1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
|
From 53ca279739365f9a604fba0a673f0539dfd67c55 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Mon, 8 Apr 2024 10:21:34 -0700
Subject: [PATCH 1/6] Cherry-pick 277203@main (bd1249cc9c4f).
https://bugs.webkit.org/show_bug.cgi?id=272309
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Workaround restrict error in GCC 12
https://bugs.webkit.org/show_bug.cgi?id=272309
Reviewed by Darin Adler.
In GCC 12.3.0:
In static member function ‘static constexpr std::char_traits<char>::char_type* std::char_traits<char>::copy(char_type*, const char_type*, std::size_t)’,
inlined from ‘static constexpr void std::__cxx11::basic_string<_CharT, _Traits, _Alloc>::_S_copy(_CharT*, const _CharT*, size_type) [with _CharT = char; _Traits = std::char_traits<char>; _Alloc = std::allocator<char>]’ at /usr/include/c++/12/bits/basic_string.h:431:21,
inlined from ‘constexpr std::__cxx11::basic_string<_CharT, _Traits, _Allocator>& std::__cxx11::basic_string<_CharT, _Traits, _Alloc>::_M_replace(size_type, size_type, const _CharT*, size_type) [with _CharT = char; _Traits = std::char_traits<char>; _Alloc = std::allocator<char>]’ at /usr/include/c++/12/bits/basic_string.tcc:532:22,
inlined from ‘constexpr std::__cxx11::basic_string<_CharT, _Traits, _Alloc>& std::__cxx11::basic_string<_CharT, _Traits, _Alloc>::replace(size_type, size_type, const _CharT*, size_type) [with _CharT = char; _Traits = std::char_traits<char>; _Alloc = std::allocator<char>]’ at /usr/include/c++/12/bits/basic_string.h:2179:19,
inlined from ‘constexpr std::__cxx11::basic_string<_CharT, _Traits, _Alloc>& std::__cxx11::basic_string<_CharT, _Traits, _Alloc>::insert(size_type, const _CharT*) [with _CharT = char; _Traits = std::char_traits<char>; _Alloc = std::allocator<char>]’ at /usr/include/c++/12/bits/basic_string.h:1936:22,
inlined from ‘std::ostream& WTF::operator<<(std::ostream&, Int128Impl)’ at /host/home/tingping/Projects/WebKit/Source/WTF/wtf/Int128.cpp:268:17:
/usr/include/c++/12/bits/char_traits.h:435:56: error: ‘void* __builtin_memcpy(void*, const void*, long unsigned int)’ accessing 9223372036854775810 or more bytes at offsets [2, 9223372036854775807] and 1 may overlap up to 9223372036854775813 bytes at offset -3 [-Werror=restrict]
435 | return static_cast<char_type*>(__builtin_memcpy(__s1, __s2, __n));
| ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~
* Source/WTF/wtf/Int128.cpp:
(WTF::operator<<):
Canonical link: https://commits.webkit.org/277203@main
Canonical link: https://commits.webkit.org/274313.129@webkitglib/2.44
---
Source/WTF/wtf/Int128.cpp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Source/WTF/wtf/Int128.cpp b/Source/WTF/wtf/Int128.cpp
index 3962059d0cb9..c04f6d74543a 100644
--- a/Source/WTF/wtf/Int128.cpp
+++ b/Source/WTF/wtf/Int128.cpp
@@ -265,9 +265,9 @@ std::ostream& operator<<(std::ostream& os, Int128Impl v) {
(flags & std::ios::basefield) == std::ios_base::fmtflags();
if (print_as_decimal) {
if (Int128High64(v) < 0) {
- rep = "-";
+ rep.append("-");
} else if (flags & std::ios::showpos) {
- rep = "+";
+ rep.append("+");
}
}
--
2.43.0
From 8ce83c4bf224122e0062248752a3ed014efc67e5 Mon Sep 17 00:00:00 2001
From: Tim Nguyen <ntim@apple.com>
Date: Wed, 3 Apr 2024 09:22:37 -0700
Subject: [PATCH 4/6] Cherry-pick 277007@main (1870b119a450).
https://bugs.webkit.org/show_bug.cgi?id=272044
CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::ValidatedFormListedElement::updateValidity
https://bugs.webkit.org/show_bug.cgi?id=272044
rdar://117727866
Reviewed by Ryosuke Niwa.
