Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (216414 => 216415)
--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog 2017-05-08 14:03:51 UTC (rev 216414)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog 2017-05-08 14:05:16 UTC (rev 216415)
@@ -1,3 +1,20 @@
+2017-05-04 Mark Lam <mark....@apple.com>
+
+ DRT's setAudioResultCallback() and IDBRequest::setResult() need to acquire the JSLock.
+ https://bugs.webkit.org/show_bug.cgi?id=171716
+ <rdar://problem/30878027>
+
+ Reviewed by Saam Barati.
+
+ No new tests. This issue was caught by existing tests.
+
+ IDBRequest::setResult() needs to acquire the JSLock before calling toJS() (which
+ does JS conversion and therefore, potentially JS allocations).
+
+ * Modules/indexeddb/IDBRequest.cpp:
+ (WebCore::IDBRequest::setResult):
+ (WebCore::IDBRequest::setResultToStructuredClone):
+
2017-05-05 Carlos Garcia Campos <cgar...@igalia.com>
[GStreamer] Do not report more errors after the first one
Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/indexeddb/IDBRequest.cpp (216414 => 216415)
--- releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/indexeddb/IDBRequest.cpp 2017-05-08 14:03:51 UTC (rev 216414)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/indexeddb/IDBRequest.cpp 2017-05-08 14:05:16 UTC (rev 216415)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2015, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -370,7 +370,9 @@
// FIXME: This conversion should be done lazily, when script needs the JSValues, so that global object
// of the IDBRequest wrapper can be used, rather than the lexicalGlobalObject.
- m_result = Result { JSC::Strong<JSC::Unknown> { context->vm(), toJS<IDLIDBKeyData>(*state, *jsCast<JSDOMGlobalObject*>(state->lexicalGlobalObject()), keyData) } };
+ VM& vm = context->vm();
+ JSLockHolder lock(vm);
+ m_result = Result { JSC::Strong<JSC::Unknown> { vm, toJS<IDLIDBKeyData>(*state, *jsCast<JSDOMGlobalObject*>(state->lexicalGlobalObject()), keyData) } };
}
void IDBRequest::setResult(const Vector<IDBKeyData>& keyDatas)
@@ -387,8 +389,9 @@
// FIXME: This conversion should be done lazily, when script needs the JSValues, so that global object
// of the IDBRequest wrapper can be used, rather than the lexicalGlobalObject.
- Locker<JSLock> locker(context->vm().apiLock());
- m_result = Result { JSC::Strong<JSC::Unknown> { context->vm(), toJS<IDLSequence<IDLIDBKeyData>>(*state, *jsCast<JSDOMGlobalObject*>(state->lexicalGlobalObject()), keyDatas) } };
+ VM& vm = context->vm();
+ JSLockHolder lock(vm);
+ m_result = Result { JSC::Strong<JSC::Unknown> { vm, toJS<IDLSequence<IDLIDBKeyData>>(*state, *jsCast<JSDOMGlobalObject*>(state->lexicalGlobalObject()), keyDatas) } };
}
void IDBRequest::setResult(const Vector<IDBValue>& values)
@@ -405,8 +408,9 @@
// FIXME: This conversion should be done lazily, when script needs the JSValues, so that global object
// of the IDBRequest wrapper can be used, rather than the lexicalGlobalObject.
- Locker<JSLock> locker(context->vm().apiLock());
- m_result = Result { JSC::Strong<JSC::Unknown> { context->vm(), toJS<IDLSequence<IDLIDBValue>>(*state, *jsCast<JSDOMGlobalObject*>(state->lexicalGlobalObject()), values) } };
+ VM& vm = context->vm();
+ JSLockHolder lock(vm);
+ m_result = Result { JSC::Strong<JSC::Unknown> { vm, toJS<IDLSequence<IDLIDBValue>>(*state, *jsCast<JSDOMGlobalObject*>(state->lexicalGlobalObject()), values) } };
}
void IDBRequest::setResult(uint64_t number)
@@ -436,7 +440,9 @@
// FIXME: This conversion should be done lazily, when script needs the JSValues, so that global object
// of the IDBRequest wrapper can be used, rather than the lexicalGlobalObject.
- m_result = Result { JSC::Strong<JSC::Unknown> { context->vm(), toJS<IDLIDBValue>(*state, *jsCast<JSDOMGlobalObject*>(state->lexicalGlobalObject()), value) } };
+ VM& vm = context->vm();
+ JSLockHolder lock(vm);
+ m_result = Result { JSC::Strong<JSC::Unknown> { vm, toJS<IDLIDBValue>(*state, *jsCast<JSDOMGlobalObject*>(state->lexicalGlobalObject()), value) } };
}
void IDBRequest::setResultToUndefined()
Modified: releases/WebKitGTK/webkit-2.16/Tools/ChangeLog (216414 => 216415)
--- releases/WebKitGTK/webkit-2.16/Tools/ChangeLog 2017-05-08 14:03:51 UTC (rev 216414)
+++ releases/WebKitGTK/webkit-2.16/Tools/ChangeLog 2017-05-08 14:05:16 UTC (rev 216415)
@@ -1,3 +1,18 @@
+2017-05-04 Mark Lam <mark....@apple.com>
+
+ DRT's setAudioResultCallback() and IDBRequest::setResult() need to acquire the JSLock.
+ https://bugs.webkit.org/show_bug.cgi?id=171716
+ <rdar://problem/30878027>
+
+ Reviewed by Saam Barati.
+
+ setAudioResultCallback() needs to acquire the JSLock before calling toJS() (which
+ does JS conversion and therefore, potentially JS allocations) and accessing
+ methods of internal JS data structures (which may do JS invocation, etc).
+
+ * DumpRenderTree/TestRunner.cpp:
+ (setAudioResultCallback):
+
2017-05-05 Carlos Garcia Campos <cgar...@igalia.com>
[GTK] TestController timeout source callback should return G_SOURCE_REMOVE
Modified: releases/WebKitGTK/webkit-2.16/Tools/DumpRenderTree/TestRunner.cpp (216414 => 216415)
--- releases/WebKitGTK/webkit-2.16/Tools/DumpRenderTree/TestRunner.cpp 2017-05-08 14:03:51 UTC (rev 216414)
+++ releases/WebKitGTK/webkit-2.16/Tools/DumpRenderTree/TestRunner.cpp 2017-05-08 14:05:16 UTC (rev 216415)
@@ -347,7 +347,10 @@
return JSValueMakeUndefined(context);
// FIXME (123058): Use a JSC API to get buffer contents once such is exposed.
- JSC::JSArrayBufferView* jsBufferView = JSC::jsDynamicCast<JSC::JSArrayBufferView*>(toJS(context)->vm(), toJS(toJS(context), arguments[0]));
+ JSC::VM& vm = toJS(context)->vm();
+ JSC::JSLockHolder lock(vm);
+
+ JSC::JSArrayBufferView* jsBufferView = JSC::jsDynamicCast<JSC::JSArrayBufferView*>(vm, toJS(toJS(context), arguments[0]));
ASSERT(jsBufferView);
RefPtr<JSC::ArrayBufferView> bufferView = jsBufferView->unsharedImpl();
const char* buffer = static_cast<const char*>(bufferView->baseAddress());