diff options
Diffstat (limited to 'chromium/third_party')
77 files changed, 565 insertions, 259 deletions
diff --git a/chromium/third_party/android_crazy_linker/BUILD.gn b/chromium/third_party/android_crazy_linker/BUILD.gn index c3e72769afe..76c361e9c6e 100644 --- a/chromium/third_party/android_crazy_linker/BUILD.gn +++ b/chromium/third_party/android_crazy_linker/BUILD.gn @@ -21,6 +21,7 @@ group("android_crazy_linker_tests") { ":crazy_linker_bench_load_library", ":crazy_linker_test_constructors_destructors", ":crazy_linker_test_dl_wrappers", + ":crazy_linker_test_dl_wrappers_recursive", ":crazy_linker_test_dl_wrappers_valid_handles", ":crazy_linker_test_dl_wrappers_with_system_handle", ":crazy_linker_test_load_library", @@ -84,6 +85,8 @@ template("crazy_linker_library") { "src/src/crazy_linker_shared_library.h", "src/src/crazy_linker_system.cpp", "src/src/crazy_linker_system.h", + "src/src/crazy_linker_system_linker.cpp", + "src/src/crazy_linker_system_linker.h", "src/src/crazy_linker_thread.cpp", "src/src/crazy_linker_thread.h", "src/src/crazy_linker_util.cpp", @@ -176,6 +179,9 @@ template("crazy_linker_test_library") { if (defined(invoker.libs)) { libs += invoker.libs } + if (defined(invoker.defines)) { + defines = invoker.defines + } # This is not Chromium code. configs -= [ "//build/config/compiler:chromium_code" ] @@ -257,6 +263,35 @@ crazy_linker_test_library("crazy_linker_tests_libzoo_with_dlopen_handle") { libs = [ "dl" ] } +crazy_linker_test_library("crazy_linker_tests_libzoo_dlopen_in_initializer") { + sources = [ + "src/tests/zoo_with_dlopen_in_elf_initializer.cpp", + ] + defines = [ + "THIS_LIB_NAME=\"libzoo_dlopen_in_initializer\"", + "LIB_NAME=\"libcrazy_linker_tests_libzoo_dlopen_in_initializer_inner.so\"", + ] + data_deps = [ + ":crazy_linker_tests_libzoo_dlopen_in_initializer_inner", + ] + libs = [ "dl" ] +} + +crazy_linker_test_library( + "crazy_linker_tests_libzoo_dlopen_in_initializer_inner") { + sources = [ + "src/tests/zoo_with_dlopen_in_elf_initializer.cpp", + ] + defines = [ + "THIS_LIB_NAME=\"libzoo_dlopen_in_initializer_inner\"", + "LIB_NAME=\"libcrazy_linker_tests_libzoo.so\"", + ] + data_deps = [ + ":crazy_linker_tests_libzoo", + ] + libs = [ "dl" ] +} + # Integration tests are provided as standalone executables for now. executable("crazy_linker_bench_load_library") { @@ -331,6 +366,18 @@ executable("crazy_linker_test_dl_wrappers") { ] } +executable("crazy_linker_test_dl_wrappers_recursive") { + sources = [ + "src/tests/test_dl_wrappers_recursive.cpp", + ] + data_deps = [ + ":crazy_linker_tests_libzoo_dlopen_in_initializer", + ] + deps = [ + ":android_crazy_linker", + ] +} + executable("crazy_linker_test_dl_wrappers_with_system_handle") { sources = [ "src/tests/test_dl_wrappers_with_system_handle.cpp", diff --git a/chromium/third_party/angle/src/libANGLE/params.cpp b/chromium/third_party/angle/src/libANGLE/params.cpp index a3e52c7c84a..a77435c4a42 100644 --- a/chromium/third_party/angle/src/libANGLE/params.cpp +++ b/chromium/third_party/angle/src/libANGLE/params.cpp @@ -100,7 +100,7 @@ GLint DrawCallParams::firstVertex() const return mFirstVertex; } -GLsizei DrawCallParams::vertexCount() const +size_t DrawCallParams::vertexCount() const { ASSERT(!isDrawElements() || mIndexRange.valid()); return mVertexCount; @@ -179,7 +179,7 @@ Error DrawCallParams::ensureIndexRangeResolved(const Context *context) const const IndexRange &indexRange = mIndexRange.value(); mFirstVertex = mBaseVertex + static_cast<GLint>(indexRange.start); - mVertexCount = static_cast<GLsizei>(indexRange.vertexCount()); + mVertexCount = indexRange.vertexCount(); return NoError(); } diff --git a/chromium/third_party/angle/src/libANGLE/params.h b/chromium/third_party/angle/src/libANGLE/params.h index 05443206fdf..3fa023e540d 100644 --- a/chromium/third_party/angle/src/libANGLE/params.h +++ b/chromium/third_party/angle/src/libANGLE/params.h @@ -98,7 +98,7 @@ class DrawCallParams final : angle::NonCopyable // This value is the sum of 'baseVertex' and the first indexed vertex for DrawElements calls. GLint firstVertex() const; - GLsizei vertexCount() const; + size_t vertexCount() const; GLsizei indexCount() const; GLint baseVertex() const; GLenum type() const; @@ -113,6 +113,9 @@ class DrawCallParams final : angle::NonCopyable // ensureIndexRangeResolved must be called first. const IndexRange &getIndexRange() const; + template <typename T> + T getClampedVertexCount() const; + template <EntryPoint EP, typename... ArgsT> static void Factory(DrawCallParams *objBuffer, ArgsT... args); @@ -122,7 +125,7 @@ class DrawCallParams final : angle::NonCopyable GLenum mMode; mutable Optional<IndexRange> mIndexRange; mutable GLint mFirstVertex; - mutable GLsizei mVertexCount; + mutable size_t mVertexCount; GLint mIndexCount; GLint mBaseVertex; GLenum mType; @@ -131,6 +134,13 @@ class DrawCallParams final : angle::NonCopyable const void *mIndirect; }; +template <typename T> +T DrawCallParams::getClampedVertexCount() const +{ + constexpr size_t kMax = static_cast<size_t>(std::numeric_limits<T>::max()); + return static_cast<T>(mVertexCount > kMax ? kMax : mVertexCount); +} + // Entry point funcs essentially re-map different entry point parameter arrays into // the format the parameter type class expects. For example, for HasIndexRange, for the // various indexed draw calls, they drop parameters that aren't useful and re-arrange diff --git a/chromium/third_party/angle/src/libANGLE/renderer/d3d/BufferD3D.cpp b/chromium/third_party/angle/src/libANGLE/renderer/d3d/BufferD3D.cpp index 7769ab2b75e..3df7e4fcf86 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/d3d/BufferD3D.cpp +++ b/chromium/third_party/angle/src/libANGLE/renderer/d3d/BufferD3D.cpp @@ -160,10 +160,11 @@ void BufferD3D::invalidateStaticData(const gl::Context *context) } // Creates static buffers if sufficient used data has been left unmodified -void BufferD3D::promoteStaticUsage(const gl::Context *context, int dataSize) +void BufferD3D::promoteStaticUsage(const gl::Context *context, size_t dataSize) { if (mUsage == D3DBufferUsage::DYNAMIC) { + // Note: This is not a safe math operation. 'dataSize' can come from the app. mUnmodifiedDataUse += dataSize; if (mUnmodifiedDataUse > 3 * getSize()) diff --git a/chromium/third_party/angle/src/libANGLE/renderer/d3d/BufferD3D.h b/chromium/third_party/angle/src/libANGLE/renderer/d3d/BufferD3D.h index 60153748e68..2f0ff48e06c 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/d3d/BufferD3D.h +++ b/chromium/third_party/angle/src/libANGLE/renderer/d3d/BufferD3D.h @@ -55,7 +55,7 @@ class BufferD3D : public BufferImpl virtual void initializeStaticData(const gl::Context *context); virtual void invalidateStaticData(const gl::Context *context); - void promoteStaticUsage(const gl::Context *context, int dataSize); + void promoteStaticUsage(const gl::Context *context, size_t dataSize); gl::Error getIndexRange(const gl::Context *context, GLenum type, @@ -80,7 +80,7 @@ class BufferD3D : public BufferImpl StaticIndexBufferInterface *mStaticIndexBuffer; unsigned int mStaticBufferCacheTotalSize; unsigned int mStaticVertexBufferOutOfDate; - unsigned int mUnmodifiedDataUse; + size_t mUnmodifiedDataUse; D3DBufferUsage mUsage; }; diff --git a/chromium/third_party/angle/src/libANGLE/renderer/d3d/RendererD3D.h b/chromium/third_party/angle/src/libANGLE/renderer/d3d/RendererD3D.h index 8428bed09cd..9cf3a8ed6db 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/d3d/RendererD3D.h +++ b/chromium/third_party/angle/src/libANGLE/renderer/d3d/RendererD3D.h @@ -92,7 +92,7 @@ class BufferFactoryD3D : angle::NonCopyable virtual gl::ErrorOrResult<unsigned int> getVertexSpaceRequired( const gl::VertexAttribute &attrib, const gl::VertexBinding &binding, - GLsizei count, + size_t count, GLsizei instances) const = 0; }; diff --git a/chromium/third_party/angle/src/libANGLE/renderer/d3d/VertexBuffer.cpp b/chromium/third_party/angle/src/libANGLE/renderer/d3d/VertexBuffer.cpp index 7c2d5aec705..ce1bbfcce78 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/d3d/VertexBuffer.cpp +++ b/chromium/third_party/angle/src/libANGLE/renderer/d3d/VertexBuffer.cpp @@ -92,7 +92,7 @@ gl::Error VertexBufferInterface::setBufferSize(unsigned int size) gl::ErrorOrResult<unsigned int> VertexBufferInterface::getSpaceRequired( const gl::VertexAttribute &attrib, const gl::VertexBinding &binding, - GLsizei count, + size_t count, GLsizei instances) const { unsigned int spaceRequired = 0; @@ -155,7 +155,7 @@ gl::Error StreamingVertexBufferInterface::storeDynamicAttribute(const gl::Vertex const gl::VertexBinding &binding, GLenum currentValueType, GLint start, - GLsizei count, + size_t count, GLsizei instances, unsigned int *outStreamOffset, const uint8_t *sourceData) @@ -190,7 +190,7 @@ gl::Error StreamingVertexBufferInterface::storeDynamicAttribute(const gl::Vertex gl::Error StreamingVertexBufferInterface::reserveVertexSpace(const gl::VertexAttribute &attrib, const gl::VertexBinding &binding, - GLsizei count, + size_t count, GLsizei instances) { unsigned int requiredSpace = 0; diff --git a/chromium/third_party/angle/src/libANGLE/renderer/d3d/VertexBuffer.h b/chromium/third_party/angle/src/libANGLE/renderer/d3d/VertexBuffer.h index df8085d3cbd..63cdc2359f3 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/d3d/VertexBuffer.h +++ b/chromium/third_party/angle/src/libANGLE/renderer/d3d/VertexBuffer.h @@ -45,7 +45,7 @@ class VertexBuffer : angle::NonCopyable const gl::VertexBinding &binding, GLenum currentValueType, GLint start, - GLsizei count, + size_t count, GLsizei instances, unsigned int offset, const uint8_t *sourceData) = 0; @@ -93,7 +93,7 @@ class VertexBufferInterface : angle::NonCopyable gl::ErrorOrResult<unsigned int> getSpaceRequired(const gl::VertexAttribute &attrib, const gl::VertexBinding &binding, - GLsizei count, + size_t count, GLsizei instances) const; BufferFactoryD3D *const mFactory; VertexBuffer *mVertexBuffer; @@ -110,14 +110,14 @@ class StreamingVertexBufferInterface : public VertexBufferInterface const gl::VertexBinding &binding, GLenum currentValueType, GLint start, - GLsizei count, + size_t count, GLsizei instances, unsigned int *outStreamOffset, const uint8_t *sourceData); gl::Error reserveVertexSpace(const gl::VertexAttribute &attribute, const gl::VertexBinding &binding, - GLsizei count, + size_t count, GLsizei instances); private: diff --git a/chromium/third_party/angle/src/libANGLE/renderer/d3d/VertexDataManager.cpp b/chromium/third_party/angle/src/libANGLE/renderer/d3d/VertexDataManager.cpp index f20386bb14f..183c895b623 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/d3d/VertexDataManager.cpp +++ b/chromium/third_party/angle/src/libANGLE/renderer/d3d/VertexDataManager.cpp @@ -392,7 +392,7 @@ gl::Error VertexDataManager::storeDynamicAttribs( std::vector<TranslatedAttribute> *translatedAttribs, const gl::AttributesMask &dynamicAttribsMask, GLint start, - GLsizei count, + size_t count, GLsizei instances) { // Instantiating this class will ensure the streaming buffer is never left mapped. @@ -434,7 +434,7 @@ void VertexDataManager::PromoteDynamicAttribs( const gl::Context *context, const std::vector<TranslatedAttribute> &translatedAttribs, const gl::AttributesMask &dynamicAttribsMask, - GLsizei count) + size_t count) { for (auto attribIndex : dynamicAttribsMask) { @@ -445,16 +445,17 @@ void VertexDataManager::PromoteDynamicAttribs( gl::Buffer *buffer = binding.getBuffer().get(); if (buffer) { + // Note: this multiplication can overflow. It should not be a security problem. BufferD3D *bufferD3D = GetImplAs<BufferD3D>(buffer); size_t typeSize = ComputeVertexAttributeTypeSize(*dynamicAttrib.attribute); - bufferD3D->promoteStaticUsage(context, count * static_cast<int>(typeSize)); + bufferD3D->promoteStaticUsage(context, count * typeSize); } } } gl::Error VertexDataManager::reserveSpaceForAttrib(const TranslatedAttribute &translatedAttrib, GLint start, - GLsizei count, + size_t count, GLsizei instances) const { ASSERT(translatedAttrib.attribute && translatedAttrib.binding); @@ -467,8 +468,8 @@ gl::Error VertexDataManager::reserveSpaceForAttrib(const TranslatedAttribute &tr BufferD3D *bufferD3D = buffer ? GetImplAs<BufferD3D>(buffer) : nullptr; ASSERT(!bufferD3D || bufferD3D->getStaticVertexBuffer(attrib, binding) == nullptr); - size_t totalCount = gl::ComputeVertexBindingElementCount( - binding.getDivisor(), static_cast<size_t>(count), static_cast<size_t>(instances)); + size_t totalCount = gl::ComputeVertexBindingElementCount(binding.getDivisor(), count, + static_cast<size_t>(instances)); // TODO(jiajia.qin@intel.com): force the index buffer to clamp any out of range indices instead // of invalid operation here. if (bufferD3D) @@ -486,15 +487,14 @@ gl::Error VertexDataManager::reserveSpaceForAttrib(const TranslatedAttribute &tr return gl::InvalidOperation() << "Vertex buffer is not big enough for the draw call."; } } - return mStreamingBuffer->reserveVertexSpace(attrib, binding, static_cast<GLsizei>(totalCount), - instances); + return mStreamingBuffer->reserveVertexSpace(attrib, binding, totalCount, instances); } gl::Error VertexDataManager::storeDynamicAttrib(const gl::Context *context, TranslatedAttribute *translated, GLint start, - GLsizei count, - GLsizei instances) + size_t count, + GLsizei instances) const { ASSERT(translated->attribute && translated->binding); const auto &attrib = *translated->attribute; @@ -529,8 +529,8 @@ gl::Error VertexDataManager::storeDynamicAttrib(const gl::Context *context, translated->storage = nullptr; ANGLE_TRY_RESULT(mFactory->getVertexSpaceRequired(attrib, binding, 1, 0), translated->stride); - size_t totalCount = gl::ComputeVertexBindingElementCount( - binding.getDivisor(), static_cast<size_t>(count), static_cast<size_t>(instances)); + size_t totalCount = gl::ComputeVertexBindingElementCount(binding.getDivisor(), count, + static_cast<size_t>(instances)); ANGLE_TRY(mStreamingBuffer->storeDynamicAttribute( attrib, binding, translated->currentValueType, firstVertexIndex, diff --git a/chromium/third_party/angle/src/libANGLE/renderer/d3d/VertexDataManager.h b/chromium/third_party/angle/src/libANGLE/renderer/d3d/VertexDataManager.h index 694366deb70..2fb4fe6c468 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/d3d/VertexDataManager.h +++ b/chromium/third_party/angle/src/libANGLE/renderer/d3d/VertexDataManager.h @@ -105,14 +105,14 @@ class VertexDataManager : angle::NonCopyable std::vector<TranslatedAttribute> *translatedAttribs, const gl::AttributesMask &dynamicAttribsMask, GLint start, - GLsizei count, + size_t count, GLsizei instances); // Promote static usage of dynamic buffers. static void PromoteDynamicAttribs(const gl::Context *context, const std::vector<TranslatedAttribute> &translatedAttribs, const gl::AttributesMask &dynamicAttribsMask, - GLsizei count); + size_t count); gl::Error storeCurrentValue(const gl::VertexAttribCurrentValueData ¤tValue, TranslatedAttribute *translated, @@ -130,15 +130,15 @@ class VertexDataManager : angle::NonCopyable }; gl::Error reserveSpaceForAttrib(const TranslatedAttribute &translatedAttrib, - GLsizei count, GLint start, + size_t count, GLsizei instances) const; gl::Error storeDynamicAttrib(const gl::Context *context, TranslatedAttribute *translated, GLint start, - GLsizei count, - GLsizei instances); + size_t count, + GLsizei instances) const; BufferFactoryD3D *const mFactory; diff --git a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/InputLayoutCache.cpp b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/InputLayoutCache.cpp index 8dd5ad87ab8..f8f8865d087 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/InputLayoutCache.cpp +++ b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/InputLayoutCache.cpp @@ -246,11 +246,12 @@ gl::Error InputLayoutCache::createInputLayout( // As per the spec for ANGLE_instanced_arrays, not all attributes can be instanced // simultaneously, so a non-instanced element must exist. - GLsizei numIndicesPerInstance = 0; + UINT numIndicesPerInstance = 0; if (drawCallParams.instances() > 0) { // This requires that the index range is resolved. - numIndicesPerInstance = drawCallParams.vertexCount(); + // Note: Vertex indexes can be arbitrarily large. + numIndicesPerInstance = drawCallParams.getClampedVertexCount<UINT>(); } for (size_t elementIndex = 0; elementIndex < inputElementCount; ++elementIndex) diff --git a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/Renderer11.cpp b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/Renderer11.cpp index 0af996327c2..cd11543216a 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/Renderer11.cpp +++ b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/Renderer11.cpp @@ -1400,7 +1400,7 @@ void *Renderer11::getD3DDevice() gl::Error Renderer11::drawArrays(const gl::Context *context, const gl::DrawCallParams ¶ms) { - if (params.vertexCount() < mStateManager.getCurrentMinimumDrawCount()) + if (params.vertexCount() < static_cast<size_t>(mStateManager.getCurrentMinimumDrawCount())) { return gl::NoError(); } @@ -1416,6 +1416,9 @@ gl::Error Renderer11::drawArrays(const gl::Context *context, const gl::DrawCallP GLsizei adjustedInstanceCount = GetAdjustedInstanceCount(program, params.instances()); ProgramD3D *programD3D = GetImplAs<ProgramD3D>(program); + // Note: vertex indexes can be arbitrarily large. + UINT clampedVertexCount = params.getClampedVertexCount<UINT>(); + if (programD3D->usesGeometryShader(params.mode()) && glState.isTransformFeedbackActiveUnpaused()) { @@ -1427,11 +1430,11 @@ gl::Error Renderer11::drawArrays(const gl::Context *context, const gl::DrawCallP if (adjustedInstanceCount > 0) { - mDeviceContext->DrawInstanced(params.vertexCount(), adjustedInstanceCount, 0, 0); + mDeviceContext->DrawInstanced(clampedVertexCount, adjustedInstanceCount, 0, 0); } else { - mDeviceContext->Draw(params.vertexCount(), 0); + mDeviceContext->Draw(clampedVertexCount, 0); } rx::ShaderExecutableD3D *pixelExe = nullptr; @@ -1455,24 +1458,24 @@ gl::Error Renderer11::drawArrays(const gl::Context *context, const gl::DrawCallP if (adjustedInstanceCount > 0) { - mDeviceContext->DrawInstanced(params.vertexCount(), adjustedInstanceCount, 0, 0); + mDeviceContext->DrawInstanced(clampedVertexCount, adjustedInstanceCount, 0, 0); } else { - mDeviceContext->Draw(params.vertexCount(), 0); + mDeviceContext->Draw(clampedVertexCount, 0); } return gl::NoError(); } if (params.mode() == GL_LINE_LOOP) { - return drawLineLoop(context, params.vertexCount(), GL_NONE, nullptr, 0, + return drawLineLoop(context, clampedVertexCount, GL_NONE, nullptr, 0, adjustedInstanceCount); } if (params.mode() == GL_TRIANGLE_FAN) { - return drawTriangleFan(context, params.vertexCount(), GL_NONE, nullptr, 0, + return drawTriangleFan(context, clampedVertexCount, GL_NONE, nullptr, 0, adjustedInstanceCount); } @@ -1483,11 +1486,11 @@ gl::Error Renderer11::drawArrays(const gl::Context *context, const gl::DrawCallP { if (adjustedInstanceCount == 0) { - mDeviceContext->Draw(params.vertexCount(), 0); + mDeviceContext->Draw(clampedVertexCount, 0); } else { - mDeviceContext->DrawInstanced(params.vertexCount(), adjustedInstanceCount, 0, 0); + mDeviceContext->DrawInstanced(clampedVertexCount, adjustedInstanceCount, 0, 0); } return gl::NoError(); } @@ -1500,7 +1503,7 @@ gl::Error Renderer11::drawArrays(const gl::Context *context, const gl::DrawCallP // D3D_PRIMITIVE_TOPOLOGY_TRIANGLELIST and DrawIndexedInstanced is called instead. if (adjustedInstanceCount == 0) { - mDeviceContext->DrawIndexedInstanced(6, params.vertexCount(), 0, 0, 0); + mDeviceContext->DrawIndexedInstanced(6, clampedVertexCount, 0, 0, 0); return gl::NoError(); } @@ -1513,7 +1516,7 @@ gl::Error Renderer11::drawArrays(const gl::Context *context, const gl::DrawCallP { ANGLE_TRY( mStateManager.updateVertexOffsetsForPointSpritesEmulation(params.baseVertex(), i)); - mDeviceContext->DrawIndexedInstanced(6, params.vertexCount(), 0, 0, 0); + mDeviceContext->DrawIndexedInstanced(6, clampedVertexCount, 0, 0, 0); } // This required by updateVertexOffsets... above but is outside of the loop for speed. @@ -1592,13 +1595,13 @@ gl::Error Renderer11::drawElements(const gl::Context *context, const gl::DrawCal // efficent code path. Instanced rendering of emulated pointsprites requires a loop to draw each // batch of points. An offset into the instanced data buffer is calculated and applied on each // iteration to ensure all instances are rendered correctly. - GLsizei elementsToRender = params.vertexCount(); + UINT clampedVertexCount = params.getClampedVertexCount<UINT>(); // Each instance being rendered requires the inputlayout cache to reapply buffers and offsets. for (GLsizei i = 0; i < params.instances(); i++) { ANGLE_TRY(mStateManager.updateVertexOffsetsForPointSpritesEmulation(startVertex, i)); - mDeviceContext->DrawIndexedInstanced(6, elementsToRender, 0, 0, 0); + mDeviceContext->DrawIndexedInstanced(6, clampedVertexCount, 0, 0, 0); } mStateManager.invalidateVertexBuffer(); return gl::NoError(); @@ -1650,7 +1653,7 @@ gl::Error Renderer11::drawElementsIndirect(const gl::Context *context, } gl::Error Renderer11::drawLineLoop(const gl::Context *context, - GLsizei count, + GLuint count, GLenum type, const void *indexPointer, int baseVertex, @@ -1687,8 +1690,6 @@ gl::Error Renderer11::drawLineLoop(const gl::Context *context, } // Checked by Renderer11::applyPrimitiveType - ASSERT(count >= 0); - if (static_cast<unsigned int>(count) + 1 > (std::numeric_limits<unsigned int>::max() / sizeof(unsigned int))) { @@ -1734,7 +1735,7 @@ gl::Error Renderer11::drawLineLoop(const gl::Context *context, } gl::Error Renderer11::drawTriangleFan(const gl::Context *context, - GLsizei count, + GLuint count, GLenum type, const void *indices, int baseVertex, @@ -3598,7 +3599,7 @@ GLenum Renderer11::getVertexComponentType(gl::VertexFormatType vertexFormatType) gl::ErrorOrResult<unsigned int> Renderer11::getVertexSpaceRequired( const gl::VertexAttribute &attrib, const gl::VertexBinding &binding, - GLsizei count, + size_t count, GLsizei instances) const { if (!attrib.enabled) @@ -3610,7 +3611,8 @@ gl::ErrorOrResult<unsigned int> Renderer11::getVertexSpaceRequired( const unsigned int divisor = binding.getDivisor(); if (instances == 0 || divisor == 0) { - elementCount = count; + // This could be a clipped cast. + elementCount = gl::clampCast<unsigned int>(count); } else { diff --git a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/Renderer11.h b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/Renderer11.h index d1b8bfd13fb..48623ce17b5 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/Renderer11.h +++ b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/Renderer11.h @@ -343,7 +343,7 @@ class Renderer11 : public RendererD3D // function. gl::ErrorOrResult<unsigned int> getVertexSpaceRequired(const gl::VertexAttribute &attrib, const gl::VertexBinding &binding, - GLsizei count, + size_t count, GLsizei instances) const override; gl::Error readFromAttachment(const gl::Context *context, @@ -461,13 +461,13 @@ class Renderer11 : public RendererD3D angle::WorkaroundsD3D generateWorkarounds() const override; gl::Error drawLineLoop(const gl::Context *context, - GLsizei count, + GLuint count, GLenum type, const void *indices, int baseVertex, int instances); gl::Error drawTriangleFan(const gl::Context *context, - GLsizei count, + GLuint count, GLenum type, const void *indices, int baseVertex, diff --git a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/VertexBuffer11.cpp b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/VertexBuffer11.cpp index 69e598784cb..3649cbe1f28 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/VertexBuffer11.cpp +++ b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/VertexBuffer11.cpp @@ -96,7 +96,7 @@ gl::Error VertexBuffer11::storeVertexAttributes(const gl::VertexAttribute &attri const gl::VertexBinding &binding, GLenum currentValueType, GLint start, - GLsizei count, + size_t count, GLsizei instances, unsigned int offset, const uint8_t *sourceData) diff --git a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/VertexBuffer11.h b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/VertexBuffer11.h index ab619ae5030..7778c31dcd7 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/VertexBuffer11.h +++ b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/VertexBuffer11.h @@ -31,7 +31,7 @@ class VertexBuffer11 : public VertexBuffer const gl::VertexBinding &binding, GLenum currentValueType, GLint start, - GLsizei count, + size_t count, GLsizei instances, unsigned int offset, const uint8_t *sourceData) override; diff --git a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d9/Renderer9.cpp b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d9/Renderer9.cpp index 01341fec67e..c2b83d1f1d8 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d9/Renderer9.cpp +++ b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d9/Renderer9.cpp @@ -2998,7 +2998,7 @@ GLenum Renderer9::getVertexComponentType(gl::VertexFormatType vertexFormatType) gl::ErrorOrResult<unsigned int> Renderer9::getVertexSpaceRequired(const gl::VertexAttribute &attrib, const gl::VertexBinding &binding, - GLsizei count, + size_t count, GLsizei instances) const { if (!attrib.enabled) diff --git a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d9/Renderer9.h b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d9/Renderer9.h index 239bfd0800b..0d5f450da19 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d9/Renderer9.h +++ b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d9/Renderer9.h @@ -346,7 +346,7 @@ class Renderer9 : public RendererD3D // function. gl::ErrorOrResult<unsigned int> getVertexSpaceRequired(const gl::VertexAttribute &attrib, const gl::VertexBinding &binding, - GLsizei count, + size_t count, GLsizei instances) const override; gl::Error copyToRenderTarget(IDirect3DSurface9 *dest, diff --git a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d9/VertexBuffer9.cpp b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d9/VertexBuffer9.cpp index c0b80a847c3..51af37aae86 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d9/VertexBuffer9.cpp +++ b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d9/VertexBuffer9.cpp @@ -61,7 +61,7 @@ gl::Error VertexBuffer9::storeVertexAttributes(const gl::VertexAttribute &attrib const gl::VertexBinding &binding, GLenum currentValueType, GLint start, - GLsizei count, + size_t count, GLsizei instances, unsigned int offset, const uint8_t *sourceData) @@ -71,8 +71,8 @@ gl::Error VertexBuffer9::storeVertexAttributes(const gl::VertexAttribute &attrib return gl::OutOfMemory() << "Internal vertex buffer is not initialized."; } - int inputStride = static_cast<int>(gl::ComputeVertexAttributeStride(attrib, binding)); - int elementSize = static_cast<int>(gl::ComputeVertexAttributeTypeSize(attrib)); + size_t inputStride = gl::ComputeVertexAttributeStride(attrib, binding); + size_t elementSize = gl::ComputeVertexAttributeTypeSize(attrib); DWORD lockFlags = mDynamicUsage ? D3DLOCK_NOOVERWRITE : 0; @@ -105,7 +105,7 @@ gl::Error VertexBuffer9::storeVertexAttributes(const gl::VertexAttribute &attrib if (!needsConversion && inputStride == elementSize) { - size_t copySize = static_cast<size_t>(count) * static_cast<size_t>(inputStride); + size_t copySize = count * inputStride; memcpy(mapPtr, input, copySize); } else diff --git a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d9/VertexBuffer9.h b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d9/VertexBuffer9.h index 983616f4e40..90defb31709 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d9/VertexBuffer9.h +++ b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d9/VertexBuffer9.h @@ -28,7 +28,7 @@ class VertexBuffer9 : public VertexBuffer const gl::VertexBinding &binding, GLenum currentValueType, GLint start, - GLsizei count, + size_t count, GLsizei instances, unsigned int offset, const uint8_t *sourceData) override; diff --git a/chromium/third_party/angle/src/libANGLE/renderer/vulkan/VertexArrayVk.cpp b/chromium/third_party/angle/src/libANGLE/renderer/vulkan/VertexArrayVk.cpp index aa573fea3e3..9e6da43d370 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/vulkan/VertexArrayVk.cpp +++ b/chromium/third_party/angle/src/libANGLE/renderer/vulkan/VertexArrayVk.cpp @@ -343,15 +343,17 @@ gl::Error VertexArrayVk::drawArrays(const gl::Context *context, ANGLE_TRY(onDraw(context, renderer, drawCallParams, drawNode, newCommandBuffer)); + // Note: Vertex indexes can be arbitrarily large. + uint32_t clampedVertexCount = drawCallParams.getClampedVertexCount<uint32_t>(); + if (drawCallParams.mode() != GL_LINE_LOOP) { - commandBuffer->draw(drawCallParams.vertexCount(), 1, drawCallParams.firstVertex(), 0); + commandBuffer->draw(clampedVertexCount, 1, drawCallParams.firstVertex(), 0); return gl::NoError(); } // Handle GL_LINE_LOOP drawArrays. - // This test may be incorrect if the draw call switches from DrawArrays/DrawElements. - int lastVertex = drawCallParams.firstVertex() + drawCallParams.vertexCount(); + size_t lastVertex = static_cast<size_t>(drawCallParams.firstVertex() + clampedVertexCount); if (!mLineLoopBufferFirstIndex.valid() || !mLineLoopBufferLastIndex.valid() || mLineLoopBufferFirstIndex != drawCallParams.firstVertex() || mLineLoopBufferLastIndex != lastVertex) @@ -367,7 +369,7 @@ gl::Error VertexArrayVk::drawArrays(const gl::Context *context, commandBuffer->bindIndexBuffer(mCurrentElementArrayBufferHandle, mCurrentElementArrayBufferOffset, VK_INDEX_TYPE_UINT32); - vk::LineLoopHelper::Draw(drawCallParams.vertexCount(), commandBuffer); + vk::LineLoopHelper::Draw(clampedVertexCount, commandBuffer); return gl::NoError(); } diff --git a/chromium/third_party/angle/src/libANGLE/renderer/vulkan/VertexArrayVk.h b/chromium/third_party/angle/src/libANGLE/renderer/vulkan/VertexArrayVk.h index fe26f730aa8..92a89a74013 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/vulkan/VertexArrayVk.h +++ b/chromium/third_party/angle/src/libANGLE/renderer/vulkan/VertexArrayVk.h @@ -120,8 +120,8 @@ class VertexArrayVk : public VertexArrayImpl vk::DynamicBuffer mDynamicIndexData; vk::LineLoopHelper mLineLoopHelper; - Optional<int> mLineLoopBufferFirstIndex; - Optional<int> mLineLoopBufferLastIndex; + Optional<GLint> mLineLoopBufferFirstIndex; + Optional<size_t> mLineLoopBufferLastIndex; bool mDirtyLineLoopTranslation; // Cache variable for determining whether or not to store new dependencies in the node. diff --git a/chromium/third_party/angle/src/libANGLE/renderer/vulkan/vk_helpers.cpp b/chromium/third_party/angle/src/libANGLE/renderer/vulkan/vk_helpers.cpp index 98774fdf1f0..a7ed151dc64 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/vulkan/vk_helpers.cpp +++ b/chromium/third_party/angle/src/libANGLE/renderer/vulkan/vk_helpers.cpp @@ -321,8 +321,11 @@ gl::Error LineLoopHelper::getIndexBufferForDrawArrays(RendererVk *renderer, &offset, nullptr)); *offsetOut = static_cast<VkDeviceSize>(offset); + uint32_t clampedVertexCount = drawCallParams.getClampedVertexCount<uint32_t>(); + + // Note: there could be an overflow in this addition. uint32_t unsignedFirstVertex = static_cast<uint32_t>(drawCallParams.firstVertex()); - uint32_t vertexCount = (drawCallParams.vertexCount() + unsignedFirstVertex); + uint32_t vertexCount = (clampedVertexCount + unsignedFirstVertex); for (uint32_t vertexIndex = unsignedFirstVertex; vertexIndex < vertexCount; vertexIndex++) { *indices++ = vertexIndex; @@ -378,9 +381,10 @@ void LineLoopHelper::destroy(VkDevice device) } // static -void LineLoopHelper::Draw(int count, CommandBuffer *commandBuffer) +void LineLoopHelper::Draw(uint32_t count, CommandBuffer *commandBuffer) { // Our first index is always 0 because that's how we set it up in createIndexBuffer*. + // Note: this could theoretically overflow and wrap to zero. commandBuffer->drawIndexed(count + 1, 1, 0, 0, 0); } diff --git a/chromium/third_party/angle/src/libANGLE/renderer/vulkan/vk_helpers.h b/chromium/third_party/angle/src/libANGLE/renderer/vulkan/vk_helpers.h index 237c85c729c..dfdfe2efed1 100644 --- a/chromium/third_party/angle/src/libANGLE/renderer/vulkan/vk_helpers.h +++ b/chromium/third_party/angle/src/libANGLE/renderer/vulkan/vk_helpers.h @@ -130,7 +130,7 @@ class LineLoopHelper final : public vk::CommandGraphResource VkDeviceSize *bufferOffsetOut); void destroy(VkDevice device); - static void Draw(int count, CommandBuffer *commandBuffer); + static void Draw(uint32_t count, CommandBuffer *commandBuffer); private: DynamicBuffer mDynamicIndexBuffer; diff --git a/chromium/third_party/blink/renderer/core/dom/element.cc b/chromium/third_party/blink/renderer/core/dom/element.cc index 5a859613afe..b05407eccad 100644 --- a/chromium/third_party/blink/renderer/core/dom/element.cc +++ b/chromium/third_party/blink/renderer/core/dom/element.cc @@ -3049,7 +3049,7 @@ void Element::focus(const FocusParams& params) { ToHTMLFrameOwnerElement(this)->contentDocument()->UnloadStarted()) return; - GetDocument().UpdateStyleAndLayoutTreeForNode(this); + GetDocument().UpdateStyleAndLayoutTreeIgnorePendingStylesheets(); if (!IsFocusable()) return; diff --git a/chromium/third_party/blink/renderer/core/editing/finder/text_finder.cc b/chromium/third_party/blink/renderer/core/editing/finder/text_finder.cc index ac3287f5cf5..694df1d5d5a 100644 --- a/chromium/third_party/blink/renderer/core/editing/finder/text_finder.cc +++ b/chromium/third_party/blink/renderer/core/editing/finder/text_finder.cc @@ -664,16 +664,6 @@ void TextFinder::UpdateFindMatchRects() { find_matches_cache_.swap(filtered_matches); } - // Invalidate the rects in child frames. Will be updated later during - // traversal. - if (!find_match_rects_are_valid_) { - for (WebFrame* child = OwnerFrame().FirstChild(); child; - child = child->NextSibling()) { - ToWebLocalFrameImpl(child) - ->EnsureTextFinder() - .find_match_rects_are_valid_ = false; - } - } find_match_rects_are_valid_ = true; } diff --git a/chromium/third_party/blink/renderer/core/editing/finder/text_finder.h b/chromium/third_party/blink/renderer/core/editing/finder/text_finder.h index 1e5b0b387b1..94ffca35037 100644 --- a/chromium/third_party/blink/renderer/core/editing/finder/text_finder.h +++ b/chromium/third_party/blink/renderer/core/editing/finder/text_finder.h @@ -152,8 +152,7 @@ class CORE_EXPORT TextFinder final int SelectFindMatch(unsigned index, WebRect* selection_rect); // Compute and cache the rects for FindMatches if required. - // Rects are automatically invalidated in case of content size changes, - // propagating the invalidation to child frames. + // Rects are automatically invalidated in case of content size changes. void UpdateFindMatchRects(); // Sets the markers within a range as active or inactive. Returns true if at diff --git a/chromium/third_party/blink/renderer/core/exported/web_frame_serializer.cc b/chromium/third_party/blink/renderer/core/exported/web_frame_serializer.cc index d0bbb337136..e52697467e6 100644 --- a/chromium/third_party/blink/renderer/core/exported/web_frame_serializer.cc +++ b/chromium/third_party/blink/renderer/core/exported/web_frame_serializer.cc @@ -283,10 +283,15 @@ bool MHTMLFrameSerializerDelegate::RewriteLink(const Element& element, } if (IsHTMLObjectElement(&element)) { + // If the <object> doesn't contain an image or a html document, then + // it won't be serialized by FrameSerializer::SerializeFrame. If we can + // detect this case (possible only for local frames), then preserve the + // original URI of the <object>, rather than rewriting it to a Content-ID. Document* doc = frame_owner_element->contentDocument(); - bool is_handled_by_serializer = doc->IsHTMLDocument() || - doc->IsXHTMLDocument() || - doc->IsImageDocument(); + bool is_handled_by_serializer = + !doc || // Remote frame - can't tell if this is HTML or an image. + doc->IsHTMLDocument() || doc->IsXHTMLDocument() || + doc->IsImageDocument(); if (is_handled_by_serializer) { rewritten_link = cid_uri.GetString(); return true; diff --git a/chromium/third_party/blink/renderer/core/exported/web_view_impl.cc b/chromium/third_party/blink/renderer/core/exported/web_view_impl.cc index e46c83b1b6b..580b48c703e 100644 --- a/chromium/third_party/blink/renderer/core/exported/web_view_impl.cc +++ b/chromium/third_party/blink/renderer/core/exported/web_view_impl.cc @@ -3114,6 +3114,12 @@ WebHitTestResult WebViewImpl::HitTestResultAt(const WebPoint& point) { HitTestResult WebViewImpl::CoreHitTestResultAt( const WebPoint& point_in_viewport) { + // TODO(crbug.com/843128): When we do async hit-testing, we might try to do + // hit-testing when the local main frame is not valid anymore. Look into if we + // can avoid getting here earlier in the pipeline. + if (!MainFrameImpl() || !MainFrameImpl()->GetFrameView()) + return HitTestResult(); + DocumentLifecycle::AllowThrottlingScope throttling_scope( MainFrameImpl()->GetFrame()->GetDocument()->Lifecycle()); LocalFrameView* view = MainFrameImpl()->GetFrameView(); diff --git a/chromium/third_party/blink/renderer/core/fetch/readable_stream_bytes_consumer.cc b/chromium/third_party/blink/renderer/core/fetch/readable_stream_bytes_consumer.cc index abf67b31626..6b755eb52f9 100644 --- a/chromium/third_party/blink/renderer/core/fetch/readable_stream_bytes_consumer.cc +++ b/chromium/third_party/blink/renderer/core/fetch/readable_stream_bytes_consumer.cc @@ -33,10 +33,17 @@ class ReadableStreamBytesConsumer::OnFulfilled final : public ScriptFunction { ScriptValue Call(ScriptValue v) override { bool done; v8::Local<v8::Value> item = v.V8Value(); - DCHECK(item->IsObject()); - v8::Local<v8::Value> value = - V8UnpackIteratorResult(v.GetScriptState(), item.As<v8::Object>(), &done) - .ToLocalChecked(); + if (!item->IsObject()) { + consumer_->OnRejected(); + return ScriptValue(); + } + v8::Local<v8::Value> value; + if (!V8UnpackIteratorResult(v.GetScriptState(), item.As<v8::Object>(), + &done) + .ToLocal(&value)) { + consumer_->OnRejected(); + return ScriptValue(); + } if (done) { consumer_->OnReadDone(); return v; diff --git a/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.cc b/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.cc index 986c1e88229..ff48e96fb95 100644 --- a/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.cc +++ b/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.cc @@ -1840,6 +1840,10 @@ bool ContentSecurityPolicy::ShouldBypassContentSecurityPolicy( // static bool ContentSecurityPolicy::IsValidCSPAttr(const String& attr, const String& context_required_csp) { + // we don't allow any newline characters in the CSP attributes + if (attr.Contains('\n') || attr.Contains('\r')) + return false; + ContentSecurityPolicy* attr_policy = ContentSecurityPolicy::Create(); attr_policy->AddPolicyFromHeaderValue(attr, kContentSecurityPolicyHeaderTypeEnforce, diff --git a/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy_test.cc b/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy_test.cc index 6dcd9750bb4..89621075563 100644 --- a/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy_test.cc +++ b/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy_test.cc @@ -1347,6 +1347,34 @@ TEST_F(ContentSecurityPolicyTest, IsValidCSPAttrTest) { "report-to relative-path/reporting;" "base-uri http://example.com 'self'", "")); + + // CRLF should not be allowed + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "base-uri\nhttp://example.com", "")); + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "base-uri http://example.com\nhttp://example2.com", "")); + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "base\n-uri http://example.com", "")); + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "\nbase-uri http://example.com", "")); + + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "base-uri\r\nhttp://example.com", "")); + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "base-uri http://example.com\r\nhttp://example2.com", "")); + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "base\r\n-uri http://example.com", "")); + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "\r\nbase-uri http://example.com", "")); + + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "base-uri\rhttp://example.com", "")); + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "base-uri http://example.com\rhttp://example2.com", "")); + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "base\r-uri http://example.com", "")); + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "\rbase-uri http://example.com", "")); } } // namespace blink diff --git a/chromium/third_party/blink/renderer/core/frame/mhtml_archive_test.cc b/chromium/third_party/blink/renderer/core/frame/mhtml_archive_test.cc index 06a75fb529a..e0f0164aa73 100644 --- a/chromium/third_party/blink/renderer/core/frame/mhtml_archive_test.cc +++ b/chromium/third_party/blink/renderer/core/frame/mhtml_archive_test.cc @@ -372,6 +372,15 @@ TEST_F(MHTMLArchiveTest, MHTMLDate) { EXPECT_EQ(mhtml_date(), archive->Date()); } +TEST_F(MHTMLArchiveTest, EmptyArchive) { + char* buf = nullptr; + scoped_refptr<SharedBuffer> data = + SharedBuffer::Create(buf, static_cast<size_t>(0u)); + KURL http_url = ToKURL("http://www.example.com"); + MHTMLArchive* archive = MHTMLArchive::Create(http_url, data.get()); + EXPECT_EQ(nullptr, archive); +} + } // namespace test } // namespace blink diff --git a/chromium/third_party/blink/renderer/core/frame/remote_frame_view.cc b/chromium/third_party/blink/renderer/core/frame/remote_frame_view.cc index ff642e20916..c6f04e352eb 100644 --- a/chromium/third_party/blink/renderer/core/frame/remote_frame_view.cc +++ b/chromium/third_party/blink/renderer/core/frame/remote_frame_view.cc @@ -67,6 +67,8 @@ void RemoteFrameView::UpdateViewportIntersectionsForSubtree( DocumentLifecycle::LifecycleState target_state) { if (!remote_frame_->OwnerLayoutObject()) return; + if (target_state < DocumentLifecycle::kPaintClean) + return; LocalFrameView* local_root_view = ToLocalFrame(remote_frame_->Tree().Parent())->LocalFrameRoot().View(); diff --git a/chromium/third_party/blink/renderer/core/frame/web_frame_widget_impl.cc b/chromium/third_party/blink/renderer/core/frame/web_frame_widget_impl.cc index 1ea89451aef..37c0bc8b2da 100644 --- a/chromium/third_party/blink/renderer/core/frame/web_frame_widget_impl.cc +++ b/chromium/third_party/blink/renderer/core/frame/web_frame_widget_impl.cc @@ -213,7 +213,12 @@ void WebFrameWidgetImpl::Resize(const WebSize& new_size) { // FIXME: Investigate whether this is needed; comment from eseidel suggests // that this function is flawed. - SendResizeEventAndRepaint(); + // TODO(kenrb): It would probably make more sense to check whether lifecycle + // updates are throttled in the root's LocalFrameView, but for OOPIFs that + // doesn't happen. Need to investigate if OOPIFs can be throttled during + // load. + if (local_root_->GetFrame()->GetDocument()->IsLoadCompleted()) + SendResizeEventAndRepaint(); } void WebFrameWidgetImpl::SendResizeEventAndRepaint() { diff --git a/chromium/third_party/blink/renderer/core/layout/hit_test_result.h b/chromium/third_party/blink/renderer/core/layout/hit_test_result.h index 25bc15c2639..dd9f3b33e3d 100644 --- a/chromium/third_party/blink/renderer/core/layout/hit_test_result.h +++ b/chromium/third_party/blink/renderer/core/layout/hit_test_result.h @@ -115,6 +115,9 @@ class CORE_EXPORT HitTestResult { const LayoutPoint& PointInInnerNodeFrame() const { return point_in_inner_node_frame_; } + void SetPointInInnerNodeFrame(const LayoutPoint& point) { + point_in_inner_node_frame_ = point; + } IntPoint RoundedPointInInnerNodeFrame() const { return RoundedIntPoint(PointInInnerNodeFrame()); } diff --git a/chromium/third_party/blink/renderer/core/layout/layout_box.cc b/chromium/third_party/blink/renderer/core/layout/layout_box.cc index c3096753b6b..4f724b59448 100644 --- a/chromium/third_party/blink/renderer/core/layout/layout_box.cc +++ b/chromium/third_party/blink/renderer/core/layout/layout_box.cc @@ -2555,8 +2555,9 @@ bool LayoutBox::MapToVisualRectInAncestorSpaceInternal( if (container->IsLayoutView()) { bool use_fixed_position_adjustment = - !RuntimeEnabledFeatures::RootLayerScrollingEnabled() && - position == EPosition::kFixed; + position == EPosition::kFixed && + (!RuntimeEnabledFeatures::RootLayerScrollingEnabled() || + container == ancestor); return ToLayoutView(container)->MapToVisualRectInAncestorSpaceInternal( ancestor, transform_state, use_fixed_position_adjustment ? kIsFixed : 0, visual_rect_flags); diff --git a/chromium/third_party/blink/renderer/core/layout/layout_object.cc b/chromium/third_party/blink/renderer/core/layout/layout_object.cc index dd12052f439..a35feb73599 100644 --- a/chromium/third_party/blink/renderer/core/layout/layout_object.cc +++ b/chromium/third_party/blink/renderer/core/layout/layout_object.cc @@ -2600,14 +2600,6 @@ void LayoutObject::GetTransformFromContainer( if (layer && layer->Transform()) transform.Multiply(layer->CurrentTransform()); - GetTransformFromContainerInternal(container_object, offset_in_container, - transform); -} - -void LayoutObject::GetTransformFromContainerInternal( - const LayoutObject* container_object, - const LayoutSize& offset_in_container, - TransformationMatrix& transform) const { transform.PostTranslate(offset_in_container.Width().ToFloat(), offset_in_container.Height().ToFloat()); diff --git a/chromium/third_party/blink/renderer/core/layout/layout_object.h b/chromium/third_party/blink/renderer/core/layout/layout_object.h index 972fa10c583..d31d5a8515e 100644 --- a/chromium/third_party/blink/renderer/core/layout/layout_object.h +++ b/chromium/third_party/blink/renderer/core/layout/layout_object.h @@ -1625,11 +1625,10 @@ class CORE_EXPORT LayoutObject : public ImageResourceObserver, const LayoutBoxModelObject* ancestor_to_stop_at, LayoutGeometryMap&) const; - virtual bool ShouldUseTransformFromContainer( - const LayoutObject* container) const; - virtual void GetTransformFromContainer(const LayoutObject* container, - const LayoutSize& offset_in_container, - TransformationMatrix&) const; + bool ShouldUseTransformFromContainer(const LayoutObject* container) const; + void GetTransformFromContainer(const LayoutObject* container, + const LayoutSize& offset_in_container, + TransformationMatrix&) const; bool CreatesGroup() const { return IsTransparent() || HasMask() || HasClipPath() || @@ -2058,10 +2057,6 @@ class CORE_EXPORT LayoutObject : public ImageResourceObserver, // changes at all). virtual bool AnonymousHasStylePropagationOverride() { return false; } - void GetTransformFromContainerInternal(const LayoutObject* container, - const LayoutSize& offset_in_container, - TransformationMatrix&) const; - // A fast path for MapToVisualRectInAncestorSpace for when GeometryMapper // can be used. bool MapToVisualRectInAncestorSpaceInternalFastPath( diff --git a/chromium/third_party/blink/renderer/core/layout/layout_view.cc b/chromium/third_party/blink/renderer/core/layout/layout_view.cc index 643fedfe0f5..1ce91caf717 100644 --- a/chromium/third_party/blink/renderer/core/layout/layout_view.cc +++ b/chromium/third_party/blink/renderer/core/layout/layout_view.cc @@ -440,13 +440,6 @@ void LayoutView::MapAncestorToLocal(const LayoutBoxModelObject* ancestor, transform_state.Move(OffsetForFixedPosition()); } -bool LayoutView::ShouldClipOverflow() const { - bool is_main_frame = GetFrameView()->GetFrame().IsMainFrame(); - if (is_main_frame && !GetDocument().GetSettings()->GetMainFrameClipsContent()) - return false; - return LayoutBox::ShouldClipOverflow(); -} - void LayoutView::ComputeSelfHitTestRects(Vector<LayoutRect>& rects, const LayoutPoint&) const { // Record the entire size of the contents of the frame. Note that we don't diff --git a/chromium/third_party/blink/renderer/core/layout/layout_view.h b/chromium/third_party/blink/renderer/core/layout/layout_view.h index ebd4d7fae7f..e6bbcdc0460 100644 --- a/chromium/third_party/blink/renderer/core/layout/layout_view.h +++ b/chromium/third_party/blink/renderer/core/layout/layout_view.h @@ -263,7 +263,6 @@ class CORE_EXPORT LayoutView final : public LayoutBlockFlow { void MapAncestorToLocal(const LayoutBoxModelObject*, TransformState&, MapCoordinatesFlags) const override; - bool ShouldClipOverflow() const final; void ComputeSelfHitTestRects(Vector<LayoutRect>&, const LayoutPoint& layer_offset) const override; diff --git a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_container.cc b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_container.cc index 8b27cbe5ea5..fa11a5a8020 100644 --- a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_container.cc +++ b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_container.cc @@ -25,7 +25,6 @@ #include "third_party/blink/renderer/core/layout/hit_test_result.h" #include "third_party/blink/renderer/core/layout/layout_analyzer.h" -#include "third_party/blink/renderer/core/layout/layout_box_model_object.h" #include "third_party/blink/renderer/core/layout/svg/svg_layout_support.h" #include "third_party/blink/renderer/core/layout/svg/svg_resources.h" #include "third_party/blink/renderer/core/layout/svg/svg_resources_cache.h" @@ -192,9 +191,6 @@ bool LayoutSVGContainer::NodeAtFloatPoint(HitTestResult& result, for (LayoutObject* child = LastChild(); child; child = child->PreviousSibling()) { - if (child->IsBoxModelObject() && - ToLayoutBoxModelObject(child)->HasSelfPaintingLayer()) - continue; if (child->NodeAtFloatPoint(result, local_point, hit_test_action)) { const LayoutPoint& local_layout_point = LayoutPoint(local_point); UpdateHitTestResult(result, local_layout_point); diff --git a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.cc b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.cc index 6c83ce379a7..9f9a508adc1 100644 --- a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.cc +++ b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.cc @@ -24,6 +24,7 @@ #include "third_party/blink/renderer/core/layout/hit_test_result.h" #include "third_party/blink/renderer/core/layout/svg/svg_layout_support.h" #include "third_party/blink/renderer/core/layout/svg/svg_resources_cache.h" +#include "third_party/blink/renderer/core/paint/paint_layer.h" #include "third_party/blink/renderer/core/paint/svg_foreign_object_painter.h" #include "third_party/blink/renderer/core/svg/svg_foreign_object_element.h" @@ -127,15 +128,32 @@ void LayoutSVGForeignObject::UpdateLayout() { bool LayoutSVGForeignObject::NodeAtFloatPoint(HitTestResult& result, const FloatPoint& point_in_parent, HitTestAction hit_test_action) { - if (RuntimeEnabledFeatures::SlimmingPaintV175Enabled()) { - NOTREACHED(); - return false; - } AffineTransform local_transform = LocalSVGTransform(); if (!local_transform.IsInvertible()) return false; FloatPoint local_point = local_transform.Inverse().MapPoint(point_in_parent); + if (RuntimeEnabledFeatures::SlimmingPaintV175Enabled()) { + LayoutPoint point_in_foreign_object(local_point); + // |local_point| already includes the offset of the <foreignObject> element, + // but PaintLayer::HitTestLayer assumes it has not been. + point_in_foreign_object.MoveBy(-Layer()->LayoutBoxLocation()); + HitTestResult layer_result(result.GetHitTestRequest(), + point_in_foreign_object); + bool retval = Layer()->HitTest(layer_result); + + // Preserve the "point in inner node frame" from the original request, + // since |layer_result| is a hit test rooted at the <foreignObject> element, + // not the frame, due to the constructor above using + // |point_in_foreign_object| as its "point in inner node frame". + // TODO(chrishtr): refactor the PaintLayer and HitTestResults code around + // this, to better support hit tests that don't start at frame boundaries. + LayoutPoint original_point_in_inner_node_frame = + result.PointInInnerNodeFrame(); + result = layer_result; + result.SetPointInInnerNodeFrame(original_point_in_inner_node_frame); + return retval; + } // Early exit if local point is not contained in clipped viewport area if (SVGLayoutSupport::IsOverflowHidden(*this) && @@ -152,16 +170,6 @@ bool LayoutSVGForeignObject::NodeAtFloatPoint(HitTestResult& result, kHitTestChildBlockBackgrounds); } -void LayoutSVGForeignObject::GetTransformFromContainer( - const LayoutObject* container, - const LayoutSize& offset_in_container, - TransformationMatrix& matrix) const { - AffineTransform to_svg_root_transform; - SVGLayoutSupport::ComputeTransformToSVGRoot(*this, to_svg_root_transform); - matrix = to_svg_root_transform; - GetTransformFromContainerInternal(container, offset_in_container, matrix); -} - bool LayoutSVGForeignObject::NodeAtPoint( HitTestResult& result, const HitTestLocation& location_in_parent, diff --git a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.h b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.h index 78d8f07e3fb..4dffb3efd69 100644 --- a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.h +++ b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.h @@ -60,14 +60,6 @@ class LayoutSVGForeignObject final : public LayoutSVGBlock { return ObjectBoundingBox(); } - bool ShouldUseTransformFromContainer( - const LayoutObject* container) const override { - return true; - } - void GetTransformFromContainer(const LayoutObject* container, - const LayoutSize& offset_in_container, - TransformationMatrix&) const override; - bool NodeAtPoint(HitTestResult&, const HitTestLocation&, const LayoutPoint&, @@ -100,6 +92,8 @@ class LayoutSVGForeignObject final : public LayoutSVGBlock { bool needs_transform_update_; }; +DEFINE_LAYOUT_OBJECT_TYPE_CASTS(LayoutSVGForeignObject, IsSVGForeignObject()); + } // namespace blink #endif diff --git a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object_test.cc b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object_test.cc index 9b5770ef703..eb31ff5f2ae 100644 --- a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object_test.cc +++ b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object_test.cc @@ -3,6 +3,7 @@ // found in the LICENSE file. #include "third_party/blink/renderer/core/layout/layout_geometry_map.h" +#include "third_party/blink/renderer/core/paint/paint_layer.h" #include "third_party/blink/renderer/core/testing/core_unit_test_helper.h" namespace blink { @@ -265,4 +266,70 @@ TEST_F(LayoutSVGForeignObjectTest, HitTestUnderClipPath) { EXPECT_EQ(svg, GetDocument().ElementFromPoint(400, 400)); } +TEST_F(LayoutSVGForeignObjectTest, + HitTestUnderClippedPositionedForeignObjectDescendant) { + SetBodyInnerHTML(R"HTML( + <style> + * { + margin: 0 + } + </style> + <svg id="svg" style="width: 600px; height: 600px"> + <foreignObject id="foreignObject" x="200" y="200" width="100" + height="100"> + <div id="target" style="overflow: hidden; position: relative; + width: 100px; height: 50px; left: 5px"></div> + </foreignObject> + </svg> + )HTML"); + + const auto& svg = *GetDocument().getElementById("svg"); + const auto& target = *GetDocument().getElementById("target"); + const auto& foreignObject = *GetDocument().getElementById("foreignObject"); + + EXPECT_EQ(svg, GetDocument().ElementFromPoint(1, 1)); + EXPECT_EQ(foreignObject, GetDocument().ElementFromPoint(201, 201)); + EXPECT_EQ(target, GetDocument().ElementFromPoint(206, 206)); + EXPECT_EQ(foreignObject, GetDocument().ElementFromPoint(205, 255)); + + HitTestRequest request(HitTestRequest::kReadOnly | HitTestRequest::kActive); + HitTestResult result(request, LayoutPoint(206, 206)); + GetDocument().GetLayoutView()->Layer()->HitTest(result); + EXPECT_EQ(target, result.InnerNode()); + EXPECT_EQ(LayoutPoint(206, 206), result.PointInInnerNodeFrame()); +} + +TEST_F(LayoutSVGForeignObjectTest, + HitTestUnderTransformedForeignObjectDescendant) { + SetBodyInnerHTML(R"HTML( + <style> + * { + margin: 0 + } + </style> + <svg id="svg" style="width: 600px; height: 600px"> + <foreignObject id="foreignObject" x="200" y="200" width="100" + height="100" transform="translate(30)"> + <div id="target" style="overflow: hidden; position: relative; + width: 100px; height: 50px; left: 5px"></div> + </foreignObject> + </svg> + )HTML"); + + const auto& svg = *GetDocument().getElementById("svg"); + const auto& target = *GetDocument().getElementById("target"); + const auto& foreignObject = *GetDocument().getElementById("foreignObject"); + + EXPECT_EQ(svg, GetDocument().ElementFromPoint(1, 1)); + EXPECT_EQ(foreignObject, GetDocument().ElementFromPoint(231, 201)); + EXPECT_EQ(target, GetDocument().ElementFromPoint(236, 206)); + EXPECT_EQ(foreignObject, GetDocument().ElementFromPoint(235, 255)); + + HitTestRequest request(HitTestRequest::kReadOnly | HitTestRequest::kActive); + HitTestResult result(request, LayoutPoint(236, 206)); + GetDocument().GetLayoutView()->Layer()->HitTest(result); + EXPECT_EQ(target, result.InnerNode()); + EXPECT_EQ(LayoutPoint(236, 206), result.PointInInnerNodeFrame()); +} + } // namespace blink diff --git a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_root.cc b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_root.cc index 057c364d35f..f35b4a16e36 100644 --- a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_root.cc +++ b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_root.cc @@ -513,9 +513,6 @@ bool LayoutSVGRoot::NodeAtPoint(HitTestResult& result, for (LayoutObject* child = LastChild(); child; child = child->PreviousSibling()) { - if (child->IsBoxModelObject() && - ToLayoutBoxModelObject(child)->HasSelfPaintingLayer()) - continue; // FIXME: nodeAtFloatPoint() doesn't handle rect-based hit tests yet. if (child->NodeAtFloatPoint(result, local_point, hit_test_action)) { UpdateHitTestResult(result, point_in_border_box); diff --git a/chromium/third_party/blink/renderer/core/layout/svg/svg_layout_support.cc b/chromium/third_party/blink/renderer/core/layout/svg/svg_layout_support.cc index b37d9a1e270..10e7e46daad 100644 --- a/chromium/third_party/blink/renderer/core/layout/svg/svg_layout_support.cc +++ b/chromium/third_party/blink/renderer/core/layout/svg/svg_layout_support.cc @@ -94,7 +94,7 @@ LayoutRect SVGLayoutSupport::TransformVisualRect( return LayoutRect(EnclosingIntRect(adjusted_rect)); } -const LayoutSVGRoot& SVGLayoutSupport::ComputeTransformToSVGRoot( +static const LayoutSVGRoot& ComputeTransformToSVGRoot( const LayoutObject& object, AffineTransform& root_border_box_transform) { DCHECK(object.IsSVGChild()); diff --git a/chromium/third_party/blink/renderer/core/layout/svg/svg_layout_support.h b/chromium/third_party/blink/renderer/core/layout/svg/svg_layout_support.h index b055793af1f..dbc43c74fee 100644 --- a/chromium/third_party/blink/renderer/core/layout/svg/svg_layout_support.h +++ b/chromium/third_party/blink/renderer/core/layout/svg/svg_layout_support.h @@ -153,10 +153,6 @@ class CORE_EXPORT SVGLayoutSupport { static LayoutObject* FindClosestLayoutSVGText(const LayoutObject*, const FloatPoint&); - static const LayoutSVGRoot& ComputeTransformToSVGRoot( - const LayoutObject& object, - AffineTransform& root_border_box_transform); - private: static void UpdateObjectBoundingBox(FloatRect& object_bounding_box, bool& object_bounding_box_valid, diff --git a/chromium/third_party/blink/renderer/core/layout/visual_rect_mapping_test.cc b/chromium/third_party/blink/renderer/core/layout/visual_rect_mapping_test.cc index 144cdecb03c..eb8578dc98e 100644 --- a/chromium/third_party/blink/renderer/core/layout/visual_rect_mapping_test.cc +++ b/chromium/third_party/blink/renderer/core/layout/visual_rect_mapping_test.cc @@ -1012,11 +1012,6 @@ TEST_P(VisualRectMappingTest, FixedContentsWithScrollOffset) { GetDocument().View()->LayoutViewportScrollableArea()->SetScrollOffset( ScrollOffset(0, 50), kProgrammaticScroll); GetDocument().View()->UpdateAllLifecyclePhases(); - - // The fixed element does not scroll but the ancestor does which changes the - // visual rect. - CheckMapToVisualRectInAncestorSpace( - LayoutRect(0, 0, 400, 300), LayoutRect(0, 40, 400, 300), fixed, ancestor); } } // namespace blink diff --git a/chromium/third_party/blink/renderer/core/loader/frame_fetch_context.cc b/chromium/third_party/blink/renderer/core/loader/frame_fetch_context.cc index b9f29902c57..b1025b2413b 100644 --- a/chromium/third_party/blink/renderer/core/loader/frame_fetch_context.cc +++ b/chromium/third_party/blink/renderer/core/loader/frame_fetch_context.cc @@ -32,6 +32,8 @@ #include <algorithm> #include <memory> + +#include "base/feature_list.h" #include "services/network/public/mojom/request_context_frame_type.mojom-blink.h" #include "third_party/blink/public/common/client_hints/client_hints.h" #include "third_party/blink/public/common/device_memory/approximated_device_memory.h" @@ -100,6 +102,12 @@ namespace blink { namespace { +// If kAllowClientHintsToThirdParty is enabled, then device-memory, +// resource-width and viewport-width client hints can be sent to third-party +// origins if the first-party has opted in to receiving client hints. +const base::Feature kAllowClientHintsToThirdParty{ + "AllowClientHintsToThirdParty", base::FEATURE_DISABLED_BY_DEFAULT}; + enum class RequestMethod { kIsPost, kIsNotPost }; enum class RequestType { kIsConditional, kIsNotConditional }; enum class ResourceType { kIsMainResource, kIsNotMainResource }; @@ -881,6 +889,9 @@ void FrameFetchContext::AddClientHintsIfNecessary( const FetchParameters::ResourceWidth& resource_width, ResourceRequest& request) { WebEnabledClientHints enabled_hints; + + bool is_1p_origin = false; + if (blink::RuntimeEnabledFeatures::ClientHintsPersistentEnabled()) { // If the feature is enabled, then client hints are allowed only on secure // URLs. @@ -896,17 +907,22 @@ void FrameFetchContext::AddClientHintsIfNecessary( if (IsDetached()) return; - if (!GetFrame() - ->Tree() - .Top() - .GetSecurityContext() - ->GetSecurityOrigin() - ->IsSameSchemeHostPort( - SecurityOrigin::Create(request.Url()).get())) { + is_1p_origin = + GetFrame() + ->Tree() + .Top() + .GetSecurityContext() + ->GetSecurityOrigin() + ->IsSameSchemeHostPort(SecurityOrigin::Create(request.Url()).get()); + + if (!base::FeatureList::IsEnabled(kAllowClientHintsToThirdParty) && + !is_1p_origin) { // No client hints for 3p origins. return; } - if (GetContentSettingsClient()) { + // Persisted client hints preferences should be read for only the first + // party origins. + if (is_1p_origin && GetContentSettingsClient()) { GetContentSettingsClient()->GetAllowedClientHintsFromSource( request.Url(), &enabled_hints); } @@ -943,6 +959,12 @@ void FrameFetchContext::AddClientHintsIfNecessary( AtomicString(String::Number(GetFrame()->View()->ViewportWidth()))); } + if (!is_1p_origin) { + // No network quality client hints for 3p origins. Only DPR, resource width + // and viewport width client hints are allowed for 1p origins. + return; + } + if (ShouldSendClientHint(mojom::WebClientHintsType::kRtt, hints_preferences, enabled_hints)) { unsigned long rtt = GetNetworkStateNotifier().RoundRtt( diff --git a/chromium/third_party/blink/renderer/core/loader/threadable_loader.cc b/chromium/third_party/blink/renderer/core/loader/threadable_loader.cc index 44b688f05be..6e269ec2080 100644 --- a/chromium/third_party/blink/renderer/core/loader/threadable_loader.cc +++ b/chromium/third_party/blink/renderer/core/loader/threadable_loader.cc @@ -33,6 +33,7 @@ #include "third_party/blink/renderer/core/execution_context/execution_context.h" #include "third_party/blink/renderer/core/loader/document_threadable_loader.h" #include "third_party/blink/renderer/core/loader/threadable_loading_context.h" +#include "third_party/blink/renderer/core/loader/worker_threadable_loader.h" #include "third_party/blink/renderer/core/workers/worker_global_scope.h" namespace blink { @@ -56,6 +57,12 @@ void ThreadableLoader::LoadResourceSynchronously( ThreadableLoaderClient& client, const ThreadableLoaderOptions& options, const ResourceLoaderOptions& resource_loader_options) { + if (context.IsWorkerGlobalScope()) { + WorkerThreadableLoader::LoadResourceSynchronously( + ToWorkerGlobalScope(context), request, client, options, + resource_loader_options); + return; + } DocumentThreadableLoader::LoadResourceSynchronously( *ThreadableLoadingContext::Create(context), request, client, options, resource_loader_options); diff --git a/chromium/third_party/blink/renderer/core/paint/README.md b/chromium/third_party/blink/renderer/core/paint/README.md index 641f09eb8ec..0a3e2ed55b7 100644 --- a/chromium/third_party/blink/renderer/core/paint/README.md +++ b/chromium/third_party/blink/renderer/core/paint/README.md @@ -26,6 +26,13 @@ are treated in different ways during painting: * Stacking contexts: elements with non-auto z-indices or other properties that affect stacking e.g. transform, opacity, blend-mode. + * Replaced normal-flow stacking elements: [replaced elements](https://html.spec.whatwg.org/multipage/rendering.html#replaced-elements) + that do not have non-auto z-index but are stacking contexts for + elements below them. Right now the only example is SVG <foreignObject>. + The difference between these elements and regular stacking contexts is + that they paint in the foreground phase of the painting algorithm + (as opposed to the positioned descendants phase). + * Elements that are not real stacking contexts but are treated as stacking contexts but don't manage other stacked elements. Their z-ordering are managed by real stacking contexts. They are positioned elements with diff --git a/chromium/third_party/blink/renderer/core/paint/box_painter.cc b/chromium/third_party/blink/renderer/core/paint/box_painter.cc index 77ba7b05a8e..79cfaa28616 100644 --- a/chromium/third_party/blink/renderer/core/paint/box_painter.cc +++ b/chromium/third_party/blink/renderer/core/paint/box_painter.cc @@ -9,6 +9,7 @@ #include "third_party/blink/renderer/core/layout/layout_object.h" #include "third_party/blink/renderer/core/layout/layout_table.h" #include "third_party/blink/renderer/core/layout/layout_theme.h" +#include "third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.h" #include "third_party/blink/renderer/core/paint/adjust_paint_offset_scope.h" #include "third_party/blink/renderer/core/paint/background_image_geometry.h" #include "third_party/blink/renderer/core/paint/box_decoration_data.h" @@ -19,6 +20,7 @@ #include "third_party/blink/renderer/core/paint/object_painter.h" #include "third_party/blink/renderer/core/paint/paint_info.h" #include "third_party/blink/renderer/core/paint/scroll_recorder.h" +#include "third_party/blink/renderer/core/paint/svg_foreign_object_painter.h" #include "third_party/blink/renderer/core/paint/theme_painter.h" #include "third_party/blink/renderer/platform/geometry/layout_point.h" #include "third_party/blink/renderer/platform/graphics/graphics_context_state_saver.h" @@ -42,9 +44,13 @@ void BoxPainter::PaintChildren(const PaintInfo& paint_info, PaintInfo child_info(paint_info); for (LayoutObject* child = layout_box_.SlowFirstChild(); child; child = child->NextSibling()) { - if (!child->IsBoxModelObject() || - !ToLayoutBoxModelObject(child)->HasSelfPaintingLayer()) + if (RuntimeEnabledFeatures::SlimmingPaintV175Enabled() && + child->IsSVGForeignObject()) { + SVGForeignObjectPainter(ToLayoutSVGForeignObject(*child)) + .PaintLayer(paint_info); + } else { child->Paint(child_info, paint_offset); + } } } diff --git a/chromium/third_party/blink/renderer/core/paint/compositing/composited_layer_mapping.cc b/chromium/third_party/blink/renderer/core/paint/compositing/composited_layer_mapping.cc index c3cc47a03f4..217062ed40f 100644 --- a/chromium/third_party/blink/renderer/core/paint/compositing/composited_layer_mapping.cc +++ b/chromium/third_party/blink/renderer/core/paint/compositing/composited_layer_mapping.cc @@ -3368,19 +3368,27 @@ IntRect CompositedLayerMapping::RecomputeInterestRect( LayoutRect graphics_layer_bounds_in_root_view_space( graphics_layer_bounds_in_object_space); - // MapToVisualRectInAncestorSpace is exclusive of the scroll and clip on the - // ancestor, so we map to nullptr instead of |root_view| to include these. anchor_layout_object->MapToVisualRectInAncestorSpace( - nullptr, graphics_layer_bounds_in_root_view_space); + root_view, graphics_layer_bounds_in_root_view_space); + + // In RLS, the root_view is scrolled. However, MapToVisualRectInAncestorSpace + // doesn't account for this scroll, since it earlies out as soon as we reach + // this ancestor. That is, it only maps to the space of the root_view, not + // accounting for the fact that the root_view itself can be scrolled. If the + // root_view is our anchor_layout_object, then this extra offset is counted in + // offset_from_anchor_layout_object. In other cases, we need to account for it + // here. Otherwise, the paint clip below might clip the whole (visible) rect + // out. + if (RuntimeEnabledFeatures::RootLayerScrollingEnabled() && + root_view != anchor_layout_object) { + if (auto* scrollable_area = root_view->GetScrollableArea()) { + graphics_layer_bounds_in_root_view_space.MoveBy( + -scrollable_area->VisibleContentRect().Location()); + } + } - // MapToVisualRectInAncestorSpace will not clip if the anchor is the root - // view, because the rect is assumed to already be in the clipped space of - // the root view. We need to manually apply the root view's clip in this case. FloatRect visible_content_rect(graphics_layer_bounds_in_root_view_space); - if (anchor_layout_object == root_view || - !RuntimeEnabledFeatures::RootLayerScrollingEnabled()) { - root_view->GetFrameView()->ClipPaintRect(&visible_content_rect); - } + root_view->GetFrameView()->ClipPaintRect(&visible_content_rect); FloatRect enclosing_graphics_layer_bounds( EnclosingIntRect(graphics_layer_bounds)); diff --git a/chromium/third_party/blink/renderer/core/paint/compositing/paint_layer_compositor.cc b/chromium/third_party/blink/renderer/core/paint/compositing/paint_layer_compositor.cc index 95b7ed761bf..e17ae8d3414 100644 --- a/chromium/third_party/blink/renderer/core/paint/compositing/paint_layer_compositor.cc +++ b/chromium/third_party/blink/renderer/core/paint/compositing/paint_layer_compositor.cc @@ -967,7 +967,10 @@ bool PaintLayerCompositor::CanBeComposited(const PaintLayer* layer) const { return has_accelerated_compositing_ && (has_compositor_animation || !layer->SubtreeIsInvisible()) && layer->IsSelfPaintingLayer() && - !layer->GetLayoutObject().IsLayoutFlowThread(); + !layer->GetLayoutObject().IsLayoutFlowThread() && + // Don't composite <foreignObject> for the moment, to reduce + // instances of the "fundamental compositing bug" breaking content. + !layer->GetLayoutObject().IsSVGForeignObject(); } // Return true if the given layer is a stacking context and has compositing diff --git a/chromium/third_party/blink/renderer/core/paint/paint_layer.cc b/chromium/third_party/blink/renderer/core/paint/paint_layer.cc index 79c2117f843..6c4a1ad30e0 100644 --- a/chromium/third_party/blink/renderer/core/paint/paint_layer.cc +++ b/chromium/third_party/blink/renderer/core/paint/paint_layer.cc @@ -1856,16 +1856,6 @@ scoped_refptr<HitTestingTransformState> PaintLayer::CreateLocalTransformState( ConvertToLayerCoords(root_layer, offset); } offset.MoveBy(translation_offset); - // The location of a foreignObject element is added *after* transform, not - // before (all SVG child elements have this behavior). Therefore, remove - // the offset here to avoid applying it before the transform. It will be - // added later. - // TODO(chrishtr): this ugliness can be removed if we change the code to - // to be based on PaintOffset rather than PaintLayer offsets, like the - // paint code does. This is a larger effort though, that involves using - // property trees to drive hit testing coordinate spaces. - if (GetLayoutObject().IsSVGForeignObject()) - offset.MoveBy(-LayoutBoxLocation()); LayoutObject* container_layout_object = container_layer ? &container_layer->GetLayoutObject() : nullptr; @@ -1943,11 +1933,11 @@ PaintLayer* PaintLayer::HitTestLayer( if (result.GetHitTestRequest().IgnoreClipping()) clip_behavior = kIgnoreOverflowClip; - // Always send foreignObject PaintLayers through the "transform" code path, - // even if they have no transform. This is in order to collect any ancestor - // SVG transforms, including the SVG root to border box transform, which - // are represented outside of the PaintLayer tree. - bool use_transform = Transform() || GetLayoutObject().IsSVGForeignObject(); + // We can only reach an SVG foreign object's PaintLayer from + // LayoutSVGForeignObject::NodeAtFloatPoint (because + // IsReplacedNormalFlowStacking() true for LayoutSVGForeignObject), + // where the hit_test_rect has already been transformed to local coordinates. + bool use_transform = Transform() && !GetLayoutObject().IsSVGForeignObject(); // Apply a transform if we have one. if (use_transform && !applied_transform) { @@ -1979,17 +1969,6 @@ PaintLayer* PaintLayer::HitTestLayer( if (HitTestClippedOutByClipPath(root_layer, hit_test_location)) return nullptr; - // TODO(chrishtr): this can have incorrect results for rects that are not - // unit-sized due to use of Center(). - if (GetLayoutObject().IsSVGForeignObject() && - !GeometryMapper::PointVisibleInAncestorSpace( - GetLayoutObject().FirstFragment().LocalBorderBoxProperties(), - container_layer->GetLayoutObject() - .FirstFragment() - .LocalBorderBoxProperties(), - FloatPoint(hit_test_location.BoundingBox().Center()))) - return nullptr; - // The natural thing would be to keep HitTestingTransformState on the stack, // but it's big, so we heap-allocate. scoped_refptr<HitTestingTransformState> local_transform_state; @@ -2098,10 +2077,6 @@ PaintLayer* PaintLayer::HitTestLayer( } LayoutPoint offset = -LayoutBoxLocation(); - // See comment in CreateLocalTransformState. The code here is - // where we re-add the location. - if (root_layer->GetLayoutObject().IsSVGForeignObject()) - offset.MoveBy(root_layer->LayoutBoxLocation()); // Next we want to see if the mouse pos is inside the child LayoutObjects of // the layer. Check every fragment in reverse order. @@ -2315,6 +2290,14 @@ bool PaintLayer::HitTestContents(HitTestResult& result, return true; } +bool PaintLayer::IsReplacedNormalFlowStacking() { + if (!GetLayoutObject().IsSVGForeignObject()) + return false; + if (!GetLayoutObject().StyleRef().HasAutoZIndex()) + return false; + return true; +} + PaintLayer* PaintLayer::HitTestChildren( ChildrenIteration childrento_visit, PaintLayer* root_layer, @@ -2334,6 +2317,10 @@ PaintLayer* PaintLayer::HitTestChildren( childrento_visit); while (PaintLayerStackingNode* child = iterator.Next()) { PaintLayer* child_layer = child->Layer(); + + if (child_layer->IsReplacedNormalFlowStacking()) + continue; + PaintLayer* hit_layer = nullptr; HitTestResult temp_result(result.GetHitTestRequest(), result.GetHitTestLocation()); diff --git a/chromium/third_party/blink/renderer/core/paint/paint_layer.h b/chromium/third_party/blink/renderer/core/paint/paint_layer.h index 24a1578f33f..4bd4db980ac 100644 --- a/chromium/third_party/blink/renderer/core/paint/paint_layer.h +++ b/chromium/third_party/blink/renderer/core/paint/paint_layer.h @@ -1030,6 +1030,11 @@ class CORE_EXPORT PaintLayer : public DisplayItemClient { bool ShouldFragmentCompositedBounds( const PaintLayer* compositing_layer = nullptr) const; + // See + // https://chromium.googlesource.com/chromium/src.git/+/master/third_party/blink/renderer/core/paint/README.md + // for the definition of a replaced normal-flow stacking element. + bool IsReplacedNormalFlowStacking(); + private: void SetNeedsCompositingInputsUpdateInternal(); diff --git a/chromium/third_party/blink/renderer/core/paint/paint_layer_painter.cc b/chromium/third_party/blink/renderer/core/paint/paint_layer_painter.cc index 5eb8f0c3223..5e50057e5e4 100644 --- a/chromium/third_party/blink/renderer/core/paint/paint_layer_painter.cc +++ b/chromium/third_party/blink/renderer/core/paint/paint_layer_painter.cc @@ -983,6 +983,9 @@ PaintResult PaintLayerPainter::PaintChildren( painting_info.GetGlobalPaintFlags())) continue; + if (child->Layer()->IsReplacedNormalFlowStacking()) + continue; + PaintLayerPaintingInfo child_painting_info = painting_info; child_painting_info.scroll_offset_accumulation = scroll_offset_accumulation_for_children; diff --git a/chromium/third_party/blink/renderer/core/paint/svg_container_painter.cc b/chromium/third_party/blink/renderer/core/paint/svg_container_painter.cc index aad110b234a..529a5525b10 100644 --- a/chromium/third_party/blink/renderer/core/paint/svg_container_painter.cc +++ b/chromium/third_party/blink/renderer/core/paint/svg_container_painter.cc @@ -6,11 +6,13 @@ #include "third_party/blink/renderer/core/layout/layout_box_model_object.h" #include "third_party/blink/renderer/core/layout/svg/layout_svg_container.h" +#include "third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.h" #include "third_party/blink/renderer/core/layout/svg/layout_svg_viewport_container.h" #include "third_party/blink/renderer/core/layout/svg/svg_layout_support.h" #include "third_party/blink/renderer/core/paint/float_clip_recorder.h" #include "third_party/blink/renderer/core/paint/object_painter.h" #include "third_party/blink/renderer/core/paint/paint_info.h" +#include "third_party/blink/renderer/core/paint/svg_foreign_object_painter.h" #include "third_party/blink/renderer/core/paint/svg_paint_context.h" #include "third_party/blink/renderer/core/svg/svg_svg_element.h" #include "third_party/blink/renderer/platform/wtf/optional.h" @@ -83,8 +85,11 @@ void SVGContainerPainter::Paint(const PaintInfo& paint_info) { if (continue_rendering) { for (LayoutObject* child = layout_svg_container_.FirstChild(); child; child = child->NextSibling()) { - if (!child->IsBoxModelObject() || - !ToLayoutBoxModelObject(child)->HasSelfPaintingLayer()) { + if (RuntimeEnabledFeatures::SlimmingPaintV175Enabled() && + child->IsSVGForeignObject()) { + SVGForeignObjectPainter(ToLayoutSVGForeignObject(*child)) + .PaintLayer(paint_context.GetPaintInfo()); + } else { child->Paint(paint_context.GetPaintInfo(), IntPoint()); } } diff --git a/chromium/third_party/blink/renderer/core/paint/svg_foreign_object_painter.cc b/chromium/third_party/blink/renderer/core/paint/svg_foreign_object_painter.cc index 3e8cc8eb07b..d78a5fa6162 100644 --- a/chromium/third_party/blink/renderer/core/paint/svg_foreign_object_painter.cc +++ b/chromium/third_party/blink/renderer/core/paint/svg_foreign_object_painter.cc @@ -11,6 +11,7 @@ #include "third_party/blink/renderer/core/paint/object_painter.h" #include "third_party/blink/renderer/core/paint/paint_info.h" #include "third_party/blink/renderer/core/paint/paint_layer.h" +#include "third_party/blink/renderer/core/paint/paint_layer_painter.h" #include "third_party/blink/renderer/core/paint/svg_paint_context.h" #include "third_party/blink/renderer/platform/wtf/optional.h" @@ -34,6 +35,34 @@ class BlockPainterDelegate : public LayoutBlock { } // namespace +void SVGForeignObjectPainter::PaintLayer(const PaintInfo& paint_info) { + if (!RuntimeEnabledFeatures::SlimmingPaintV175Enabled()) + return; + if (paint_info.phase != PaintPhase::kForeground && + paint_info.phase != PaintPhase::kSelection) + return; + + // Early out in the case of trying to paint an image filter before + // pre-paint has finished. + if (!layout_svg_foreign_object_.FirstFragment().HasLocalBorderBoxProperties()) + return; + + // <foreignObject> is a replaced normal-flow stacking element. + // See IsReplacedNormalFlowStacking in paint_layer_painter.cc. + PaintLayerPaintingInfo layer_painting_info( + layout_svg_foreign_object_.Layer(), + // Reset to an infinite cull rect, for simplicity. Otherwise + // an adjustment would be needed for ancestor scrolling, and any + // SVG transforms would have to be taken into account. Further, + // cull rects under transform are intentionally reset to infinity, + // to improve cache invalidation performance in the pre-paint tree + // walk (see https://http://crrev.com/482854). + LayoutRect(LayoutRect::InfiniteIntRect()), + paint_info.GetGlobalPaintFlags(), LayoutSize()); + PaintLayerPainter(*layout_svg_foreign_object_.Layer()) + .Paint(paint_info.context, layer_painting_info, paint_info.PaintFlags()); +} + void SVGForeignObjectPainter::Paint(const PaintInfo& paint_info) { if (!RuntimeEnabledFeatures::SlimmingPaintV175Enabled()) { if (paint_info.phase != PaintPhase::kForeground && diff --git a/chromium/third_party/blink/renderer/core/paint/svg_foreign_object_painter.h b/chromium/third_party/blink/renderer/core/paint/svg_foreign_object_painter.h index c60e19da08d..095518a2849 100644 --- a/chromium/third_party/blink/renderer/core/paint/svg_foreign_object_painter.h +++ b/chromium/third_party/blink/renderer/core/paint/svg_foreign_object_painter.h @@ -21,6 +21,8 @@ class SVGForeignObjectPainter { : layout_svg_foreign_object_(layout_svg_foreign_object) {} void Paint(const PaintInfo&); + void PaintLayer(const PaintInfo& paint_info); + private: const LayoutSVGForeignObject& layout_svg_foreign_object_; }; diff --git a/chromium/third_party/blink/renderer/devtools/front_end/sdk/NetworkManager.js b/chromium/third_party/blink/renderer/devtools/front_end/sdk/NetworkManager.js index 27a5d0c9ad0..78542b58ff5 100644 --- a/chromium/third_party/blink/renderer/devtools/front_end/sdk/NetworkManager.js +++ b/chromium/third_party/blink/renderer/devtools/front_end/sdk/NetworkManager.js @@ -807,8 +807,9 @@ SDK.NetworkDispatcher = class { if (blockedCrossSiteDocument) { const message = Common.UIString( - `Blocked current origin from receiving cross-site document at %s with MIME type %s.`, networkRequest.url(), - networkRequest.mimeType); + `Cross-Origin Read Blocking (CORB) blocked cross-origin response %s with MIME type %s. ` + + `See https://www.chromestatus.com/feature/5629709824032768 for more details.`, + networkRequest.url(), networkRequest.mimeType); this._manager.dispatchEventToListeners( SDK.NetworkManager.Events.MessageGenerated, {message: message, requestId: networkRequest.requestId(), warning: true}); diff --git a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_button_panel_element.cc b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_button_panel_element.cc index a79e51741ff..7c21b9a4003 100644 --- a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_button_panel_element.cc +++ b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_button_panel_element.cc @@ -4,6 +4,7 @@ #include "third_party/blink/renderer/modules/media_controls/elements/media_control_button_panel_element.h" +#include "third_party/blink/renderer/modules/media_controls/elements/media_control_elements_helper.h" #include "third_party/blink/renderer/modules/media_controls/media_controls_impl.h" namespace blink { @@ -14,4 +15,8 @@ MediaControlButtonPanelElement::MediaControlButtonPanelElement( SetShadowPseudoId(AtomicString("-internal-media-controls-button-panel")); } +bool MediaControlButtonPanelElement::KeepEventInNode(Event* event) { + return MediaControlElementsHelper::IsUserInteractionEvent(event); +} + } // namespace blink diff --git a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_button_panel_element.h b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_button_panel_element.h index 460207cd939..d8bb310ffbe 100644 --- a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_button_panel_element.h +++ b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_button_panel_element.h @@ -18,6 +18,9 @@ class MediaControlsImpl; class MediaControlButtonPanelElement final : public MediaControlDivElement { public: explicit MediaControlButtonPanelElement(MediaControlsImpl&); + + private: + bool KeepEventInNode(Event*) override; }; } // namespace blink diff --git a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_overlay_play_button_element.cc b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_overlay_play_button_element.cc index e345cb06019..82d819a4482 100644 --- a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_overlay_play_button_element.cc +++ b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_overlay_play_button_element.cc @@ -215,31 +215,17 @@ void MediaControlOverlayPlayButtonElement::MaybeJump(int seconds) { } void MediaControlOverlayPlayButtonElement::DefaultEventHandler(Event* event) { - if (event->type() == EventTypeNames::click) { + if (ShouldCausePlayPause(event)) { + event->SetDefaultHandled(); + MaybePlayPause(); + } else if (event->type() == EventTypeNames::click) { event->SetDefaultHandled(); - // Double tap to navigate should only be available on modern controls. - if (!MediaControlsImpl::IsModern() || !event->IsMouseEvent()) { - MaybePlayPause(); - return; - } - - // If the event doesn't have position data we should just default to - // play/pause. - // TODO(beccahughes): Move to PointerEvent. + DCHECK(event->IsMouseEvent()); MouseEvent* mouse_event = ToMouseEvent(event); - if (!mouse_event->HasPosition()) { - MaybePlayPause(); - return; - } + DCHECK(mouse_event->HasPosition()); - // If the click happened on the internal button or a margin around it then - // we should play/pause. - if (IsPointInRect(*internal_button_->getBoundingClientRect(), - kInnerButtonTouchPaddingSize, mouse_event->clientX(), - mouse_event->clientY())) { - MaybePlayPause(); - } else if (!tap_timer_.IsActive()) { + if (!tap_timer_.IsActive()) { // If there was not a previous touch and this was outside of the button // then we should toggle visibility with a small unnoticeable delay in // case their is a second tap. @@ -274,14 +260,37 @@ void MediaControlOverlayPlayButtonElement::DefaultEventHandler(Event* event) { } tap_was_touch_event_.reset(); - event->SetDefaultHandled(); } } MediaControlInputElement::DefaultEventHandler(event); } bool MediaControlOverlayPlayButtonElement::KeepEventInNode(Event* event) { - return MediaControlElementsHelper::IsUserInteractionEvent(event); + return ShouldCausePlayPause(event); +} + +bool MediaControlOverlayPlayButtonElement::ShouldCausePlayPause( + Event* event) const { + // Only click events cause a play/pause. + if (event->type() != EventTypeNames::click) + return false; + + // Double tap to navigate should only be available on modern controls. + if (!MediaControlsImpl::IsModern() || !event->IsMouseEvent()) + return true; + + // If the event doesn't have position data we should just default to + // play/pause. + // TODO(beccahughes): Move to PointerEvent. + MouseEvent* mouse_event = ToMouseEvent(event); + if (!mouse_event->HasPosition()) + return true; + + // If the click happened on the internal button or a margin around it then + // we should play/pause. + return IsPointInRect(*internal_button_->getBoundingClientRect(), + kInnerButtonTouchPaddingSize, mouse_event->clientX(), + mouse_event->clientY()); } WebSize MediaControlOverlayPlayButtonElement::GetSizeOrDefault() const { diff --git a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_overlay_play_button_element.h b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_overlay_play_button_element.h index c37986b8c94..17d81918cb2 100644 --- a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_overlay_play_button_element.h +++ b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_overlay_play_button_element.h @@ -81,6 +81,7 @@ class MODULES_EXPORT MediaControlOverlayPlayButtonElement final void DefaultEventHandler(Event*) override; bool KeepEventInNode(Event*) override; + bool ShouldCausePlayPause(Event*) const; void MaybePlayPause(); void MaybeJump(int); diff --git a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_panel_element.cc b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_panel_element.cc index 91e142fa70c..8010bae15c4 100644 --- a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_panel_element.cc +++ b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_panel_element.cc @@ -134,7 +134,8 @@ void MediaControlPanelElement::DefaultEventHandler(Event* event) { } bool MediaControlPanelElement::KeepEventInNode(Event* event) { - return MediaControlElementsHelper::IsUserInteractionEvent(event); + return !MediaControlsImpl::IsModern() && + MediaControlElementsHelper::IsUserInteractionEvent(event); } void MediaControlPanelElement::DidBecomeVisible() { diff --git a/chromium/third_party/blink/renderer/modules/media_controls/media_controls_impl.cc b/chromium/third_party/blink/renderer/modules/media_controls/media_controls_impl.cc index 772ddeaa7d0..89c356e3e28 100644 --- a/chromium/third_party/blink/renderer/modules/media_controls/media_controls_impl.cc +++ b/chromium/third_party/blink/renderer/modules/media_controls/media_controls_impl.cc @@ -871,6 +871,7 @@ void MediaControlsImpl::MaybeShow() { timeline_->OnControlsShown(); UpdateCSSClassFromState(); + UpdateActingAsAudioControls(); } void MediaControlsImpl::Hide() { @@ -896,6 +897,7 @@ void MediaControlsImpl::Hide() { timeline_->OnControlsHidden(); UpdateCSSClassFromState(); + UpdateActingAsAudioControls(); } bool MediaControlsImpl::IsVisible() const { @@ -1603,13 +1605,7 @@ void MediaControlsImpl::OnLoadedMetadata() { // to be changed. Reset(); UpdateCSSClassFromState(); - - if (ShouldActAsAudioControls() != is_acting_as_audio_controls_) { - if (is_acting_as_audio_controls_) - StopActingAsAudioControls(); - else - StartActingAsAudioControls(); - } + UpdateActingAsAudioControls(); } void MediaControlsImpl::OnEnteredFullscreen() { @@ -1828,8 +1824,9 @@ MediaControlsImpl::ToggleClosedCaptions() { bool MediaControlsImpl::ShouldActAsAudioControls() const { // A video element should act like an audio element when it has an audio track // but no video track. - return IsModern() && MediaElement().IsHTMLVideoElement() && - MediaElement().HasAudio() && !MediaElement().HasVideo(); + return IsModern() && MediaElement().ShouldShowControls() && + MediaElement().IsHTMLVideoElement() && MediaElement().HasAudio() && + !MediaElement().HasVideo(); } void MediaControlsImpl::StartActingAsAudioControls() { @@ -1850,6 +1847,15 @@ void MediaControlsImpl::StopActingAsAudioControls() { Reset(); } +void MediaControlsImpl::UpdateActingAsAudioControls() { + if (ShouldActAsAudioControls() != is_acting_as_audio_controls_) { + if (is_acting_as_audio_controls_) + StopActingAsAudioControls(); + else + StartActingAsAudioControls(); + } +} + bool MediaControlsImpl::ShouldShowAudioControls() const { return IsModern() && (MediaElement().IsHTMLAudioElement() || is_acting_as_audio_controls_); diff --git a/chromium/third_party/blink/renderer/modules/media_controls/media_controls_impl.h b/chromium/third_party/blink/renderer/modules/media_controls/media_controls_impl.h index 555d6a1ffa3..6d801ad45e3 100644 --- a/chromium/third_party/blink/renderer/modules/media_controls/media_controls_impl.h +++ b/chromium/third_party/blink/renderer/modules/media_controls/media_controls_impl.h @@ -280,6 +280,7 @@ class MODULES_EXPORT MediaControlsImpl final : public HTMLDivElement, bool ShouldActAsAudioControls() const; void StartActingAsAudioControls(); void StopActingAsAudioControls(); + void UpdateActingAsAudioControls(); // Returns true/false based on which set of controls to display. bool ShouldShowAudioControls() const; diff --git a/chromium/third_party/blink/renderer/platform/graphics/paint/cull_rect.h b/chromium/third_party/blink/renderer/platform/graphics/paint/cull_rect.h index 28967a81b74..324659b3d2b 100644 --- a/chromium/third_party/blink/renderer/platform/graphics/paint/cull_rect.h +++ b/chromium/third_party/blink/renderer/platform/graphics/paint/cull_rect.h @@ -53,6 +53,7 @@ class PLATFORM_EXPORT CullRect { // TODO(chrishtr): temporary while we implement CullRect everywhere. friend class FramePainter; friend class GridPainter; + friend class SVGForeignObjectPainter; friend class SVGInlineTextBoxPainter; friend class SVGPaintContext; friend class SVGRootInlineBoxPainter; diff --git a/chromium/third_party/blink/renderer/platform/graphics/paint/geometry_mapper.cc b/chromium/third_party/blink/renderer/platform/graphics/paint/geometry_mapper.cc index bccae25dbef..efbba23f75f 100644 --- a/chromium/third_party/blink/renderer/platform/graphics/paint/geometry_mapper.cc +++ b/chromium/third_party/blink/renderer/platform/graphics/paint/geometry_mapper.cc @@ -279,12 +279,15 @@ FloatClipRect GeometryMapper::LocalToAncestorClipRect( return result; } -static const FloatRoundedRect& GetClipRect( - const ClipPaintPropertyNode* clip_node, - OverlayScrollbarClipBehavior clip_behavior) { - return UNLIKELY(clip_behavior == kExcludeOverlayScrollbarSizeForHitTesting) - ? clip_node->ClipRectExcludingOverlayScrollbars() - : clip_node->ClipRect(); +static FloatClipRect GetClipRect(const ClipPaintPropertyNode* clip_node, + OverlayScrollbarClipBehavior clip_behavior) { + FloatClipRect clip_rect( + UNLIKELY(clip_behavior == kExcludeOverlayScrollbarSizeForHitTesting) + ? clip_node->ClipRectExcludingOverlayScrollbars() + : clip_node->ClipRect()); + if (clip_node->ClipPath()) + clip_rect.ClearIsTight(); + return clip_rect; } FloatClipRect GeometryMapper::LocalToAncestorClipRectInternal( @@ -301,7 +304,7 @@ FloatClipRect GeometryMapper::LocalToAncestorClipRectInternal( if (descendant->Parent() == ancestor_clip && descendant->LocalTransformSpace() == ancestor_transform) { success = true; - return FloatClipRect(GetClipRect(descendant, clip_behavior)); + return GetClipRect(descendant, clip_behavior); } FloatClipRect clip; diff --git a/chromium/third_party/blink/renderer/platform/graphics/paint/geometry_mapper_test.cc b/chromium/third_party/blink/renderer/platform/graphics/paint/geometry_mapper_test.cc index dc38a49cb36..42f1e3d3bb5 100644 --- a/chromium/third_party/blink/renderer/platform/graphics/paint/geometry_mapper_test.cc +++ b/chromium/third_party/blink/renderer/platform/graphics/paint/geometry_mapper_test.cc @@ -361,6 +361,23 @@ TEST_P(GeometryMapperTest, RoundedClip) { CHECK_MAPPINGS(); } +TEST_P(GeometryMapperTest, ClipPath) { + FloatRoundedRect rect(FloatRect(10, 10, 50, 50), + FloatRoundedRect::Radii(FloatSize(1, 1), FloatSize(), + FloatSize(), FloatSize())); + auto clip = CreateClipPathClip(ClipPaintPropertyNode::Root(), + TransformPaintPropertyNode::Root(), + FloatRoundedRect(10, 10, 50, 50)); + local_state.SetClip(clip.get()); + + input_rect = FloatRect(0, 0, 100, 100); + expected_transformed_rect = input_rect; + expected_clip = FloatClipRect(FloatRect(10, 10, 50, 50)); + expected_clip.ClearIsTight(); + expected_visual_rect = expected_clip; + CHECK_MAPPINGS(); +} + TEST_P(GeometryMapperTest, TwoClips) { FloatRoundedRect clip_rect1( FloatRect(10, 10, 30, 40), diff --git a/chromium/third_party/blink/renderer/platform/loader/fetch/fetch_parameters.cc b/chromium/third_party/blink/renderer/platform/loader/fetch/fetch_parameters.cc index 88a956d43af..7dd29cbbd58 100644 --- a/chromium/third_party/blink/renderer/platform/loader/fetch/fetch_parameters.cc +++ b/chromium/third_party/blink/renderer/platform/loader/fetch/fetch_parameters.cc @@ -123,7 +123,9 @@ void FetchParameters::MakeSynchronous() { // renderer. resource_request_.SetPriority(ResourceLoadPriority::kHighest); if (resource_request_.TimeoutInterval() == INT_MAX) { - resource_request_.SetTimeoutInterval(10); + // This 1 day timeout is a temporary value to avoid the 100% CPU usage bug + // in stable (crbug/848210) and mitigate the timeout bug (crbug/844268). + resource_request_.SetTimeoutInterval(60 * 60 * 24); } // Skip ServiceWorker for synchronous loads from the main thread to avoid // deadlocks. diff --git a/chromium/third_party/blink/renderer/platform/mhtml/mhtml_archive.cc b/chromium/third_party/blink/renderer/platform/mhtml/mhtml_archive.cc index 9319926f6c7..5d3cc087814 100644 --- a/chromium/third_party/blink/renderer/platform/mhtml/mhtml_archive.cc +++ b/chromium/third_party/blink/renderer/platform/mhtml/mhtml_archive.cc @@ -149,6 +149,10 @@ MHTMLArchive::MHTMLArchive() = default; MHTMLArchive* MHTMLArchive::Create(const KURL& url, scoped_refptr<const SharedBuffer> data) { + // |data| may be null if archive file is empty. + if (!data) + return nullptr; + // MHTML pages can only be loaded from local URLs, http/https URLs, and // content URLs(Android specific). The latter is now allowed due to full // sandboxing enforcement on MHTML pages. diff --git a/chromium/third_party/libaddressinput/chromium/resources/address_input_strings_id.xtb b/chromium/third_party/libaddressinput/chromium/resources/address_input_strings_id.xtb index b2e28052c1b..6ccce4dee4f 100644 --- a/chromium/third_party/libaddressinput/chromium/resources/address_input_strings_id.xtb +++ b/chromium/third_party/libaddressinput/chromium/resources/address_input_strings_id.xtb @@ -4,7 +4,7 @@ <translation id="1340068511406764697">Anda harus memberikan kode pos, misalnya <ph name="EXAMPLE" />. Tidak tahu kode pos Anda? Temukan <ph name="BEGIN_LINK" />di sini<ph name="END_LINK" />.</translation> <translation id="2053553514270667976">Kode pos</translation> <translation id="2096368010154057602">Departemen</translation> -<translation id="2577522251608256362">RT/RW</translation> +<translation id="2577522251608256362">Kawasan</translation> <translation id="3050787670591910834">Anda harus memberikan kode pos, misalnya <ph name="EXAMPLE" />.</translation> <translation id="3174168572213147020">Pulau</translation> <translation id="3713769522066937702">Format kode pos ini tidak dikenali. Contoh kode pos yang valid: <ph name="EXAMPLE" />. Tidak tahu kode pos Anda? Temukan <ph name="BEGIN_LINK" />di sini<ph name="END_LINK" />.</translation> diff --git a/chromium/third_party/opus/README.chromium b/chromium/third_party/opus/README.chromium index 853f7eb235a..8ee3d507123 100644 --- a/chromium/third_party/opus/README.chromium +++ b/chromium/third_party/opus/README.chromium @@ -16,3 +16,4 @@ Local changes: * set 'x' flags: "chmod 750 win32/genversion.bat" * Apply https://git.xiph.org/?p=opus.git;a=commitdiff;h=46560534fcb5710a894a341c2f9526db58fd7087#patch1 * Apply https://github.com/xiph/opus/pull/73 +* Make sure HB_gain is not NaN in an attempt to fix chromium:826914 diff --git a/chromium/third_party/opus/src/src/opus_encoder.c b/chromium/third_party/opus/src/src/opus_encoder.c index cd37fcdfe4a..e8e54be757e 100644 --- a/chromium/third_party/opus/src/src/opus_encoder.c +++ b/chromium/third_party/opus/src/src/opus_encoder.c @@ -1679,6 +1679,12 @@ opus_int32 opus_encode_native(OpusEncoder *st, const opus_val16 *pcm, int frame_ /* Increasingly attenuate high band when it gets allocated fewer bits */ celt_rate = total_bitRate - st->silk_mode.bitRate; HB_gain = Q15ONE - SHR32(celt_exp2(-celt_rate * QCONST16(1.f/1024, 10)), 1); +#ifndef FIXED_POINT + /* Sanity check of high band gain */ + if (celt_isnan(HB_gain)) { + HB_gain = Q15ONE; + } +#endif } } else { /* SILK gets all bits */ diff --git a/chromium/third_party/skia/src/core/SkScan_Path.cpp b/chromium/third_party/skia/src/core/SkScan_Path.cpp index 2373e62d46f..1854a7edd74 100644 --- a/chromium/third_party/skia/src/core/SkScan_Path.cpp +++ b/chromium/third_party/skia/src/core/SkScan_Path.cpp @@ -564,7 +564,10 @@ static bool clip_to_limit(const SkRegion& orig, SkRegion* reduced) { // Bias used for conservative rounding of float rects to int rects, to nudge the irects a little // larger, so we don't "think" a path's bounds are inside a clip, when (due to numeric drift in // the scan-converter) we might walk beyond the predicted limits. -static const double kConservativeRoundBias = 0.5 + 0.5 / SK_FDot6One; +// +// This value has been determined trial and error: pick the smallest value (after the 0.5) that +// fixes any problematic cases (e.g. crbug.com/844457) +static const double kConservativeRoundBias = 0.5 + 1.0 / SK_FDot6One; /** * Round the value down. This is used to round the top and left of a rectangle, |