It speculatively fixes a bug that RadioButtonGroup::m_members may contain a nullptr WeakRef.
* Source/WebCore/dom/RadioButtonGroups.cpp:
(WebCore::RadioButtonGroup::isEmpty const):
(WebCore::RadioButtonGroup::remove):
(WebCore::RadioButtonGroup::setNeedsStyleRecalcForAllButtons):
(WebCore::RadioButtonGroup::updateValidityForAllButtons):
Canonical link: https://commits.webkit.org/277007@main
Canonical link: https://commits.webkit.org/274313.132@webkitglib/2.44
---
Source/WebCore/dom/RadioButtonGroups.cpp | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/Source/WebCore/dom/RadioButtonGroups.cpp b/Source/WebCore/dom/RadioButtonGroups.cpp
index ba07a3fbdf09..4bbae6cbb72f 100644
--- a/Source/WebCore/dom/RadioButtonGroups.cpp
+++ b/Source/WebCore/dom/RadioButtonGroups.cpp
@@ -31,7 +31,7 @@ namespace WebCore {
class RadioButtonGroup {
WTF_MAKE_FAST_ALLOCATED;
public:
- bool isEmpty() const { return m_members.isEmpty(); }
+ bool isEmpty() const { return m_members.isEmptyIgnoringNullReferences(); }
bool isRequired() const { return m_requiredCount; }
RefPtr<HTMLInputElement> checkedButton() const { return m_checkedButton.get(); }
void add(HTMLInputElement&);
@@ -47,7 +47,7 @@ private:
bool isValid() const;
void setCheckedButton(HTMLInputElement*);
- HashSet<WeakRef<HTMLInputElement, WeakPtrImplWithEventTargetData>> m_members;
+ WeakHashSet<HTMLInputElement, WeakPtrImplWithEventTargetData> m_members;
WeakPtr<HTMLInputElement, WeakPtrImplWithEventTargetData> m_checkedButton;
size_t m_requiredCount { 0 };
};
@@ -60,7 +60,7 @@ inline bool RadioButtonGroup::isValid() const
Vector<Ref<HTMLInputElement>> RadioButtonGroup::members() const
{
auto sortedMembers = WTF::map(m_members, [](auto& element) -> Ref<HTMLInputElement> {
- return element.get();
+ return element;
});
std::sort(sortedMembers.begin(), sortedMembers.end(), [](auto& a, auto& b) {
return is_lt(treeOrder<ComposedTree>(a, b));
@@ -155,7 +155,7 @@ void RadioButtonGroup::remove(HTMLInputElement& button)
}
}
- if (m_members.isEmpty()) {
+ if (m_members.isEmptyIgnoringNullReferences()) {
ASSERT(!m_requiredCount);
ASSERT(!m_checkedButton);
} else if (wasValid != isValid())
@@ -170,7 +170,7 @@ void RadioButtonGroup::remove(HTMLInputElement& button)
void RadioButtonGroup::setNeedsStyleRecalcForAllButtons()
{
for (auto& checkedButton : m_members) {
- Ref button = checkedButton.get();
+ Ref button = checkedButton;
ASSERT(button->isRadioButton());
button->invalidateStyleForSubtree();
}
@@ -179,7 +179,7 @@ void RadioButtonGroup::setNeedsStyleRecalcForAllButtons()
void RadioButtonGroup::updateValidityForAllButtons()
{
for (auto& checkedButton : m_members) {
- Ref button = checkedButton.get();
+ Ref button = checkedButton;
ASSERT(button->isRadioButton());
button->updateValidity();
}
--
2.43.0
From 93bde17ed761f5de54726de83ced4959303794c6 Mon Sep 17 00:00:00 2001
From: Abrar Rahman Protyasha <a_protyasha@apple.com>
Date: Mon, 1 Apr 2024 22:42:12 -0700
Subject: [PATCH 5/6] Cherry-pick 276925@main (59cedf7135bc).
https://bugs.webkit.org/show_bug.cgi?id=271962
Linker error when logging ViewportConfiguration to TextStream in Release configuration
https://bugs.webkit.org/show_bug.cgi?id=271962
rdar://125713559
Reviewed by Sihui Liu.
WebCore::operator<<(WTF::TextStream&, WebCore::ViewConfiguration const&)
is defined behind !LOG_DISABLED, which means in Release configuration,
the linker cannot find this definition.
This patch fixes the linker error by removing the relevant !LOG_DISABLED
checks around both the operator<< overload definition and the
description()/dump() declarations, since said methods are referenced by
the operator<< overload.
* Source/WebCore/page/ViewportConfiguration.cpp:
(WebCore::ViewportConfiguration::setIsKnownToLayOutWiderThanViewport):
(WebCore::ViewportConfiguration::dump const):
* Source/WebCore/page/ViewportConfiguration.h:
Canonical link: https://commits.webkit.org/276925@main
Canonical link: https://commits.webkit.org/274313.133@webkitglib/2.44
---
Source/WebCore/page/ViewportConfiguration.cpp | 4 ++--
Source/WebCore/page/ViewportConfiguration.h | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/Source/WebCore/page/ViewportConfiguration.cpp b/Source/WebCore/page/ViewportConfiguration.cpp
index 51abb1154515..c58bc368cd6c 100644
--- a/Source/WebCore/page/ViewportConfiguration.cpp
+++ b/Source/WebCore/page/ViewportConfiguration.cpp
@@ -674,8 +674,6 @@ bool ViewportConfiguration::setIsKnownToLayOutWiderThanViewport(bool value)
return true;
}
-#if !LOG_DISABLED
-
TextStream& operator<<(TextStream& ts, const ViewportConfiguration::Parameters& parameters)
{
ts.startGroup();
@@ -747,6 +745,8 @@ String ViewportConfiguration::description() const
return ts.release();
}
+#if !LOG_DISABLED
+
void ViewportConfiguration::dump() const
{
WTFLogAlways("%s", description().utf8().data());
diff --git a/Source/WebCore/page/ViewportConfiguration.h b/Source/WebCore/page/ViewportConfiguration.h
index acd5a92ae089..1a7c27225a4b 100644
--- a/Source/WebCore/page/ViewportConfiguration.h
+++ b/Source/WebCore/page/ViewportConfiguration.h
@@ -148,9 +148,9 @@ public:
WEBCORE_EXPORT static Parameters imageDocumentParameters();
WEBCORE_EXPORT static Parameters xhtmlMobileParameters();
WEBCORE_EXPORT static Parameters testingParameters();
-
-#if !LOG_DISABLED
+
String description() const;
+#if !LOG_DISABLED
WEBCORE_EXPORT void dump() const;
#endif
--
2.43.0
From aff53249f2d491d082094a2aa57008c46e55d278 Mon Sep 17 00:00:00 2001
From: Erica Li <lerica@apple.com>
Date: Tue, 19 Mar 2024 18:27:04 -0700
Subject: [PATCH 6/6] Cherry-pick 276379@main (d036679431a5).
https://bugs.webkit.org/show_bug.cgi?id=271028
ASAN_SEGV | WebCore::LocalFrame::injectUserScripts.
rdar://124432384
https://bugs.webkit.org/show_bug.cgi?id=271028
Reviewed by Ryosuke Niwa.
Frame might be detached early, null checking before injectUserScripts from image document.
* Source/WebCore/html/ImageDocument.cpp:
(WebCore::ImageDocument::createDocumentStructure):
Canonical link: https://commits.webkit.org/276379@main
Canonical link: https://commits.webkit.org/274313.134@webkitglib/2.44
---
Source/WebCore/html/ImageDocument.cpp | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/Source/WebCore/html/ImageDocument.cpp b/Source/WebCore/html/ImageDocument.cpp
index f91478f138fe..67d3ed0d09af 100644
--- a/Source/WebCore/html/ImageDocument.cpp
+++ b/Source/WebCore/html/ImageDocument.cpp
@@ -230,7 +230,8 @@ void ImageDocument::createDocumentStructure()
rootElement->insertedByParser();
rootElement->setInlineStyleProperty(CSSPropertyHeight, 100, CSSUnitType::CSS_PERCENTAGE);
- frame()->injectUserScripts(UserScriptInjectionTime::DocumentStart);
+ if (RefPtr localFrame = frame())
+ localFrame->injectUserScripts(UserScriptInjectionTime::DocumentStart);
// We need a <head> so that the call to setTitle() later on actually has an <head> to append to <title> to.
auto head = HTMLHeadElement::create(*this);
--
2.43.0
|
