Commit 9fc30530 authored by Alberto Garcia's avatar Alberto Garcia
Browse files

New upstream version 2.16.3

parent b74e0add
......@@ -14,7 +14,7 @@
<div class="titlepage">
<div>
<div><table class="navigation" id="top" width="100%" cellpadding="2" cellspacing="0"><tr><th valign="middle"><p class="title">WebKit2GTK+ Reference Manual</p></th></tr></table></div>
<div><p class="releaseinfo">for WebKit2GTK+ 2.16.2</p></div>
<div><p class="releaseinfo">for WebKit2GTK+ 2.16.3</p></div>
</div>
<hr>
</div>
......
......@@ -177,7 +177,7 @@ against at application run time.</p>
<hr>
<div class="refsect2">
<a name="WEBKIT-MICRO-VERSION:CAPS"></a><h3>WEBKIT_MICRO_VERSION</h3>
<pre class="programlisting">#define WEBKIT_MICRO_VERSION (2)
<pre class="programlisting">#define WEBKIT_MICRO_VERSION (3)
</pre>
<p>Like <a class="link" href="webkit2gtk-4.0-WebKitVersion.html#webkit-get-micro-version" title="webkit_get_micro_version ()"><code class="function">webkit_get_micro_version()</code></a>, but from the headers used at
application compile time, rather than from the library linked
......
......@@ -14,7 +14,7 @@
<div class="titlepage">
<div>
<div><table class="navigation" id="top" width="100%" cellpadding="2" cellspacing="0"><tr><th valign="middle"><p class="title">WebKitDOMGTK+ Reference Manual</p></th></tr></table></div>
<div><p class="releaseinfo">for WebKitDOMGTK+ 2.16.2</p></div>
<div><p class="releaseinfo">for WebKitDOMGTK+ 2.16.3</p></div>
</div>
<hr>
</div>
......
==================
WebKitGTK+ 2.16.3
==================
- Fix URL shown in the title of beforeunload dialogs.
- Focus first input field of HTTP authentication dialog.
- Fix rendering glitches in HiDPI in long GitHub Gist pages when focusing the comments textarea.
- Remove Firefox user agent quirk for Google domains.
- Remove LATEST_RECORD_VERSION from GnuTLS priority string.
- Fix several crashes and rendering issues.
- Security fixes: CVE-2017-2496, CVE-2017-2539, CVE-2017-2510.
==================
WebKitGTK+ 2.16.2
==================
......
......@@ -1377,6 +1377,7 @@ RegisterID* PostfixNode::emitResolve(BytecodeGenerator& generator, RegisterID* d
generator.emitReadOnlyExceptionIfNeeded(var);
localReg = generator.emitMove(generator.tempDestination(dst), local);
}
generator.invalidateForInContextForLocal(local);
RefPtr<RegisterID> oldValue = emitPostIncOrDec(generator, generator.finalDestination(dst), localReg.get(), m_operator);
generator.emitProfileType(localReg.get(), var, divotStart(), divotEnd());
return oldValue.get();
......@@ -1589,6 +1590,7 @@ RegisterID* PrefixNode::emitResolve(BytecodeGenerator& generator, RegisterID* ds
generator.emitReadOnlyExceptionIfNeeded(var);
localReg = generator.emitMove(generator.tempDestination(dst), localReg.get());
} else if (generator.vm()->typeProfiler()) {
generator.invalidateForInContextForLocal(local);
RefPtr<RegisterID> tempDst = generator.tempDestination(dst);
generator.emitMove(tempDst.get(), localReg.get());
emitIncOrDec(generator, tempDst.get(), m_operator);
......@@ -1596,6 +1598,7 @@ RegisterID* PrefixNode::emitResolve(BytecodeGenerator& generator, RegisterID* ds
generator.emitProfileType(localReg.get(), var, divotStart(), divotEnd());
return generator.moveToDestinationIfNeeded(dst, tempDst.get());
}
generator.invalidateForInContextForLocal(local);
emitIncOrDec(generator, localReg.get(), m_operator);
return generator.moveToDestinationIfNeeded(dst, localReg.get());
}
......
......@@ -46,13 +46,15 @@ ALWAYS_INLINE VM* Heap::vm() const
ALWAYS_INLINE Heap* Heap::heap(const HeapCell* cell)
{
if (!cell)
return nullptr;
return cell->heap();
}
inline Heap* Heap::heap(const JSValue v)
{
if (!v.isCell())
return 0;
return nullptr;
return heap(v.asCell());
}
......
......@@ -945,6 +945,23 @@ void MachineThreads::tryCopyOtherThreadStack(Thread* thread, void* buffer, size_
{
Thread::Registers registers;
size_t registersSize = thread->getRegisters(registers);
// This is a workaround for <rdar://problem/27607384>. During thread initialization,
// for some target platforms, thread state is momentarily set to 0 before being
// filled in with the target thread's real register values. As a result, there's
// a race condition that may result in us getting a null stackPointer.
// This issue may manifest with workqueue threads where the OS may choose to recycle
// a thread for an expired task.
//
// The workaround is simply to indicate that there's nothing to copy and return.
// This is correct because we will only ever observe a null pointer during thread
// initialization. Hence, by definition, there's nothing there that we need to scan
// yet, and therefore, nothing that needs to be copied.
if (UNLIKELY(!registers.stackPointer())) {
*size = 0;
return;
}
std::pair<void*, size_t> stack = thread->captureStack(registers.stackPointer());
bool canCopy = *size + registersSize + stack.second <= capacity;
......
......@@ -32,9 +32,6 @@ use File::Basename;
use File::Spec;
use File::Find;
use Getopt::Long;
use threads;
use threads::shared;
use Thread::Queue;
my $perl = $^X;
my $scriptDir = $FindBin::Bin;
......@@ -121,13 +118,18 @@ my @idlFilesToUpdate = grep &{sub {
implicitDependencies($depFile));
needsUpdate(\@output, \@deps);
}}, @idlFiles;
my $queue = Thread::Queue->new(@idlFilesToUpdate);
my $abort :shared = 0;
my $abort = 0;
my $totalCount = @idlFilesToUpdate;
my $currentCount :shared = 0;
my $currentCount = 0;
my @threadPool = map { threads->create(\&worker) } (1 .. $numOfJobs);
$_->join for @threadPool;
spawnGenerateBindingsIfNeeded() for (1 .. $numOfJobs);
while (waitpid(-1, 0) != -1) {
if ($?) {
$abort = 1;
}
spawnGenerateBindingsIfNeeded();
}
exit $abort;
sub needsUpdate
......@@ -157,20 +159,16 @@ sub mtime
return (stat $file)[9];
}
sub worker {
while (my $file = $queue->dequeue_nb()) {
last if $abort;
eval {
$currentCount++;
my $basename = basename($file);
printProgress("[$currentCount/$totalCount] $basename");
executeCommand($perl, @args, $file) == 0 or die;
};
if ($@) {
$abort = 1;
die;
}
}
sub spawnGenerateBindingsIfNeeded
{
return if $abort;
return unless @idlFilesToUpdate;
my $file = shift @idlFilesToUpdate;
$currentCount++;
my $basename = basename($file);
printProgress("[$currentCount/$totalCount] $basename");
my $pid = spawnCommand($perl, @args, $file);
$abort = 1 unless defined $pid;
}
sub buildDirectoryCache
......@@ -196,22 +194,23 @@ sub implicitDependencies
sub executeCommand
{
if ($^O eq 'cygwin') {
# 'system' of Cygwin Perl doesn't seem thread-safe
my $pid = fork();
defined($pid) or die;
if ($pid == 0) {
exec(@_) or die;
}
waitpid($pid, 0);
return $?;
}
if ($^O eq 'MSWin32') {
return system(quoteCommand(@_));
}
return system(@_);
}
sub spawnCommand
{
my $pid = fork();
if ($pid == 0) {
@_ = quoteCommand(@_) if ($^O eq 'MSWin32');
exec(@_);
die "Cannot exec";
}
return $pid;
}
sub quoteCommand
{
return map {
......
......@@ -105,6 +105,9 @@ size_t StyleRuleKeyframes::findKeyframeIndex(const String& key) const
auto keys = CSSParser::parseKeyframeKeyList(key);
if (!keys)
return notFound;
for (size_t i = m_keyframes.size(); i--; ) {
if (m_keyframes[i]->keys() == *keys)
return i;
......
......@@ -5242,15 +5242,31 @@ void Document::initSecurityContext()
setSecurityOriginPolicy(ownerFrame->document()->securityOriginPolicy());
}
bool Document::shouldInheritContentSecurityPolicyFromOwner() const
{
ASSERT(m_frame);
if (shouldInheritSecurityOriginFromOwner(m_url))
return true;
if (!isPluginDocument())
return false;
if (m_frame->tree().parent())
return true;
Frame* openerFrame = m_frame->loader().opener();
if (!openerFrame)
return false;
return openerFrame->document()->securityOrigin().canAccess(securityOrigin());
}
void Document::initContentSecurityPolicy()
{
// 1. Inherit Upgrade Insecure Requests
Frame* parentFrame = m_frame->tree().parent();
if (parentFrame)
contentSecurityPolicy()->copyUpgradeInsecureRequestStateFrom(*parentFrame->document()->contentSecurityPolicy());
if (!shouldInheritSecurityOriginFromOwner(m_url) && !isPluginDocument())
// 2. Inherit Content Security Policy
if (!shouldInheritContentSecurityPolicyFromOwner())
return;
Frame* ownerFrame = parentFrame;
if (!ownerFrame)
ownerFrame = m_frame->loader().opener();
......
......@@ -1299,6 +1299,8 @@ private:
friend class IgnoreDestructiveWriteCountIncrementer;
friend class IgnoreOpensDuringUnloadCountIncrementer;
bool shouldInheritContentSecurityPolicyFromOwner() const;
void detachFromFrame() { observeFrame(nullptr); }
void updateTitleElement(Element* newTitleElement);
......
......@@ -34,6 +34,7 @@
#include "HTMLInputElement.h"
#include "InputEvent.h"
#include "KeyboardEvent.h"
#include "MainFrame.h"
#include "MouseEvent.h"
#include "NoEventDispatchAssertion.h"
#include "ScopedEventQueue.h"
......@@ -115,7 +116,7 @@ static bool shouldSuppressEventDispatchInDOM(Node& node, Event& event)
if (!frame)
return false;
if (!frame->loader().shouldSuppressKeyboardInput())
if (!frame->mainFrame().loader().shouldSuppressKeyboardInput())
return false;
if (is<TextEvent>(event)) {
......
......@@ -21,6 +21,7 @@
#if ENABLE(XSLT)
#include <libxml/tree.h>
#include <wtf/FastMalloc.h>
#include <wtf/Forward.h>
#include <wtf/Noncopyable.h>
......@@ -28,19 +29,19 @@
namespace WebCore {
typedef void* PlatformTransformSource;
typedef xmlDocPtr PlatformTransformSource;
class TransformSource {
WTF_MAKE_NONCOPYABLE(TransformSource); WTF_MAKE_FAST_ALLOCATED;
public:
explicit TransformSource(const PlatformTransformSource&);
~TransformSource();
class TransformSource {
WTF_MAKE_NONCOPYABLE(TransformSource); WTF_MAKE_FAST_ALLOCATED;
public:
explicit TransformSource(const PlatformTransformSource&);
~TransformSource();
PlatformTransformSource platformSource() const { return m_source; }
PlatformTransformSource platformSource() const { return m_source; }
private:
PlatformTransformSource m_source;
};
private:
PlatformTransformSource m_source;
};
} // namespace WebCore
......
......@@ -39,7 +39,7 @@ TransformSource::TransformSource(const PlatformTransformSource& source)
TransformSource::~TransformSource()
{
xmlFreeDoc((xmlDocPtr)m_source);
xmlFreeDoc(m_source);
}
}
......
......@@ -578,7 +578,7 @@ bool Editor::tryDHTMLPaste()
bool Editor::shouldInsertText(const String& text, Range* range, EditorInsertAction action) const
{
if (m_frame.loader().shouldSuppressKeyboardInput() && action == EditorInsertAction::Typed)
if (m_frame.mainFrame().loader().shouldSuppressKeyboardInput() && action == EditorInsertAction::Typed)
return false;
return client() && client()->shouldInsertText(text, range, action);
......
......@@ -311,8 +311,12 @@ Node::InsertionNotificationRequest HTMLLinkElement::insertedInto(ContainerNode&
m_styleScope = &Style::Scope::forNode(*this);
m_styleScope->addStyleSheetCandidateNode(*this, m_createdByParser);
return InsertionShouldCallFinishedInsertingSubtree;
}
void HTMLLinkElement::finishedInsertingSubtree()
{
process();
return InsertionDone;
}
void HTMLLinkElement::removedFrom(ContainerNode& insertionPoint)
......
......@@ -80,6 +80,7 @@ private:
void clearSheet();
InsertionNotificationRequest insertedInto(ContainerNode&) final;
void finishedInsertingSubtree() final;
void removedFrom(ContainerNode&) final;
void initializeStyleSheet(Ref<StyleSheetContents>&&, const CachedCSSStyleSheet&);
......
......@@ -1748,44 +1748,46 @@ bool WebGL2RenderingContext::validateIndexArrayConservative(GC3Denum type, unsig
auto* buffer = elementArrayBuffer->elementArrayBuffer();
ASSERT(buffer);
int maxIndex = elementArrayBuffer->getCachedMaxIndex(type);
if (maxIndex < 0) {
std::optional<unsigned> maxIndex = elementArrayBuffer->getCachedMaxIndex(type);
if (!maxIndex) {
// Compute the maximum index in the entire buffer for the given type of index.
switch (type) {
case GraphicsContext3D::UNSIGNED_BYTE: {
const GC3Dubyte* p = static_cast<const GC3Dubyte*>(buffer->data());
for (GC3Dsizeiptr i = 0; i < numElements; i++)
maxIndex = std::max(maxIndex, static_cast<int>(p[i]));
maxIndex = maxIndex ? std::max(maxIndex.value(), static_cast<unsigned>(p[i])) : static_cast<unsigned>(p[i]);
break;
}
case GraphicsContext3D::UNSIGNED_SHORT: {
numElements /= sizeof(GC3Dushort);
const GC3Dushort* p = static_cast<const GC3Dushort*>(buffer->data());
for (GC3Dsizeiptr i = 0; i < numElements; i++)
maxIndex = std::max(maxIndex, static_cast<int>(p[i]));
maxIndex = maxIndex ? std::max(maxIndex.value(), static_cast<unsigned>(p[i])) : static_cast<unsigned>(p[i]);
break;
}
case GraphicsContext3D::UNSIGNED_INT: {
numElements /= sizeof(GC3Duint);
const GC3Duint* p = static_cast<const GC3Duint*>(buffer->data());
for (GC3Dsizeiptr i = 0; i < numElements; i++)
maxIndex = std::max(maxIndex, static_cast<int>(p[i]));
maxIndex = maxIndex ? std::max(maxIndex.value(), static_cast<unsigned>(p[i])) : static_cast<unsigned>(p[i]);
break;
}
default:
return false;
}
elementArrayBuffer->setCachedMaxIndex(type, maxIndex);
if (maxIndex)
elementArrayBuffer->setCachedMaxIndex(type, maxIndex.value());
}
if (maxIndex >= 0) {
// The number of required elements is one more than the maximum
// index that will be accessed.
numElementsRequired = maxIndex + 1;
return true;
}
return false;
if (!maxIndex)
return false;
// The number of required elements is one more than the maximum
// index that will be accessed.
numElementsRequired = maxIndex.value() + 1;
// Check for overflow.
return numElementsRequired > 0;
}
bool WebGL2RenderingContext::validateBlendEquation(const char* functionName, GC3Denum mode)
......
......@@ -228,16 +228,16 @@ GC3Dsizeiptr WebGLBuffer::byteLength() const
return m_byteLength;
}
int WebGLBuffer::getCachedMaxIndex(GC3Denum type)
std::optional<unsigned> WebGLBuffer::getCachedMaxIndex(GC3Denum type)
{
for (auto& cache : m_maxIndexCache) {
if (cache.type == type)
return cache.maxIndex;
}
return -1;
return std::nullopt;
}
void WebGLBuffer::setCachedMaxIndex(GC3Denum type, int value)
void WebGLBuffer::setCachedMaxIndex(GC3Denum type, unsigned value)
{
for (auto& cache : m_maxIndexCache) {
if (cache.type == type) {
......
......@@ -52,11 +52,10 @@ public:
GC3Dsizeiptr byteLength() const;
const JSC::ArrayBuffer* elementArrayBuffer() const { return m_elementArrayBuffer.get(); }
// Gets the cached max index for the given type. Returns -1 if
// none has been set.
int getCachedMaxIndex(GC3Denum type);
// Gets the cached max index for the given type if one has been set.
std::optional<unsigned> getCachedMaxIndex(GC3Denum type);
// Sets the cached max index for the given type.
void setCachedMaxIndex(GC3Denum type, int value);
void setCachedMaxIndex(GC3Denum type, unsigned value);
GC3Denum getTarget() const { return m_target; }
void setTarget(GC3Denum, bool forWebGL2);
......@@ -83,11 +82,10 @@ private:
// that size.
struct MaxIndexCacheEntry {
GC3Denum type;
int maxIndex;
unsigned maxIndex;
};
// OpenGL ES 2.0 only has two valid index types (UNSIGNED_BYTE
// and UNSIGNED_SHORT), but might as well leave open the
// possibility of adding others.
// and UNSIGNED_SHORT) plus one extension (UNSIGNED_INT).
MaxIndexCacheEntry m_maxIndexCache[4];
unsigned m_nextAvailableCacheEntry { 0 };
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment