreIPCSecCertificate.serialization.in. * Source/WebKit/Shared/cf/CoreIPCSecCertificate.serialization.in: * Source/WebKit/WebKit.xcodeproj/project.pbxproj: * Tools/TestWebKitAPI/Tests/IPC/IPCSerialization.mm: (TEST): Canonical link: https://commits.webkit.org/274307@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 089245: Generate serialization for NSPresentationIntent
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 089245fbdcadc21c8ef020e0a1ea4dd297355b4e https://github.com/WebKit/WebKit/commit/089245fbdcadc21c8ef020e0a1ea4dd297355b4e Author: Scott Marcy Date: 2024-02-07 (Wed, 07 Feb 2024) Changed paths: M Source/WebKit/DerivedSources-input.xcfilelist M Source/WebKit/DerivedSources.make M Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.h M Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm M Source/WebKit/Shared/Cocoa/CoreIPCNSCFObject.h M Source/WebKit/Shared/Cocoa/CoreIPCNSCFObject.mm A Source/WebKit/Shared/Cocoa/CoreIPCPresentationIntent.h A Source/WebKit/Shared/Cocoa/CoreIPCPresentationIntent.mm A Source/WebKit/Shared/Cocoa/CoreIPCPresentationIntent.serialization.in M Source/WebKit/Shared/Cocoa/CoreIPCTypes.h M Source/WebKit/WebKit.xcodeproj/project.pbxproj M Tools/TestWebKitAPI/Tests/IPC/IPCSerialization.mm Log Message: --- Generate serialization for NSPresentationIntent https://bugs.webkit.org/show_bug.cgi?id=268779 rdar://109121874 Reviewed by achristensen07 (Alex Christensen). * Source/WebKit/DerivedSources-input.xcfilelist: * Source/WebKit/DerivedSources.make: * Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.h: * Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm: (IPC::typeFromObject): (IPC::shouldEnableStrictMode): * Source/WebKit/Shared/Cocoa/CoreIPCNSCFObject.h: * Source/WebKit/Shared/Cocoa/CoreIPCNSCFObject.mm: (WebKit::valueFromID): * Source/WebKit/Shared/Cocoa/CoreIPCPresentationIntent.h: Added. (WebKit::CoreIPCPresentationIntent::CoreIPCPresentationIntent): * Source/WebKit/Shared/Cocoa/CoreIPCPresentationIntent.mm: Added. (WebKit::CoreIPCPresentationIntent::CoreIPCPresentationIntent): (WebKit::CoreIPCPresentationIntent::toID const): * Source/WebKit/Shared/Cocoa/CoreIPCPresentationIntent.serialization.in: Added. * Source/WebKit/Shared/Cocoa/CoreIPCTypes.h: * Source/WebKit/WebKit.xcodeproj/project.pbxproj: * Tools/TestWebKitAPI/Tests/IPC/IPCSerialization.mm: (TEST): Canonical link: https://commits.webkit.org/274269@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 446cdc: Generate serialization for SecAccessControlRef
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 446cdce9e93b5152ad3b44998d0610e5674b038e https://github.com/WebKit/WebKit/commit/446cdce9e93b5152ad3b44998d0610e5674b038e Author: Scott Marcy Date: 2024-02-07 (Wed, 07 Feb 2024) Changed paths: M Source/WebKit/DerivedSources-input.xcfilelist M Source/WebKit/DerivedSources.make M Source/WebKit/Shared/cf/ArgumentCodersCF.cpp M Source/WebKit/Shared/cf/ArgumentCodersCF.h M Source/WebKit/Shared/cf/CFTypes.serialization.in A Source/WebKit/Shared/cf/CoreIPCSecAccessControl.h A Source/WebKit/Shared/cf/CoreIPCSecAccessControl.serialization.in M Source/WebKit/Shared/cf/CoreIPCSecCertificate.serialization.in M Source/WebKit/WebKit.xcodeproj/project.pbxproj M Tools/TestWebKitAPI/Tests/IPC/IPCSerialization.mm Log Message: --- Generate serialization for SecAccessControlRef https://bugs.webkit.org/show_bug.cgi?id=268571 rdar://122128719 Reviewed by achristensen07 (Alex Christensen). * Source/WebKit/DerivedSources-input.xcfilelist: * Source/WebKit/DerivedSources.make: * Source/WebKit/Shared/cf/ArgumentCodersCF.cpp: (IPC::ArgumentCoder::encode): Deleted. (IPC::ArgumentCoder>::decode): Deleted. * Source/WebKit/Shared/cf/ArgumentCodersCF.h: * Source/WebKit/Shared/cf/CFTypes.serialization.in: * Source/WebKit/Shared/cf/CoreIPCSecAccessControl.h: Added. (WebKit::CoreIPCSecAccessControl::CoreIPCSecAccessControl): (WebKit::CoreIPCSecAccessControl::createSecAccessControl const): (WebKit::CoreIPCSecAccessControl::dataReference const): (WebKit::CoreIPCSecAccessControl::dataFromAccessControl const): * Source/WebKit/Shared/cf/CoreIPCSecAccessControl.serialization.in: Copied from Source/WebKit/Shared/cf/CoreIPCSecCertificate.serialization.in. * Source/WebKit/Shared/cf/CoreIPCSecCertificate.serialization.in: * Source/WebKit/WebKit.xcodeproj/project.pbxproj: * Tools/TestWebKitAPI/Tests/IPC/IPCSerialization.mm: (TEST): Canonical link: https://commits.webkit.org/274242@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] edf848: Generate serialization for SecKeychainItemRef
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: edf8486e0ced3bf3f416bd255aa8b694d7ba01c5 https://github.com/WebKit/WebKit/commit/edf8486e0ced3bf3f416bd255aa8b694d7ba01c5 Author: Scott Marcy Date: 2024-02-03 (Sat, 03 Feb 2024) Changed paths: M Source/WebKit/DerivedSources-input.xcfilelist M Source/WebKit/DerivedSources.make M Source/WebKit/Shared/cf/ArgumentCodersCF.cpp M Source/WebKit/Shared/cf/ArgumentCodersCF.h M Source/WebKit/Shared/cf/CFTypes.serialization.in A Source/WebKit/Shared/cf/CoreIPCSecKeychainItem.h A Source/WebKit/Shared/cf/CoreIPCSecKeychainItem.serialization.in M Source/WebKit/WebKit.xcodeproj/project.pbxproj M Tools/TestWebKitAPI/Tests/IPC/IPCSerialization.mm Log Message: --- Generate serialization for SecKeychainItemRef https://bugs.webkit.org/show_bug.cgi?id=268182 rdar://121676431 Reviewed by achristensen07 (Alex Christensen). * Source/WebKit/DerivedSources-input.xcfilelist: * Source/WebKit/DerivedSources.make: * Source/WebKit/Shared/cf/ArgumentCodersCF.cpp: (IPC::ArgumentCoder::encode): Deleted. (IPC::ArgumentCoder>::decode): Deleted. * Source/WebKit/Shared/cf/ArgumentCodersCF.h: * Source/WebKit/Shared/cf/CFTypes.serialization.in: * Source/WebKit/Shared/cf/CoreIPCSecKeychainItem.h: Added. (WebKit::CoreIPCSecKeychainItem::CoreIPCSecKeychainItem): (WebKit::CoreIPCSecKeychainItem::createSecKeychainItem const): (WebKit::CoreIPCSecKeychainItem::dataReference const): (WebKit::CoreIPCSecKeychainItem::persistentRefForKeychainItem const): * Source/WebKit/Shared/cf/CoreIPCSecKeychainItem.serialization.in: Added. * Source/WebKit/WebKit.xcodeproj/project.pbxproj: * Tools/TestWebKitAPI/Tests/IPC/IPCSerialization.mm: (getTempKeychain): (destroyTempKeychain): (TEST): Canonical link: https://commits.webkit.org/274043@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 185189: Generate serialization for SecTrustRef
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 18518913d5802ce30e09d97f34cd27806e8d21ea https://github.com/WebKit/WebKit/commit/18518913d5802ce30e09d97f34cd27806e8d21ea Author: Scott Marcy Date: 2024-02-02 (Fri, 02 Feb 2024) Changed paths: M Source/WebKit/DerivedSources-input.xcfilelist M Source/WebKit/DerivedSources.make M Source/WebKit/Shared/cf/ArgumentCodersCF.cpp M Source/WebKit/Shared/cf/ArgumentCodersCF.h M Source/WebKit/Shared/cf/CFTypes.serialization.in A Source/WebKit/Shared/cf/CoreIPCSecTrust.h A