Branch: refs/heads/webkitglib/2.38 Home: https://github.com/WebKit/WebKit Commit: 24e3ce7b1f024cc6dc43f58ef6b4103d109709b2 https://github.com/WebKit/WebKit/commit/24e3ce7b1f024cc6dc43f58ef6b4103d109709b2 Author: Miguel Salinas <miguel_sali...@apple.com> Date: 2023-01-24 (Tue, 24 Jan 2023)
Changed paths: A LayoutTests/storage/indexeddb/crash-on-getdatabases-expected.txt A LayoutTests/storage/indexeddb/crash-on-getdatabases.html A LayoutTests/storage/indexeddb/resources/crash-on-getdatabases.js M Source/WebCore/Modules/indexeddb/IDBTransaction.cpp Log Message: ----------- Cherry-pick 256112@main (4a1a50028375). https://bugs.webkit.org/show_bug.cgi?id=246706 nullptr crash in WebCore::IDBTransaction::dispatchEvent https://bugs.webkit.org/show_bug.cgi?id=246706 rdar://94637046 Reviewed by Sihui Liu. We should check if m_openDBRequest is null in IDBTransaction::dispatchEvent. The repro is flaky but does reproduce for me ~1/3 of the time. I tried to reduce the test case but it either stopped reproducing or reproduced significantly less frequently. * LayoutTests/storage/indexeddb/crash-on-getdatabases-expected.txt: Added. * LayoutTests/storage/indexeddb/crash-on-getdatabases.html: Added. * LayoutTests/storage/indexeddb/resources/crash-on-getdatabases.js: Added. (async testDoesNotCrash): * Source/WebCore/Modules/indexeddb/IDBTransaction.cpp: (WebCore::IDBTransaction::dispatchEvent): Canonical link: https://commits.webkit.org/256112@main Commit: 3544b1eaff9de757625d2d6dc8b897d18dda6167 https://github.com/WebKit/WebKit/commit/3544b1eaff9de757625d2d6dc8b897d18dda6167 Author: Chris Dumez <cdu...@apple.com> Date: 2023-01-24 (Tue, 24 Jan 2023) Changed paths: M Source/WebCore/page/Quirks.cpp Log Message: ----------- Cherry-pick 256081@main (cc22c989e13b). https://bugs.webkit.org/show_bug.cgi?id=247153 Regression(252759@main) Unable to log into marcus.com https://bugs.webkit.org/show_bug.cgi?id=247153 rdar://101086391 Reviewed by Brian Weinstein. Extend showModalDialog quirk to marcus.com to work around their geo-blocking relying on the showModalDialog property existing (somehow). Note that the property is exposed but is undefined, which is sufficient since they don't actually call the showModalDialog function. * Source/WebCore/page/Quirks.cpp: (WebCore::Quirks::shouldExposeShowModalDialog const): Canonical link: https://commits.webkit.org/256081@main Commit: c2764831554bdd0597fe5eefd1b7a84b07ea9b1b https://github.com/WebKit/WebKit/commit/c2764831554bdd0597fe5eefd1b7a84b07ea9b1b Author: Darin Adler <da...@apple.com> Date: 2023-01-24 (Tue, 24 Jan 2023) Changed paths: M Source/WTF/wtf/text/StringImpl.h M Source/WTF/wtf/text/StringView.h Log Message: ----------- Cherry-pick 255739@main (a7b9e4efad0c). https://bugs.webkit.org/show_bug.cgi?id=246688 ASSERTION FAILED: !is8Bit() https://bugs.webkit.org/show_bug.cgi?id=246688 rdar://101291623 Reviewed by Mark Lam. * Source/WTF/wtf/text/StringImpl.h: (WTF::StringImpl::characters16 const): Allow calling this on the empty string without asserting. There is no problem returning the 8-bit character pointer as a 16-bit character pointer when the length is zero; the pointer will never be dereferenced. * Source/WTF/wtf/text/StringView.h: (WTF::StringView::characters16 const): Ditto. Canonical link: https://commits.webkit.org/255739@main Commit: f7faf90291eb0a196d9a2007749ffce2c4d57369 https://github.com/WebKit/WebKit/commit/f7faf90291eb0a196d9a2007749ffce2c4d57369 Author: Alicia Boya Garcia <ab...@igalia.com> Date: 2023-01-24 (Tue, 24 Jan 2023) Changed paths: M Source/WTF/wtf/MediaTime.cpp M Tools/TestWebKitAPI/Tests/WTF/MediaTime.cpp Log Message: ----------- Cherry-pick 255767@main (c020c7e213d8). https://bugs.webkit.org/show_bug.cgi?id=246746 [WTF] MediaTime: compute flags on multiplication with doubles https://bugs.webkit.org/show_bug.cgi?id=246746 Reviewed by Yusuke Suzuki. The current multiplication algorithm in WTF::MediaTime updates the time value without updating the flags. This becomes a problem if the multiplication promotes the number to infinity. This patch fixes this problem and adds a test for it. * Source/WTF/wtf/MediaTime.cpp: (WTF::MediaTime::operator* const): * Tools/TestWebKitAPI/Tests/WTF/MediaTime.cpp: (TestWebKitAPI::TEST): Canonical link: https://commits.webkit.org/255767@main Commit: 991d269b4371d5ac9733f9d7fc38e42c75fb7ad1 https://github.com/WebKit/WebKit/commit/991d269b4371d5ac9733f9d7fc38e42c75fb7ad1 Author: Alejandro G. Castro <a...@igalia.com> Date: 2023-01-24 (Tue, 24 Jan 2023) Changed paths: M Source/WebCore/inspector/InspectorCanvas.cpp M Source/WebCore/inspector/InspectorCanvasCallTracer.h Log Message: ----------- Cherry-pick 255778@main (6b4ed06fa609). https://bugs.webkit.org/show_bug.cgi?id=246753 WebGL compilation disabling WebGL 2 is broken https://bugs.webkit.org/show_bug.cgi?id=246753 Reviewed by Kenneth Russell. WebGLVertexArrayObject is part of the WebGL 2 API but there are some places in the code where it was added under the WEBGL ifdef instead of WEBGL2. * Source/WebCore/inspector/InspectorCanvas.cpp: * Source/WebCore/inspector/InspectorCanvasCallTracer.h: Canonical link: https://commits.webkit.org/255778@main Commit: 77fea22f4f22c794773f741e7f63add927ce133c https://github.com/WebKit/WebKit/commit/77fea22f4f22c794773f741e7f63add927ce133c Author: Fujii Hironori <hironori.fu...@sony.com> Date: 2023-01-24 (Tue, 24 Jan 2023) Changed paths: M LayoutTests/platform/gtk/transforms/2d/zoom-menulist-expected.png M LayoutTests/platform/gtk/transforms/2d/zoom-menulist-expected.txt M Source/WebCore/platform/adwaita/ThemeAdwaita.cpp M Source/WebCore/platform/adwaita/ThemeAdwaita.h M Source/WebCore/rendering/RenderThemeAdwaita.cpp Log Message: ----------- Cherry-pick 255820@main (fbcbce2f5153). https://bugs.webkit.org/show_bug.cgi?id=246679 ThemeAdwaita: checkbox, radio and inner spin button don't scale along by page zoom https://bugs.webkit.org/show_bug.cgi?id=246679 Reviewed by Carlos Garcia Campos. ThemeAdwaita should scale controls based on a given zoom factor. Scale buttons for input elements with type=number, type=checkbox, type=radio and datalist, and select elements. ThemeAdwaita::paintArrow painted a 16x16 arrow at (0, 0) position. Change it to take a rect and paint an arrow at the center of the rect, fitting to the smaller edge. * Source/WebCore/platform/adwaita/ThemeAdwaita.cpp: (WebCore::ThemeAdwaita::paintArrow): (WebCore::ThemeAdwaita::controlSize const): (WebCore::ThemeAdwaita::paintSpinButton): * Source/WebCore/platform/adwaita/ThemeAdwaita.h: * Source/WebCore/rendering/RenderThemeAdwaita.cpp: (WebCore::RenderThemeAdwaita::paintTextField): (WebCore::RenderThemeAdwaita::popupInternalPaddingBox const): (WebCore::RenderThemeAdwaita::paintMenuList): * LayoutTests/platform/gtk/transforms/2d/zoom-menulist-expected.png: * LayoutTests/platform/gtk/transforms/2d/zoom-menulist-expected.txt: Canonical link: https://commits.webkit.org/255820@main Commit: 9bf91b552df7e799cb8b51d649f2509820cbe2f2 https://github.com/WebKit/WebKit/commit/9bf91b552df7e799cb8b51d649f2509820cbe2f2 Author: Arie Geiger <arsgei...@gmail.com> Date: 2023-01-24 (Tue, 24 Jan 2023) Changed paths: M Source/cmake/FindGI.cmake Log Message: ----------- Cherry-pick 255887@main (a5345caf3944). https://bugs.webkit.org/show_bug.cgi?id=246907 [GTK] Fix GIR build failure when cross compiling https://bugs.webkit.org/show_bug.cgi?id=246907 Reviewed by Michael Catanzaro. * Source/cmake/FindGI.cmake Canonical link: https://commits.webkit.org/255887@main Commit: 194225d79c6c2fd938af1f60f67bf46f9c7a87fc https://github.com/WebKit/WebKit/commit/194225d79c6c2fd938af1f60f67bf46f9c7a87fc Author: Przemyslaw Gorszkowski <pgorszkow...@igalia.com> Date: 2023-01-24 (Tue, 24 Jan 2023) Changed paths: M Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp M Source/WebKit/UIProcess/ProvisionalPageProxy.cpp Log Message: ----------- Cherry-pick 255908@main (238827ce8406). https://bugs.webkit.org/show_bug.cgi?id=246935 Add missing undef MESSAGE_CHECK for cpp file https://bugs.webkit.org/show_bug.cgi?id=246935 Reviewed by Žan Doberšek. Add missing #undef MESSAGE_CHECK at the end of the cpp file solves the problem with errors in unified builds on mac machines. * Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp: * Source/WebKit/UIProcess/ProvisionalPageProxy.cpp: Canonical link: https://commits.webkit.org/255908@main Commit: c99e2b44631f61ed3b14278140742aa1befbce48 https://github.com/WebKit/WebKit/commit/c99e2b44631f61ed3b14278140742aa1befbce48 Author: Wenson Hsieh <wenson_hs...@apple.com> Date: 2023-01-24 (Tue, 24 Jan 2023) Changed paths: A LayoutTests/editing/resources/selection-scrolling-in-multiple-nested-subframes-iframe.html A LayoutTests/editing/selection/selection-scrolling-in-multiple-nested-subframes-expected.txt A LayoutTests/editing/selection/selection-scrolling-in-multiple-nested-subframes.html M Source/WebCore/page/FrameView.cpp Log Message: ----------- Cherry-pick 255998@main (dd872d60f501). https://bugs.webkit.org/show_bug.cgi?id=246978 Release assert while scrolling subframes under reentrant calls to updateAppearanceAfterLayout() https://bugs.webkit.org/show_bug.cgi?id=246978 rdar://97896551 Reviewed by Simon Fraser. It's currently possible to induce a release assertion when attempting to update layout underneath `RenderWidget::updateWidgetPosition()`, by revealing the selection inside of a nested subframe that contains viewport-constrained elements. The new test case below contains the steps required to set up this assertion: - Load a page that contains a subframe (`s_0`), which in turn contains two or more child frames (`s_1`, `s_2`). `s_1` and `s_2` contain editable content, and `s_0` contains a fixed-position element. - Focus each of `s_1` and `s_2`, and use the keyboard to change the selection. This causes both frames' `FrameSelection`s to be in a state where `m_selectionRevealMode` is set to `Reveal`. - Scroll `s_0` down to the bottom (see (3) below for more information), and then click the button to trigger an event handler that runs the rest of the test. 1. On click, in `s_1` and `s_2`, we clear the contents of the body, which schedules selection revealing as post-layout tasks. 2. Next, we force a sync layout update by invoking `document.body.offsetHeight;` in the main frame, which triggers all the following events in the test. 3. As a post-layout task, since `s_0` contains a fixed-position element, we invoke `FrameView::updateWidgetPositions()`, which triggers a subsequent layout in each of the subframes. 4. In this nested layout pass, we then fire off the additional post-layout tasks scheduled by `s_1` and `s_2`, which both attempt to reveal the selection synchronously, one after another. 5. The selection scrolling causes us to establish a `ScriptDisallowedScope` inside of `FrameView::scrollRectToVisibleInChildView`, while attempting scrolling the child frame `s_1` to reveal the selection. 6. This nested `RenderWidget::updateWidgetPosition()` triggers another nested layout pass. Note that this, in theory, already reveals the bug — though in practice, we don't crash yet because `s_1`'s layout is already up to date. After layout, we fire off the other queued post-layout task to reveal the selection, this time for `s_2`. 7. We then attempt to reveal the selection again, this time for `s_2`. However, due to the fact that this is now all happening inside a `ScriptDisallowedScope` established in (5), we now crash. To fix this, we take advantage of some of the prior work done in `commits.webkit.org/250836@main` to remove a synchronous post-layout call to `updateAppearanceAfterLayout()` in the case where the selection is not focused and active. Since we now update the selection appearance in the next rendering update anyways, this simply defers work that would've otherwise been done as a post-layout task to the next rendering update instead. Note that we still update eagerly here in the case where the selection is active, since accessibility notifications still rely on the fact that intermediate AX notifications are dispatched for selection changes that happen during text editing (see: accessibility/mac/selection-value-changes-for-aria-textbox.html). In the future, we could probably queue the accessibility notifications above as well, and eliminate the post-layout selection appearance update altogether. Test: editing/selection/selection-scrolling-in-multiple-nested-subframes.html * LayoutTests/editing/resources/selection-scrolling-in-multiple-nested-subframes-iframe.html: Added. * LayoutTests/editing/selection/selection-scrolling-in-multiple-nested-subframes-expected.txt: Added. * LayoutTests/editing/selection/selection-scrolling-in-multiple-nested-subframes.html: Added. * Source/WebCore/page/FrameView.cpp: (WebCore::FrameView::performPostLayoutTasks): Canonical link: https://commits.webkit.org/255998@main Commit: 9f0df5cff717690374b8f94dc0190c68444958a3 https://github.com/WebKit/WebKit/commit/9f0df5cff717690374b8f94dc0190c68444958a3 Author: Alan Coon <alanc...@apple.com> Date: 2023-01-24 (Tue, 24 Jan 2023) Changed paths: M Source/WebCore/rendering/RenderImage.cpp Log Message: ----------- Cherry-pick 252432.595@safari-7614-branch (60a99963fd45). https://bugs.webkit.org/show_bug.cgi?id=246712 Crash in RenderImage::paintReplaced https://bugs.webkit.org/show_bug.cgi?id=246712 rdar://101205947 Reviewed by David Kilzer and Myles Maxfield. * Source/WebCore/rendering/RenderImage.cpp: (WebCore::RenderImage::paintReplaced): Canonical link: https://commits.webkit.org/252432.595@safari-7614-branch Commit: b8f565c7a7c7dbd150c578f147d2134aacfe1316 https://github.com/WebKit/WebKit/commit/b8f565c7a7c7dbd150c578f147d2134aacfe1316 Author: Youenn Fablet <youe...@gmail.com> Date: 2023-01-24 (Tue, 24 Jan 2023) Changed paths: M Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServer.cpp Log Message: ----------- Cherry-pick 255968@main (62dfaac6890c). https://bugs.webkit.org/show_bug.cgi?id=246999 Creating a shared worker connection should retry without providing a specific webprocess https://bugs.webkit.org/show_bug.cgi?id=246999 rdar://101506812 Reviewed by Chris Dumez. We were trying to create a context connection of a shared worker by always sending a particular target process. If this process is terminated for instance, the network process will think that the connection should be there. But no context connection is there, so it retries to create a context connection, with the same target process. This triggers a loop. To break the loop, we try using the first target process on the first try but not on successive tries. UIProcess, on second try, will then try some other processes, typically by creating a new process. * Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServer.cpp: (WebKit::WebSharedWorkerServer::createContextConnection): Canonical link: https://commits.webkit.org/255968@main Compare: https://github.com/WebKit/WebKit/compare/9a224f3ed860...b8f565c7a7c7 _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes