diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-12-10 16:19:40 +0100 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-12-10 16:01:50 +0000 |
commit | 51f6c2793adab2d864b3d2b360000ef8db1d3e92 (patch) | |
tree | 835b3b4446b012c75e80177cef9fbe6972cc7dbe /chromium/third_party/blink/renderer/bindings/core/v8/serialization | |
parent | 6036726eb981b6c4b42047513b9d3f4ac865daac (diff) | |
download | qtwebengine-chromium-51f6c2793adab2d864b3d2b360000ef8db1d3e92.tar.gz |
BASELINE: Update Chromium to 71.0.3578.93
Change-Id: I6a32086c33670e1b033f8b10e6bf1fd4da1d105d
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Diffstat (limited to 'chromium/third_party/blink/renderer/bindings/core/v8/serialization')
10 files changed, 52 insertions, 27 deletions
diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/post_message_helper.cc b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/post_message_helper.cc index 25efed8921a..278b2ec8f25 100644 --- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/post_message_helper.cc +++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/post_message_helper.cc @@ -94,7 +94,7 @@ PostMessageHelper::CreateUserActivationSnapshot( if (LocalFrame* frame = dom_window->GetFrame()) { return mojom::blink::UserActivationSnapshot::New( frame->HasBeenActivated(), - Frame::HasTransientUserActivation(frame, false)); + LocalFrame::HasTransientUserActivation(frame, false)); } } return nullptr; diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/post_message_helper.h b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/post_message_helper.h index 4adfc46554d..2c9a498b731 100644 --- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/post_message_helper.h +++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/post_message_helper.h @@ -6,7 +6,7 @@ #define THIRD_PARTY_BLINK_RENDERER_BINDINGS_CORE_V8_SERIALIZATION_POST_MESSAGE_HELPER_H_ #include "base/memory/scoped_refptr.h" -#include "third_party/blink/public/mojom/message_port/message_port.mojom-blink.h" +#include "third_party/blink/public/mojom/messaging/user_activation_snapshot.mojom-blink.h" #include "third_party/blink/renderer/core/core_export.h" #include "third_party/blink/renderer/platform/wtf/allocator.h" #include "v8/include/v8.h" diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialization_tag.h b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialization_tag.h index adb208c929a..33d2b21f40d 100644 --- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialization_tag.h +++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialization_tag.h @@ -93,7 +93,15 @@ enum SerializationTag { // namedCurve:uint32_t kRTCCertificateTag = 'k', // length:uint32_t, pemPrivateKey:WebCoreString, // pemCertificate:WebCoreString - kVersionTag = 0xFF // version:uint32_t -> Uses this as the file version. + kDetectedBarcodeTag = + 'B', // raw_value:WebCoreString, bounding_box:DOMRectReadOnly, + // corner_points:Point2D[length] -> DetectedBarcode (ref) + kDetectedFaceTag = + 'F', // raw_value:WebCoreString, bounding_box:DOMRectReadOnly, + // corner_points:Point2D[length] -> DetectedText (ref) + kDetectedTextTag = 't', // bounding_box:DOMRectReadOnly, + // landmarks:Landmark[length] -> DetectedFace (ref) + kVersionTag = 0xFF // version:uint32_t -> Uses this as the file version. }; } // namespace blink diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value.cc b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value.cc index 33e3eed2151..037f145ed13 100644 --- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value.cc +++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value.cc @@ -61,6 +61,7 @@ #include "third_party/blink/renderer/platform/shared_buffer.h" #include "third_party/blink/renderer/platform/wtf/assertions.h" #include "third_party/blink/renderer/platform/wtf/dtoa/utils.h" +#include "third_party/blink/renderer/platform/wtf/std_lib_extras.h" #include "third_party/blink/renderer/platform/wtf/text/string_buffer.h" #include "third_party/blink/renderer/platform/wtf/text/string_hash.h" #include "third_party/blink/renderer/platform/wtf/vector.h" @@ -293,7 +294,8 @@ String SerializedScriptValue::ToWireString() const { // Add the padding '\0', but don't put it in |m_dataBuffer|. // This requires direct use of uninitialized strings, though. UChar* destination; - size_t string_size_bytes = (data_buffer_size_ + 1) & ~1; + wtf_size_t string_size_bytes = + SafeCast<wtf_size_t>((data_buffer_size_ + 1) & ~1); String wire_string = String::CreateUninitialized(string_size_bytes / 2, destination); memcpy(destination, data_buffer_.get(), data_buffer_size_); @@ -312,7 +314,7 @@ SerializedScriptValue::TransferImageBitmapContents( if (!image_bitmaps.size()) return contents; - for (size_t i = 0; i < image_bitmaps.size(); ++i) { + for (wtf_size_t i = 0; i < image_bitmaps.size(); ++i) { if (image_bitmaps[i]->IsNeutered()) { exception_state.ThrowDOMException(DOMExceptionCode::kDataCloneError, "ImageBitmap at index " + @@ -323,7 +325,7 @@ SerializedScriptValue::TransferImageBitmapContents( } HeapHashSet<Member<ImageBitmap>> visited; - for (size_t i = 0; i < image_bitmaps.size(); ++i) { + for (wtf_size_t i = 0; i < image_bitmaps.size(); ++i) { if (visited.Contains(image_bitmaps[i])) continue; visited.insert(image_bitmaps[i]); @@ -348,7 +350,7 @@ void SerializedScriptValue::TransferOffscreenCanvas( return; HeapHashSet<Member<OffscreenCanvas>> visited; - for (size_t i = 0; i < offscreen_canvases.size(); i++) { + for (wtf_size_t i = 0; i < offscreen_canvases.size(); i++) { if (visited.Contains(offscreen_canvases[i].Get())) continue; if (offscreen_canvases[i]->IsNeutered()) { @@ -385,7 +387,7 @@ void SerializedScriptValue::CloneSharedArrayBuffers( HeapHashSet<Member<DOMArrayBufferBase>> visited; shared_array_buffers_contents_.Grow(array_buffers.size()); - size_t i = 0; + wtf_size_t i = 0; for (auto* it = array_buffers.begin(); it != array_buffers.end(); ++it) { DOMSharedArrayBuffer* shared_array_buffer = *it; if (visited.Contains(shared_array_buffer)) @@ -446,7 +448,7 @@ bool SerializedScriptValue::ExtractTransferables( Transferables& transferables, ExceptionState& exception_state) { // Validate the passed array of transferables. - uint32_t i = 0; + wtf_size_t i = 0; for (const auto& script_value : object_sequence) { v8::Local<v8::Value> transferable_object = script_value.V8Value(); // Validation of non-null objects, per HTML5 spec 10.3.3. @@ -550,8 +552,9 @@ ArrayBufferArray SerializedScriptValue::ExtractNonSharedArrayBuffers( // Copy the non-shared array buffers into result, and remove them from // array_buffers. result.AppendRange(non_shared_begin, array_buffers.end()); - array_buffers.EraseAt(non_shared_begin - array_buffers.begin(), - array_buffers.end() - non_shared_begin); + array_buffers.EraseAt( + static_cast<wtf_size_t>(non_shared_begin - array_buffers.begin()), + static_cast<wtf_size_t>(array_buffers.end() - non_shared_begin)); return result; } @@ -568,7 +571,8 @@ SerializedScriptValue::TransferArrayBufferContents( for (auto* it = array_buffers.begin(); it != array_buffers.end(); ++it) { DOMArrayBufferBase* array_buffer = *it; if (array_buffer->IsNeutered()) { - size_t index = std::distance(array_buffers.begin(), it); + wtf_size_t index = + static_cast<wtf_size_t>(std::distance(array_buffers.begin(), it)); exception_state.ThrowDOMException(DOMExceptionCode::kDataCloneError, "ArrayBuffer at index " + String::Number(index) + @@ -585,7 +589,8 @@ SerializedScriptValue::TransferArrayBufferContents( continue; visited.insert(array_buffer_base); - size_t index = std::distance(array_buffers.begin(), it); + wtf_size_t index = + static_cast<wtf_size_t>(std::distance(array_buffers.begin(), it)); if (array_buffer_base->IsShared()) { exception_state.ThrowDOMException(DOMExceptionCode::kDataCloneError, "SharedArrayBuffer at index " + diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value.h b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value.h index 5dc7bbfa12f..68ebafe597b 100644 --- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value.h +++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value.h @@ -88,6 +88,7 @@ class CORE_EXPORT SerializedScriptValue // Version 17: Remove unnecessary byte swapping. // Version 18: Add a list of key-value pairs for ImageBitmap and ImageData to // support color space information, compression, etc. + // Version 19: Add DetectedBarcode, DetectedFace, and DetectedText support. // // The following versions cannot be used, in order to be able to // deserialize version 0 SSVs. The class implementation has details. @@ -100,7 +101,7 @@ class CORE_EXPORT SerializedScriptValue // // Recent changes are routinely reverted in preparation for branch, and this // has been the cause of at least one bug in the past. - static constexpr uint32_t kWireFormatVersion = 18; + static constexpr uint32_t kWireFormatVersion = 19; // This enumeration specifies whether we're serializing a value for storage; // e.g. when writing to IndexedDB. This corresponds to the forStorage flag of diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value_fuzzer.cc b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value_fuzzer.cc index 448fea0a4e9..a75067bffdd 100644 --- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value_fuzzer.cc +++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value_fuzzer.cc @@ -8,6 +8,7 @@ #include <cstddef> #include <cstdint> +#include "base/numerics/safe_conversions.h" #include "build/build_config.h" #include "third_party/blink/public/platform/web_blob_info.h" #include "third_party/blink/renderer/bindings/core/v8/v8_binding_for_core.h" @@ -52,12 +53,15 @@ int LLVMFuzzerInitialize(int* argc, char*** argv) { return 0; } -int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { +int LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) { // Odd sizes are handled in various ways, depending how they arrive. // Let's not worry about that case here. - if (size % sizeof(UChar)) + if (data_size % sizeof(UChar)) return 0; + // Truncate the input. + wtf_size_t size = base::saturated_cast<wtf_size_t>(data_size); + // Used to control what kind of extra data is provided to the deserializer. unsigned hash = StringHasher::HashMemory(data, size); diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_deserializer.cc b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_deserializer.cc index a7f18c5ad7d..298cc58efdd 100644 --- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_deserializer.cc +++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_deserializer.cc @@ -419,11 +419,7 @@ ScriptWrappable* V8ScriptValueDeserializer::ReadDOMObject( return DOMRect::Create(x, y, width, height); } case kDOMRectReadOnlyTag: { - double x = 0, y = 0, width = 0, height = 0; - if (!ReadDouble(&x) || !ReadDouble(&y) || !ReadDouble(&width) || - !ReadDouble(&height)) - return nullptr; - return DOMRectReadOnly::Create(x, y, width, height); + return ReadDOMRectReadOnly(); } case kDOMQuadTag: { DOMPointInit pointInits[4]; @@ -560,6 +556,14 @@ File* V8ScriptValueDeserializer::ReadFileIndex() { blob_handle); } +DOMRectReadOnly* V8ScriptValueDeserializer::ReadDOMRectReadOnly() { + double x = 0, y = 0, width = 0, height = 0; + if (!ReadDouble(&x) || !ReadDouble(&y) || !ReadDouble(&width) || + !ReadDouble(&height)) + return nullptr; + return DOMRectReadOnly::Create(x, y, width, height); +} + scoped_refptr<BlobDataHandle> V8ScriptValueDeserializer::GetOrCreateBlobDataHandle(const String& uuid, const String& type, diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_deserializer.h b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_deserializer.h index 3582fcbce79..c020791b310 100644 --- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_deserializer.h +++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_deserializer.h @@ -17,6 +17,7 @@ namespace blink { +class DOMRectReadOnly; class File; class UnpackedSerializedScriptValue; @@ -65,6 +66,7 @@ class CORE_EXPORT V8ScriptValueDeserializer return deserializer_.ReadRawBytes(size, data); } bool ReadUTF8String(String* string_out); + DOMRectReadOnly* ReadDOMRectReadOnly(); template <typename E> bool ReadUint32Enum(E* value) { diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_serializer.cc b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_serializer.cc index 9c23be48326..dd2f4e0c668 100644 --- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_serializer.cc +++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_serializer.cc @@ -170,7 +170,6 @@ void V8ScriptValueSerializer::WriteUTF8String(const String& string) { // TODO(jbroman): Ideally this method would take a WTF::StringView, but the // StringUTF8Adaptor trick doesn't yet work with StringView. StringUTF8Adaptor utf8(string); - DCHECK_LT(utf8.length(), std::numeric_limits<uint32_t>::max()); WriteUint32(utf8.length()); WriteRawBytes(utf8.Data(), utf8.length()); } @@ -268,8 +267,10 @@ bool V8ScriptValueSerializer::WriteDOMObject(ScriptWrappable* wrappable, WriteUint32(image_data->width()); WriteUint32(image_data->height()); DOMArrayBufferBase* pixel_buffer = image_data->BufferBase(); - WriteUint32(pixel_buffer->ByteLength()); - WriteRawBytes(pixel_buffer->Data(), pixel_buffer->ByteLength()); + uint32_t pixel_buffer_length = + SafeCast<uint32_t>(pixel_buffer->ByteLength()); + WriteUint32(pixel_buffer_length); + WriteRawBytes(pixel_buffer->Data(), pixel_buffer_length); return true; } if (wrapper_type_info == &V8DOMPoint::wrapperTypeInfo) { @@ -446,7 +447,7 @@ bool V8ScriptValueSerializer::WriteDOMObject(ScriptWrappable* wrappable, WriteTag(kOffscreenCanvasTransferTag); WriteUint32(canvas->width()); WriteUint32(canvas->height()); - WriteUint32(canvas->PlaceholderCanvasId()); + WriteUint64(canvas->PlaceholderCanvasId()); WriteUint32(canvas->ClientId()); WriteUint32(canvas->SinkId()); return true; @@ -555,7 +556,7 @@ v8::Maybe<uint32_t> V8ScriptValueSerializer::GetSharedArrayBufferId( // The index returned from this function will be serialized into the data // stream. When deserializing, this will be used to index into the // sharedArrayBufferContents array of the SerializedScriptValue. - size_t index = shared_array_buffers_.Find(shared_array_buffer); + uint32_t index = shared_array_buffers_.Find(shared_array_buffer); if (index == kNotFound) { shared_array_buffers_.push_back(shared_array_buffer); index = shared_array_buffers_.size() - 1; diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_serializer_test.cc b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_serializer_test.cc index 5e3a9cb8b29..8e3f54805d5 100644 --- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_serializer_test.cc +++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_serializer_test.cc @@ -106,7 +106,7 @@ v8::Local<v8::Value> RoundTrip( v8::Local<v8::Value> Eval(const String& source, V8TestingScope& scope) { return scope.GetFrame() .GetScriptController() - .ExecuteScriptInMainWorldAndReturnValue(source); + .ExecuteScriptInMainWorldAndReturnValue(source, KURL(), kOpaqueResource); } String ToJSON(v8::Local<v8::Object> object, const V8TestingScope& scope) { |