Source/WebKit/Shared/cf/CoreIPCSecTrust.serialization.in M Source/WebKit/WebKit.xcodeproj/project.pbxproj M Tools/TestWebKitAPI/Tests/IPC/IPCSerialization.mm Log Message: --- Generate serialization for SecTrustRef https://bugs.webkit.org/show_bug.cgi?id=268408 rdar://121955588 Reviewed by achristensen07 (Alex Christensen). * Source/WebKit/DerivedSources-input.xcfilelist: * Source/WebKit/DerivedSources.make: * Source/WebKit/Shared/cf/ArgumentCodersCF.cpp: (IPC::ArgumentCoder::encode): Deleted. (IPC::ArgumentCoder>::decode): Deleted. * Source/WebKit/Shared/cf/ArgumentCodersCF.h: * Source/WebKit/Shared/cf/CFTypes.serialization.in: * Source/WebKit/Shared/cf/CoreIPCSecTrust.h: Added. (WebKit::CoreIPCSecTrust::CoreIPCSecTrust): (WebKit::CoreIPCSecTrust::createSecTrust const): (WebKit::CoreIPCSecTrust::dataReference const): * Source/WebKit/Shared/cf/CoreIPCSecTrust.serialization.in: Added. * Source/WebKit/WebKit.xcodeproj/project.pbxproj: * Tools/TestWebKitAPI/Tests/IPC/IPCSerialization.mm: (compareSecTrustRefs): (operator==): (TEST): Canonical link: https://commits.webkit.org/274017@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] da1fed: Generate serialization for SecCertificateRef
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: da1fed55e56647e8bf8f8d8cdbe3becc16d2c02e https://github.com/WebKit/WebKit/commit/da1fed55e56647e8bf8f8d8cdbe3becc16d2c02e Author: Scott Marcy Date: 2024-01-31 (Wed, 31 Jan 2024) Changed paths: M Source/WebKit/DerivedSources-input.xcfilelist M Source/WebKit/DerivedSources.make M Source/WebKit/Shared/cf/ArgumentCodersCF.cpp M Source/WebKit/Shared/cf/ArgumentCodersCF.h M Source/WebKit/Shared/cf/CFTypes.serialization.in A Source/WebKit/Shared/cf/CoreIPCSecCertificate.h A Source/WebKit/Shared/cf/CoreIPCSecCertificate.serialization.in M Source/WebKit/WebKit.xcodeproj/project.pbxproj Log Message: --- Generate serialization for SecCertificateRef https://bugs.webkit.org/show_bug.cgi?id=268108 rdar://121624808 Reviewed by beidson (Brady Eidson), sheeparegreat (Simon Lewis), achristensen07 (Alex Christensen). * Source/WebKit/DerivedSources-input.xcfilelist: * Source/WebKit/DerivedSources.make: * Source/WebKit/Platform/IPC/ArgumentCoders.h: * Source/WebKit/Shared/cf/ArgumentCodersCF.cpp: (IPC::ArgumentCoder::encode): Deleted. (IPC::ArgumentCoder>::decode): Deleted. * Source/WebKit/Shared/cf/ArgumentCodersCF.h: * Source/WebKit/Shared/cf/CFTypes.serialization.in: * Source/WebKit/Shared/cf/CoreIPCSecCertificate.h: Added. (WebKit::CoreIPCSecCertificate::CoreIPCSecCertificate): (WebKit::CoreIPCSecCertificate::createSecCertificate): (WebKit::CoreIPCSecCertificate::base64StringFromCertificate): * Source/WebKit/Shared/cf/CoreIPCSecCertificate.serialization.in: Copied from Source/WebKit/Shared/cf/CFTypes.serialization.in. * Source/WebKit/WebKit.xcodeproj/project.pbxproj: Canonical link: https://commits.webkit.org/273866@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 235ea5: rdar://115106974 (SEGV in -[NSView resizeSubviewsW...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 235ea5801184534cc4fe85b818c642eeea8849c3 https://github.com/WebKit/WebKit/commit/235ea5801184534cc4fe85b818c642eeea8849c3 Author: Scott Marcy Date: 2024-01-24 (Wed, 24 Jan 2024) Changed paths: M LayoutTests/TestExpectations A LayoutTests/ipc/invalid-fullscreen-enum-expected.txt A LayoutTests/ipc/invalid-fullscreen-enum.html A LayoutTests/ipc/resources/1080i60_SMPTE_8CH_audible.mov M Source/WebCore/platform/graphics/MediaPlayerEnums.h M Source/WebKit/UIProcess/Cocoa/VideoPresentationManagerProxy.mm Log Message: --- rdar://115106974 (SEGV in -[NSView resizeSubviewsWithOldSize:]) Checks that the VideoFullscreenMode argument for two IPC calls is valid and invalidates the IPC message if not. Reviewed by Alex Christensen (achristensen07). If the VideoFullscreenMode value is not as expected it IPC message will be marked as invalid, which is supposed to crash the content process thereby thwarting any attempted attack through this mechanism. * LayoutTests/TestExpectations: * LayoutTests/ipc/invalid-fullscreen-enum-expected.txt: Added. * LayoutTests/ipc/invalid-fullscreen-enum.html: Added. * LayoutTests/ipc/resources/1080i60_SMPTE_8CH_audible.mov: Added. * Source/WebCore/platform/graphics/MediaPlayerEnums.h: * Source/WebKit/UIProcess/Cocoa/VideoPresentationManagerProxy.mm: (WebKit::VideoPresentationManagerProxy::setupFullscreenWithID): (WebKit::VideoPresentationManagerProxy::exitFullscreenWithoutAnimationToMode): Originally-landed-as: 267815.636@safari-7617-branch (cc4e54ad41c9). rdar://121480101 Canonical link: https://commits.webkit.org/273472@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 59ecda: rdar://115842409 (jsc_fuz/wktr: ASSERTION FAILED: ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 59ecda13ecdbda262ba243715f95756bd4936eae https://github.com/WebKit/WebKit/commit/59ecda13ecdbda262ba243715f95756bd4936eae Author: Scott Marcy Date: 2023-12-16 (Sat, 16 Dec 2023) Changed paths: A LayoutTests/fast/css/font-size-adjust-invalid-value-type-expected.txt A LayoutTests/fast/css/font-size-adjust-invalid-value-type.html M Source/WebCore/style/StyleBuilderConverter.h Log Message: --- rdar://115842409 (jsc_fuz/wktr: ASSERTION FAILED: is(source) ::downcast(Source &) [Target = WebCore::CSSValuePair, Source = const WebCore::CSSValue] at StyleBuilderConverter.h:1632) Checked for an unexpected CSS type for 'font-size-adjust' and returns a default value instead of crashing. Reviewed by anttijk. This prevents a crash on downcasting when an unexpected `CSSValue` subclass is provided. Combined changes: * LayoutTests/fast/css/font-size-adjust-invalid-value-type-expected.txt: Added. * LayoutTests/fast/css/font-size-adjust-invalid-value-type.html: Added. * Source/WebCore/style/StyleBuilderConverter.h: (WebCore::Style::BuilderConverter::convertFontSizeAdjust): Originally-landed-as: 267815.526@safari-7617-branch (92043c608a1c). rdar://119598353 Canonical link: https://commits.webkit.org/272171@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 64eea7: rdar://117803684 ([5d1fa25f3fa41fc3] ASAN_SEGV | W...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 64eea79c096c633675ca43ab3d71227f0ddd4570 https://github.com/WebKit/WebKit/commit/64eea79c096c633675ca43ab3d71227f0ddd4570 Author: Scott Marcy Date: 2023-11-09 (Thu, 09 Nov 2023) Changed paths: A LayoutTests/fast/svg/svg_should_not_crash-expected.txt A LayoutTests/fast/svg/svg_should_not_crash.html M Source/WebCore/rendering/RenderBox.cpp Log Message: --- rdar://117803684 ([5d1fa25f3fa41fc3] ASAN_SEGV | WebCore::RenderBox::repaintLayerRectsForImage; WebCore::RenderBox::imageChanged; WebCore::CachedImage::notifyObservers) Reviewed by Matt Woodrow. This checks for a non-unexpected case where an Element has no direct layer to render to. * LayoutTests/fast/svg/svg_should_not_crash-expected.txt: Added. * LayoutTests/fast/svg/svg_should_not_crash.html: Added. * Source/WebCore/rendering/RenderBox.cpp: (WebCore::RenderBox::repaintLayerRectsForImage): Canonical link: https://commits.webkit.org/270487@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] b3b218: rdar://89218473 ([ER] WebKitTestRunner and DumpRen...