BASELINE: Update Chromium to 71.0.3578.93

Change-Id: I6a32086c33670e1b033f8b10e6bf1fd4da1d105d Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
author: Allan Sandfeld Jensen <allan.jensen@qt.io> 2018-12-10 16:19:40 +0100
committer: Allan Sandfeld Jensen <allan.jensen@qt.io> 2018-12-10 16:01:50 +0000
commit: 51f6c2793adab2d864b3d2b360000ef8db1d3e92 (patch)
tree: 835b3b4446b012c75e80177cef9fbe6972cc7dbe /chromium/third_party/blink/renderer/bindings/core/v8/serialization
parent: 6036726eb981b6c4b42047513b9d3f4ac865daac (diff)
download: qtwebengine-chromium-51f6c2793adab2d864b3d2b360000ef8db1d3e92.tar.gz
10 files changed, 52 insertions, 27 deletions
diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/post_message_helper.cc b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/post_message_helper.cc
index 25efed8921a..278b2ec8f25 100644
--- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/post_message_helper.cc
+++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/post_message_helper.cc
@@ -94,7 +94,7 @@ PostMessageHelper::CreateUserActivationSnapshot(
     if (LocalFrame* frame = dom_window->GetFrame()) {
       return mojom::blink::UserActivationSnapshot::New(
           frame->HasBeenActivated(),
-          Frame::HasTransientUserActivation(frame, false));
+          LocalFrame::HasTransientUserActivation(frame, false));
     }
   }
   return nullptr;
diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/post_message_helper.h b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/post_message_helper.h
index 4adfc46554d..2c9a498b731 100644
--- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/post_message_helper.h
+++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/post_message_helper.h
@@ -6,7 +6,7 @@
 #define THIRD_PARTY_BLINK_RENDERER_BINDINGS_CORE_V8_SERIALIZATION_POST_MESSAGE_HELPER_H_
 
 #include "base/memory/scoped_refptr.h"
-#include "third_party/blink/public/mojom/message_port/message_port.mojom-blink.h"
+#include "third_party/blink/public/mojom/messaging/user_activation_snapshot.mojom-blink.h"
 #include "third_party/blink/renderer/core/core_export.h"
 #include "third_party/blink/renderer/platform/wtf/allocator.h"
 #include "v8/include/v8.h"
diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialization_tag.h b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialization_tag.h
index adb208c929a..33d2b21f40d 100644
--- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialization_tag.h
+++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialization_tag.h
@@ -93,7 +93,15 @@ enum SerializationTag {
   //                     namedCurve:uint32_t
   kRTCCertificateTag = 'k',  // length:uint32_t, pemPrivateKey:WebCoreString,
                              // pemCertificate:WebCoreString
-  kVersionTag = 0xFF  // version:uint32_t -> Uses this as the file version.
+  kDetectedBarcodeTag =
+      'B',  // raw_value:WebCoreString, bounding_box:DOMRectReadOnly,
+            // corner_points:Point2D[length] -> DetectedBarcode (ref)
+  kDetectedFaceTag =
+      'F',  // raw_value:WebCoreString, bounding_box:DOMRectReadOnly,
+            // corner_points:Point2D[length] -> DetectedText (ref)
+  kDetectedTextTag = 't',  // bounding_box:DOMRectReadOnly,
+                           // landmarks:Landmark[length] -> DetectedFace (ref)
+  kVersionTag = 0xFF       // version:uint32_t -> Uses this as the file version.
 };
 
 }  // namespace blink
diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value.cc b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value.cc
index 33e3eed2151..037f145ed13 100644
--- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value.cc
+++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value.cc
@@ -61,6 +61,7 @@
 #include "third_party/blink/renderer/platform/shared_buffer.h"
 #include "third_party/blink/renderer/platform/wtf/assertions.h"
 #include "third_party/blink/renderer/platform/wtf/dtoa/utils.h"
+#include "third_party/blink/renderer/platform/wtf/std_lib_extras.h"
 #include "third_party/blink/renderer/platform/wtf/text/string_buffer.h"
 #include "third_party/blink/renderer/platform/wtf/text/string_hash.h"
 #include "third_party/blink/renderer/platform/wtf/vector.h"
@@ -293,7 +294,8 @@ String SerializedScriptValue::ToWireString() const {
   // Add the padding '\0', but don't put it in |m_dataBuffer|.
   // This requires direct use of uninitialized strings, though.
   UChar* destination;
-  size_t string_size_bytes = (data_buffer_size_ + 1) & ~1;
+  wtf_size_t string_size_bytes =
+      SafeCast<wtf_size_t>((data_buffer_size_ + 1) & ~1);
   String wire_string =
       String::CreateUninitialized(string_size_bytes / 2, destination);
   memcpy(destination, data_buffer_.get(), data_buffer_size_);
@@ -312,7 +314,7 @@ SerializedScriptValue::TransferImageBitmapContents(
   if (!image_bitmaps.size())
     return contents;
 
-  for (size_t i = 0; i < image_bitmaps.size(); ++i) {
+  for (wtf_size_t i = 0; i < image_bitmaps.size(); ++i) {
     if (image_bitmaps[i]->IsNeutered()) {
       exception_state.ThrowDOMException(DOMExceptionCode::kDataCloneError,
                                         "ImageBitmap at index " +
@@ -323,7 +325,7 @@ SerializedScriptValue::TransferImageBitmapContents(
   }
 
   HeapHashSet<Member<ImageBitmap>> visited;
-  for (size_t i = 0; i < image_bitmaps.size(); ++i) {
+  for (wtf_size_t i = 0; i < image_bitmaps.size(); ++i) {
     if (visited.Contains(image_bitmaps[i]))
       continue;
     visited.insert(image_bitmaps[i]);
@@ -348,7 +350,7 @@ void SerializedScriptValue::TransferOffscreenCanvas(
     return;
 
   HeapHashSet<Member<OffscreenCanvas>> visited;
-  for (size_t i = 0; i < offscreen_canvases.size(); i++) {
+  for (wtf_size_t i = 0; i < offscreen_canvases.size(); i++) {
     if (visited.Contains(offscreen_canvases[i].Get()))
       continue;
     if (offscreen_canvases[i]->IsNeutered()) {
@@ -385,7 +387,7 @@ void SerializedScriptValue::CloneSharedArrayBuffers(
 
   HeapHashSet<Member<DOMArrayBufferBase>> visited;
   shared_array_buffers_contents_.Grow(array_buffers.size());
-  size_t i = 0;
+  wtf_size_t i = 0;
   for (auto* it = array_buffers.begin(); it != array_buffers.end(); ++it) {
     DOMSharedArrayBuffer* shared_array_buffer = *it;
     if (visited.Contains(shared_array_buffer))
@@ -446,7 +448,7 @@ bool SerializedScriptValue::ExtractTransferables(
     Transferables& transferables,
     ExceptionState& exception_state) {
   // Validate the passed array of transferables.
-  uint32_t i = 0;
+  wtf_size_t i = 0;
   for (const auto& script_value : object_sequence) {
     v8::Local<v8::Value> transferable_object = script_value.V8Value();
     // Validation of non-null objects, per HTML5 spec 10.3.3.
@@ -550,8 +552,9 @@ ArrayBufferArray SerializedScriptValue::ExtractNonSharedArrayBuffers(
   // Copy the non-shared array buffers into result, and remove them from
   // array_buffers.
   result.AppendRange(non_shared_begin, array_buffers.end());
-  array_buffers.EraseAt(non_shared_begin - array_buffers.begin(),
-                        array_buffers.end() - non_shared_begin);
+  array_buffers.EraseAt(
+      static_cast<wtf_size_t>(non_shared_begin - array_buffers.begin()),
+      static_cast<wtf_size_t>(array_buffers.end() - non_shared_begin));
   return result;
 }
 
@@ -568,7 +571,8 @@ SerializedScriptValue::TransferArrayBufferContents(
   for (auto* it = array_buffers.begin(); it != array_buffers.end(); ++it) {
     DOMArrayBufferBase* array_buffer = *it;
     if (array_buffer->IsNeutered()) {
-      size_t index = std::distance(array_buffers.begin(), it);
+      wtf_size_t index =
+          static_cast<wtf_size_t>(std::distance(array_buffers.begin(), it));
       exception_state.ThrowDOMException(DOMExceptionCode::kDataCloneError,
                                         "ArrayBuffer at index " +
                                             String::Number(index) +
@@ -585,7 +589,8 @@ SerializedScriptValue::TransferArrayBufferContents(
       continue;
     visited.insert(array_buffer_base);
 
-    size_t index = std::distance(array_buffers.begin(), it);
+    wtf_size_t index =
+        static_cast<wtf_size_t>(std::distance(array_buffers.begin(), it));
     if (array_buffer_base->IsShared()) {
       exception_state.ThrowDOMException(DOMExceptionCode::kDataCloneError,
                                         "SharedArrayBuffer at index " +
diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value.h b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value.h
index 5dc7bbfa12f..68ebafe597b 100644
--- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value.h
+++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value.h
@@ -88,6 +88,7 @@ class CORE_EXPORT SerializedScriptValue
   // Version 17: Remove unnecessary byte swapping.
   // Version 18: Add a list of key-value pairs for ImageBitmap and ImageData to
   //             support color space information, compression, etc.
+  // Version 19: Add DetectedBarcode, DetectedFace, and DetectedText support.
   //
   // The following versions cannot be used, in order to be able to
   // deserialize version 0 SSVs. The class implementation has details.
@@ -100,7 +101,7 @@ class CORE_EXPORT SerializedScriptValue
   //
   // Recent changes are routinely reverted in preparation for branch, and this
   // has been the cause of at least one bug in the past.
-  static constexpr uint32_t kWireFormatVersion = 18;
+  static constexpr uint32_t kWireFormatVersion = 19;
 
   // This enumeration specifies whether we're serializing a value for storage;
   // e.g. when writing to IndexedDB. This corresponds to the forStorage flag of
diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value_fuzzer.cc b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value_fuzzer.cc
index 448fea0a4e9..a75067bffdd 100644
--- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value_fuzzer.cc
+++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/serialized_script_value_fuzzer.cc
@@ -8,6 +8,7 @@
 #include <cstddef>
 #include <cstdint>
 
+#include "base/numerics/safe_conversions.h"
 #include "build/build_config.h"
 #include "third_party/blink/public/platform/web_blob_info.h"
 #include "third_party/blink/renderer/bindings/core/v8/v8_binding_for_core.h"
@@ -52,12 +53,15 @@ int LLVMFuzzerInitialize(int* argc, char*** argv) {
   return 0;
 }
 
-int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) {
   // Odd sizes are handled in various ways, depending how they arrive.
   // Let's not worry about that case here.
-  if (size % sizeof(UChar))
+  if (data_size % sizeof(UChar))
     return 0;
 
+  // Truncate the input.
+  wtf_size_t size = base::saturated_cast<wtf_size_t>(data_size);
+
   // Used to control what kind of extra data is provided to the deserializer.
   unsigned hash = StringHasher::HashMemory(data, size);
 
diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_deserializer.cc b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_deserializer.cc
index a7f18c5ad7d..298cc58efdd 100644
--- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_deserializer.cc
+++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_deserializer.cc
@@ -419,11 +419,7 @@ ScriptWrappable* V8ScriptValueDeserializer::ReadDOMObject(
       return DOMRect::Create(x, y, width, height);
     }
     case kDOMRectReadOnlyTag: {
-      double x = 0, y = 0, width = 0, height = 0;
-      if (!ReadDouble(&x) || !ReadDouble(&y) || !ReadDouble(&width) ||
-          !ReadDouble(&height))
-        return nullptr;
-      return DOMRectReadOnly::Create(x, y, width, height);
+      return ReadDOMRectReadOnly();
     }
     case kDOMQuadTag: {
       DOMPointInit pointInits[4];
@@ -560,6 +556,14 @@ File* V8ScriptValueDeserializer::ReadFileIndex() {
                                               blob_handle);
 }
 
+DOMRectReadOnly* V8ScriptValueDeserializer::ReadDOMRectReadOnly() {
+  double x = 0, y = 0, width = 0, height = 0;
+  if (!ReadDouble(&x) || !ReadDouble(&y) || !ReadDouble(&width) ||
+      !ReadDouble(&height))
+    return nullptr;
+  return DOMRectReadOnly::Create(x, y, width, height);
+}
+
 scoped_refptr<BlobDataHandle>
 V8ScriptValueDeserializer::GetOrCreateBlobDataHandle(const String& uuid,
                                                      const String& type,
diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_deserializer.h b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_deserializer.h
index 3582fcbce79..c020791b310 100644
--- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_deserializer.h
+++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_deserializer.h
@@ -17,6 +17,7 @@
 
 namespace blink {
 
+class DOMRectReadOnly;
 class File;
 class UnpackedSerializedScriptValue;
 
@@ -65,6 +66,7 @@ class CORE_EXPORT V8ScriptValueDeserializer
     return deserializer_.ReadRawBytes(size, data);
   }
   bool ReadUTF8String(String* string_out);
+  DOMRectReadOnly* ReadDOMRectReadOnly();
 
   template <typename E>
   bool ReadUint32Enum(E* value) {
diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_serializer.cc b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_serializer.cc
index 9c23be48326..dd2f4e0c668 100644
--- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_serializer.cc
+++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_serializer.cc
@@ -170,7 +170,6 @@ void V8ScriptValueSerializer::WriteUTF8String(const String& string) {
   // TODO(jbroman): Ideally this method would take a WTF::StringView, but the
   // StringUTF8Adaptor trick doesn't yet work with StringView.
   StringUTF8Adaptor utf8(string);
-  DCHECK_LT(utf8.length(), std::numeric_limits<uint32_t>::max());
   WriteUint32(utf8.length());
   WriteRawBytes(utf8.Data(), utf8.length());
 }
@@ -268,8 +267,10 @@ bool V8ScriptValueSerializer::WriteDOMObject(ScriptWrappable* wrappable,
     WriteUint32(image_data->width());
     WriteUint32(image_data->height());
     DOMArrayBufferBase* pixel_buffer = image_data->BufferBase();
-    WriteUint32(pixel_buffer->ByteLength());
-    WriteRawBytes(pixel_buffer->Data(), pixel_buffer->ByteLength());
+    uint32_t pixel_buffer_length =
+        SafeCast<uint32_t>(pixel_buffer->ByteLength());
+    WriteUint32(pixel_buffer_length);
+    WriteRawBytes(pixel_buffer->Data(), pixel_buffer_length);
     return true;
   }
   if (wrapper_type_info == &V8DOMPoint::wrapperTypeInfo) {
@@ -446,7 +447,7 @@ bool V8ScriptValueSerializer::WriteDOMObject(ScriptWrappable* wrappable,
     WriteTag(kOffscreenCanvasTransferTag);
     WriteUint32(canvas->width());
     WriteUint32(canvas->height());
-    WriteUint32(canvas->PlaceholderCanvasId());
+    WriteUint64(canvas->PlaceholderCanvasId());
     WriteUint32(canvas->ClientId());
     WriteUint32(canvas->SinkId());
     return true;
@@ -555,7 +556,7 @@ v8::Maybe<uint32_t> V8ScriptValueSerializer::GetSharedArrayBufferId(
   // The index returned from this function will be serialized into the data
   // stream. When deserializing, this will be used to index into the
   // sharedArrayBufferContents array of the SerializedScriptValue.
-  size_t index = shared_array_buffers_.Find(shared_array_buffer);
+  uint32_t index = shared_array_buffers_.Find(shared_array_buffer);
   if (index == kNotFound) {
     shared_array_buffers_.push_back(shared_array_buffer);
     index = shared_array_buffers_.size() - 1;
diff --git a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_serializer_test.cc b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_serializer_test.cc
index 5e3a9cb8b29..8e3f54805d5 100644
--- a/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_serializer_test.cc
+++ b/chromium/third_party/blink/renderer/bindings/core/v8/serialization/v8_script_value_serializer_test.cc
@@ -106,7 +106,7 @@ v8::Local<v8::Value> RoundTrip(
 v8::Local<v8::Value> Eval(const String& source, V8TestingScope& scope) {
   return scope.GetFrame()
       .GetScriptController()
-      .ExecuteScriptInMainWorldAndReturnValue(source);
+      .ExecuteScriptInMainWorldAndReturnValue(source, KURL(), kOpaqueResource);
 }
 
 String ToJSON(v8::Local<v8::Object> object, const V8TestingScope& scope) {
author	Allan Sandfeld Jensen <allan.jensen@qt.io>	2018-12-10 16:19:40 +0100
committer	Allan Sandfeld Jensen <allan.jensen@qt.io>	2018-12-10 16:01:50 +0000
commit	51f6c2793adab2d864b3d2b360000ef8db1d3e92 (patch)
tree	835b3b4446b012c75e80177cef9fbe6972cc7dbe /chromium/third_party/blink/renderer/bindings/core/v8/serialization
parent	6036726eb981b6c4b42047513b9d3f4ac865daac (diff)
download	qtwebengine-chromium-51f6c2793adab2d864b3d2b360000ef8db1d3e92.tar.gz