Branch: refs/heads/webkitglib/2.52
Home: https://github.com/WebKit/WebKit
Commit: 9526ecd7605e93bab759fe4efdaee40465479951
https://github.com/WebKit/WebKit/commit/9526ecd7605e93bab759fe4efdaee40465479951
Author: Alicia Boya Garcia <[email protected]>
Date: 2026-04-07 (Tue, 07 Apr 2026)
Changed paths:
M
LayoutTests/platform/glib/imported/w3c/web-platform-tests/media-source/mediasource-is-type-supported-expected.txt
M Source/WebCore/platform/graphics/gstreamer/GStreamerRegistryScanner.cpp
Log Message:
-----------
Cherry-pick 310634@main (e33ca763cfd8).
https://bugs.webkit.org/show_bug.cgi?id=311347
[GStreamer] Use an explicit allowlist of AAC AOTs
https://bugs.webkit.org/show_bug.cgi?id=311347
Reviewed by Philippe Normand.
Currently the GStreamer ports of WebKit report support to any codec
string starting with "mp4a" if there is a decoder that supports
audio/mpeg, mpegversion=4. This is too optimistic and can lead to
applications choosing to use newer MPEG-4 Audio codecs not yet
supported by the user's system.
This patch makes WebKit play it safer and instead only report support
for AOTs with widespread support.
This includes reporting AOT 42 (typically used with xHE-AAC) as not
supported. Ideally we would query support for it somehow and reply
accordingly, but that would necessitate decoders to provide a uniform
API for querying such support, which unfortunately does not exist (and
would be tricky in practice as support is not always binary). An
environment variable is provided to declare explicit support or lack
thereof in environments where this is well-known, as well as for
debugging and experimentation.
See: https://github.com/WebPlatformForEmbedded/WPEWebKit/pull/1641 (but
note that this patch takes a different approach than the original PR).
*
LayoutTests/platform/glib/imported/w3c/web-platform-tests/media-source/mediasource-is-type-supported-expected.txt:
* Source/WebCore/platform/graphics/gstreamer/GStreamerRegistryScanner.cpp:
(WebCore::GStreamerRegistryScanner::initializeDecoders):
Canonical link: https://commits.webkit.org/310634@main
Canonical link: https://commits.webkit.org/305877.371@webkitglib/2.52
Commit: a23a4bf70a1a8c3938d2480a0bdd5c71d84dcc3b
https://github.com/WebKit/WebKit/commit/a23a4bf70a1a8c3938d2480a0bdd5c71d84dcc3b
Author: Chris Dumez <[email protected]>
Date: 2026-04-07 (Tue, 07 Apr 2026)
Changed paths:
A
LayoutTests/imported/w3c/web-platform-tests/css/cssom/caretPositionFromPoint-in-flex-container-expected.txt
A
LayoutTests/imported/w3c/web-platform-tests/css/cssom/caretPositionFromPoint-in-flex-container.html
M Source/WebCore/rendering/RenderBox.cpp
Log Message:
-----------
Cherry-pick 310626@main (9449d94cd8a3).
https://bugs.webkit.org/show_bug.cgi?id=311543
Fix inverted Y-axis comparison in RenderBox::positionForPoint
https://bugs.webkit.org/show_bug.cgi?id=311543
Reviewed by Alan Baradlay.
The exact-hit check for whether a point falls inside a child's content
box had the Y comparisons swapped: it required point.y() <= top AND
point.y() >= bottom, which is impossible when bottom > top (always true
since contentBoxHeight() is non-negative). This meant the early return
never fired, and the function always fell through to the distance-based
closest-child search.
The distance fallback computes the distance from the point to each
child's nearest edge. When the point is inside a tall child near its
top edge, the distance to that child's bottom edge can be very large,
while the distance to a short preceding sibling's bottom edge is small.
This causes the wrong child to be selected, misplacing the caret.
This is observable via caretPositionFromPoint on flex/grid containers
when the hit-test returns the container rather than a child (e.g. when
children have pointer-events: none).
Test:
imported/w3c/web-platform-tests/css/cssom/caretPositionFromPoint-in-flex-container.html
- This test is failing in shipping Safari but passing in Chrome and Firefox.
*
LayoutTests/imported/w3c/web-platform-tests/css/cssom/caretPositionFromPoint-in-flex-container-expected.txt:
Added.
*
LayoutTests/imported/w3c/web-platform-tests/css/cssom/caretPositionFromPoint-in-flex-container.html:
Added.
* Source/WebCore/rendering/RenderBox.cpp:
(WebCore::RenderBox::positionForPoint):
Canonical link: https://commits.webkit.org/310626@main
Canonical link: https://commits.webkit.org/305877.372@webkitglib/2.52
Commit: 7df391f31714e692e23921c19e8edf4b6ab9f207
https://github.com/WebKit/WebKit/commit/7df391f31714e692e23921c19e8edf4b6ab9f207
Author: David Kilzer <[email protected]>
Date: 2026-04-07 (Tue, 07 Apr 2026)
Changed paths:
M Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp
Log Message:
-----------
Cherry-pick 310618@main (acf3ca6f197b).
https://bugs.webkit.org/show_bug.cgi?id=311493
Crash due to nullptr deref in WebCore::SQLiteIDBBackingStore::openCursor()
via infoForObjectStore()
<https://bugs.webkit.org/show_bug.cgi?id=311493>
<rdar://168962352>
Reviewed by Sihui Liu.
Add nullptr checks for `infoForObjectStore()` return values in four
call sites that unconditionally dereference the result after only a
Debug `ASSERT()`. When `m_objectStoreMap` is empty (e.g., due to
database corruption or metadata migration failure),
`HashMap::find()` crashes because the compiler eliminates the
internal nullptr check on `m_table` through undefined behavior (UB)
propagation from the unconditional dereference after inlining.
* Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
(WebCore::IDBServer::SQLiteIDBBackingStore::getIndexRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::iterateCursor):
(WebCore::IDBServer::SQLiteIDBBackingStore::openCursor):
(WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedGetIndexRecordForOneKey):
- Change to `openCursor()` fixes the crash. The rest are drive-by
fixes with the same pattern.
Canonical link: https://commits.webkit.org/310618@main
Canonical link: https://commits.webkit.org/305877.373@webkitglib/2.52
Compare: https://github.com/WebKit/WebKit/compare/6a794cd13d0e...7df391f31714
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