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: b3b218402da7205aec197cdc863e9d3f63fc3b95 https://github.com/WebKit/WebKit/commit/b3b218402da7205aec197cdc863e9d3f63fc3b95 Author: Scott Marcy Date: 2023-09-29 (Fri, 29 Sep 2023) Changed paths: M Tools/DumpRenderTree/DumpRenderTree.h M Tools/DumpRenderTree/mac/DumpRenderTree.mm M Tools/DumpRenderTree/mac/ResourceLoadDelegate.h M Tools/DumpRenderTree/mac/ResourceLoadDelegate.mm M Tools/WebKitTestRunner/TestController.cpp M Tools/WebKitTestRunner/TestController.h Log Message: --- rdar://89218473 ([ER] WebKitTestRunner and DumpRenderTree should let the user know if loading a file or a url failed) Reviewed by David Kilzer (ddkilzer). This adds preflight checking for the existence of input files specified on the command line, as well as reporting of any URL loading errors. * Tools/DumpRenderTree/mac/DumpRenderTree.mm: (initializeGlobalsFromCommandLineOptions): (runTest): * Tools/DumpRenderTree/mac/ResourceLoadDelegate.h: * Tools/DumpRenderTree/mac/ResourceLoadDelegate.mm: (-[ResourceLoadDelegate dealloc]): (-[ResourceLoadDelegate webView:resource:didFailLoadingWithError:fromDataSource:]): * Tools/WebKitTestRunner/TestController.cpp: (WTR::TestController::createOtherPlatformWebView): (WTR::TestController::createWebViewWithOptions): (WTR::TestController::createTestURL): (WTR::TestController::runTest): (WTR::TestController::didFailProvisionalNavigation): (WTR::pathSuitableForTestResult): * Tools/WebKitTestRunner/TestController.h: Canonical link: https://commits.webkit.org/268687@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 1f07bd: rdar://89218473 ([ER] WebKitTestRunner and DumpRen...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 1f07bde4413aea4d24324609b7ef02c5316eb988 https://github.com/WebKit/WebKit/commit/1f07bde4413aea4d24324609b7ef02c5316eb988 Author: Scott Marcy Date: 2023-09-26 (Tue, 26 Sep 2023) Changed paths: M Tools/DumpRenderTree/mac/DumpRenderTree.mm M Tools/DumpRenderTree/mac/ResourceLoadDelegate.h M Tools/DumpRenderTree/mac/ResourceLoadDelegate.mm M Tools/WebKitTestRunner/TestController.cpp M Tools/WebKitTestRunner/TestController.h Log Message: --- rdar://89218473 ([ER] WebKitTestRunner and DumpRenderTree should let the user know if loading a file or a url failed) Reviewed by David Kilzer (ddkilzer). This adds preflight checking for the existence of input files specified on the command line, as well as reporting of any URL loading errors. * Tools/DumpRenderTree/mac/DumpRenderTree.mm: (initializeGlobalsFromCommandLineOptions): (runTest): * Tools/DumpRenderTree/mac/ResourceLoadDelegate.h: * Tools/DumpRenderTree/mac/ResourceLoadDelegate.mm: (-[ResourceLoadDelegate dealloc]): (-[ResourceLoadDelegate webView:resource:didFailLoadingWithError:fromDataSource:]): * Tools/WebKitTestRunner/TestController.cpp: (WTR::TestController::createOtherPlatformWebView): (WTR::TestController::createWebViewWithOptions): (WTR::TestController::createTestURL): (WTR::TestController::runTest): (WTR::TestController::didFailProvisionalNavigation): (WTR::pathSuitableForTestResult): * Tools/WebKitTestRunner/TestController.h: Canonical link: https://commits.webkit.org/268472@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes