| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We include header from content/public/browser which includes
generated headers, however we do not have that dependency
on content gpu. This creates build race condition as generated
headers might to be in place. Unfortunately adding that dependency
causes some gn asserts, as this dependency should not be allowed.
Therefore, move GetInProcessGpuShareGroup from browser content
to gpu content, where it make more sense.
Change-Id: I9dfc37ddf7466ca7b431a31b379e811583790467
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/455058
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
(cherry picked from commit 406715225b17b2cf4204f17b9b651bef5d397392)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/455129
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/4102800:
Do not emit the constant pool before a branch
After computing the branch offset but before emitting the actual branch,
we should not emit a constant pool. Otherwise the previously computed
offset would be off.
Instead of handling this indirectly via the Assembler::branch_offset
method, do this directly in the Assembler::b method (and friends), so it
is not missed on other call sites.
R=jkummerow@chromium.org
Bug: chromium:1399424
Change-Id: I0cbb219ced5b671001a296b1cc7c339f395abffe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4102800
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84828}
(cherry picked from commit 9be597d194e108ba718610b9a611fe19a0fbfde5)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/454299
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/4111948:
Load 32-bit values more efficiently
When loading a 32-bit value from the stack, just load 32 bit and
zero-extend them into the target register, instead of loading the full
64 bits.
As there are things to fix (see https://crbug.com/1356461), we only
enable this optimization for Wasm for now.
R=jkummerow@chromium.org
(cherry picked from commit a38209949fcbf045231c316e2d790b8b70ccb7ef)
Bug: chromium:1395604
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Change-Id: Ibdd2d80704973362906aec9b38faa762d3b43f3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4097424
Cr-Original-Commit-Position: refs/heads/main@{#84796}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111948
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com>
Cr-Commit-Position: refs/branch-heads/10.2@{#45}
Cr-Branched-From: 374091f382e88095694c1283cbdc2acddc1b1417-refs/heads/10.2.154@{#1}
Cr-Branched-From: f0c353f6315eeb2212ba52478983a3b3af07b5b1-refs/heads/main@{#79976}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/454298
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4085032:
[M109] Fix NavigationDownloadPolicy from the browser process
The NavigationDownloadPolicy is currently computed by the renderer
process. The problem: not every navigation is initiated from the
renderer. This is a problem.
Most fields from the bitfield can also be computed from the browser
process. This patch computes the one related to the 'allow-download'
sandbox flags from the navigation request. In the future, I believe we
want to do something similar for the other properties.
(cherry picked from commit 258bee7ca64b1a2193d65f29c8209b2a0898043d)
Bug: 1357366
Change-Id: I0f18d2ff302271745d030494004007aecef1d738
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4061566
Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1079858}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4085032
Auto-Submit: Arthur Sonzogni <arthursonzogni@chromium.org>
Cr-Commit-Position: refs/branch-heads/5414@{#718}
Cr-Branched-From: 4417ee59d7bf6df7a9c9ea28f7722d2ee6203413-refs/heads/main@{#1070088}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/454294
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4030554:
Bind dialog input protector to it's anchor widget changed event.
Bug: 1371215
(cherry picked from commit 0040cb967d7469250444603bdf1aa6e4d2ae822e)
Change-Id: I39b9ea632447e1e7d4ba1b1d57f67a293c751b62
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4016874
Reviewed-by: Allen Bauer <kylixrd@chromium.org>
Commit-Queue: Thomas Nguyen <tungnh@google.com>
Cr-Original-Commit-Position: refs/heads/main@{#1070921}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4030554
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Thomas Nguyen <tungnh@google.com>
Cr-Commit-Position: refs/branch-heads/5414@{#158}
Cr-Branched-From: 4417ee59d7bf6df7a9c9ea28f7722d2ee6203413-refs/heads/main@{#1070088}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/454293
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4048289:
Align NetworkContext::SetNetworkConditions better with devtools emulateNetworkConditions
The former used values of 0 to disable particular throttles, while the
later documents -1, and looks to be pretty much a direct client, and the
only one. So make NetworkService handle everything <= 0 as a disable,
clamping at intake of config.
Bug: 1382033
(cherry picked from commit ce463c2c939818a12bbcec5e2c91c35f2a0a1f0e)
Change-Id: I2fd3f075d5071cb0cf647838782115b5c00405bf
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4035891
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Reviewed-by: Eric Orth <ericorth@chromium.org>
Commit-Queue: Maks Orlovich <morlovich@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1073566}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4048289
Cr-Commit-Position: refs/branch-heads/5414@{#188}
Cr-Branched-From: 4417ee59d7bf6df7a9c9ea28f7722d2ee6203413-refs/heads/main@{#1070088}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/454292
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Bug: none
Change-Id: I07f7b5f2bd323bc0c4e68d0ca848c91623ae7239
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4053544
Cr-Commit-Position: refs/heads/main@{#1076388}
Fixes: QTBUG-109949
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/453150
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the url of the project lighthouse as qdoc has an issue
to create a proper link for chromium_attributions.qdoc
Change-Id: I82cc89836fd1b4ff01115f3b5446f75d55db2297
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/451416
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
(cherry picked from commit fdc28ee72672dc3c6bf53e68d193eacfedb52f3a)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/451768
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally submitted on
https://aomedia.googlesource.com/aom/+/b42e001a9ca9805aff7aaaa270b364a8298c33b4:
rtc: Avoid scene detection on resize
Don't enter scene detection under external resize.
Add rc->prev_coded_width/height to track the
previous encoded frame eweight/height.
The rc is part of layer context so this will be
per spatial layer for SVC.
This fixes the buffer overflow issue below.
Bug: chromium:1393384
Change-Id: I4b11818a27c439c2d2c42036dff7b8777f70a86e
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/449913
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4075953:
Keep a reference to the transfer buffer in Dawn read/write handles.
Previously the Dawn read/write handles in the GPU process only contained
a pointer to the inside of a shmem region owned by a gpu::Buffer that
had a different lifetime. This could allow a renderer process to
deallocate the memory from underneath the handle which is bad.
Fix this by keepind a scoped_refptr to the gpu::Buffer inside the
read/write handles to extend the lifetime of the shmem to be at least as
big as the handle's.
(cherry picked from commit 9b3d0e2f1aabe679bed6096e045c71dd0901d528)
Fixed: chromium:1393177
Change-Id: I9d9c18d5155a46e0e3a01d385d221a6370bd2bea
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4056276
Reviewed-by: Austin Eng <enga@chromium.org>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1076828}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4075953
Cr-Commit-Position: refs/branch-heads/5359@{#1065}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/449918
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4092243:
Roll libxml from ad338ca7 to e85f9b98
M102 merge issues:
third_party/libxml/linux/config.h:
HAVE_PTHREAD_H define is commented out in 102. Kept 102
version because the original CL only changes comments
above the HAVE_PTHREAD_H definition.
third_party/libxml/mac/config.h:
Same
This patch also removes the without-run-debug option from roll.py
because it was breaking the windows configure script.
2022-10-19 wellnhofer@aevum.de xmllint: Improve handling of empty XPath node sets
2022-10-18 wellnhofer@aevum.de cmake: Build static library with -DLIBXML_STATIC
2022-10-18 wellnhofer@aevum.de xinclude: Fix regression with nested includes
2022-08-31 wellnhofer@aevum.de [CVE-2022-40304] Fix dict corruption caused by entity reference cycles
2022-08-25 wellnhofer@aevum.de Fix integer overflows with XML_PARSE_HUGE
2022-10-11 wellnhofer@aevum.de parser: Fix potential memory leak in xmlParseAttValueInternal
2022-10-11 wellnhofer@aevum.de win32: Fix build with VS2013
2022-09-20 wellnhofer@aevum.de autotools: Don't use version script on Windows
2022-09-20 wellnhofer@aevum.de cmake: Set SOVERSION
2022-09-13 wellnhofer@aevum.de schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK
2022-09-09 wellnhofer@aevum.de gitlab-ci: Allow cast-align warnings from clang
2022-09-09 wellnhofer@aevum.de error: Don't use initGenericErrorDefaultFunc
2022-09-07 wellnhofer@aevum.de xpath: Lower XPath recursion limit on Windows
2022-09-07 wellnhofer@aevum.de autotools: Fix winsock detection
2022-09-07 wellnhofer@aevum.de autotools: Only add network libraries if HTTP/FTP enabled
2022-09-07 wellnhofer@aevum.de gitlab-ci: Fix tar invocation
2022-09-06 wellnhofer@aevum.de gitlab-ci: Move MSVC test to separate script
2022-09-06 wellnhofer@aevum.de gitlab-ci: Fix SUFFIX, remove MINGW_PATH
2022-09-06 wellnhofer@aevum.de gitlab-ci: Consolidate CMake test scripts
2022-09-06 wellnhofer@aevum.de gitlab-ci: Only install MinGW autotools if needed
2022-09-06 wellnhofer@aevum.de python: Create .pyd on Windows
2022-09-06 wellnhofer@aevum.de gitlab-ci: Only install cmake MinGW package if needed
2022-09-06 wellnhofer@aevum.de gitlab-ci: Install 7-Zip using the .msi
2022-09-06 wellnhofer@aevum.de xmllint: Document --quiet option
2022-09-06 wellnhofer@aevum.de autotools: Disable parallel Python build
2022-09-06 wellnhofer@aevum.de python: Don't output missing generators during build
2022-09-05 wellnhofer@aevum.de build: Remove check for broken ss_family
2022-09-05 wellnhofer@aevum.de gitlab-ci: Disable MSan for now
2022-09-05 wellnhofer@aevum.de autotools: Fix bug with multiline arguments
2022-09-05 wellnhofer@aevum.de autotools: Try to fix bug with multiline arguments
2022-09-05 wellnhofer@aevum.de http: Simplify IPv6 checks
2022-09-05 wellnhofer@aevum.de autotools: Fix network checks on Windows
2022-09-04 wellnhofer@aevum.de Use $MSYSTEM and 'bash -lc' in MinGW CI
2022-09-04 wellnhofer@aevum.de Fix detection of GNU libiconv
2022-09-04 wellnhofer@aevum.de Add CI job for MinGW/Autotools
2022-09-04 wellnhofer@aevum.de Consolidate CI scripts
2022-09-04 wellnhofer@aevum.de Allow empty MINGW_PACKAGE_PREFIX
2022-09-04 wellnhofer@aevum.de Move Dockerfile to .gitlab-ci directory
2022-09-04 wellnhofer@aevum.de cmake: Fix Python installation
2022-09-04 wellnhofer@aevum.de cmake: Don't check for Python 2
2022-09-04 wellnhofer@aevum.de testapi: Disable on Windows for now
2022-09-04 wellnhofer@aevum.de configure.ac: Also check for MSYS host
2022-09-04 wellnhofer@aevum.de Disable fuzzer tests if glob.h wasn't found
2022-09-04 wellnhofer@aevum.de Fix Python build on Windows
2022-09-04 wellnhofer@aevum.de Improve network library detection
2022-09-04 wellnhofer@aevum.de Fix Windows compiler warnings in python/types.c
2022-09-04 wellnhofer@aevum.de Fix libxml_PyFileGet
2022-09-04 wellnhofer@aevum.de Revert "CI job for MingW64/Autotools"
2022-09-04 wellnhofer@aevum.de CI job for MingW64/Autotools
2022-09-04 wellnhofer@aevum.de Detect ws2_32 with AC_SEARCH_LIBS
2022-09-04 wellnhofer@aevum.de Rework network configure checks
2022-09-04 wellnhofer@aevum.de Remove arg cast configure checks
2022-09-04 wellnhofer@aevum.de Fix dlopen check
2022-09-04 wellnhofer@aevum.de Remove HAVE_WIN32_THREADS configuration flag
2022-09-04 wellnhofer@aevum.de Remove BeOS support
2022-09-04 wellnhofer@aevum.de Rework dlopen and pthread detection
2022-09-04 wellnhofer@aevum.de Fix test in configure.ac
2022-09-01 wellnhofer@aevum.de cmake: Enable GCC compiler warnings
2022-09-02 wellnhofer@aevum.de Fix compiler warnings in SAX2.c
2022-09-02 wellnhofer@aevum.de Move automata test to runtest.c
2022-09-02 wellnhofer@aevum.de Always link with -no-undefined
2022-09-02 wellnhofer@aevum.de Use AM_CFLAGS and AM_LDFLAGS consistently
2022-09-02 wellnhofer@aevum.de Fix unused variable warning in python/types.c
2022-09-02 wellnhofer@aevum.de Fix compiler warning in examples
2022-09-02 wellnhofer@aevum.de Fix compiler warnings in fuzzing code
2022-09-02 wellnhofer@aevum.de Remove -Wredundant-decls
2022-09-02 wellnhofer@aevum.de Call AC_CHECK_* with multiple arguments
2022-09-02 wellnhofer@aevum.de Remove unused code in nanohttp.c
2022-09-02 wellnhofer@aevum.de Stop including sys/types.h
2022-09-02 wellnhofer@aevum.de configure.ac: Remove checks for unused programs
2022-09-02 wellnhofer@aevum.de Don't define WIN32 macro
2022-09-02 wellnhofer@aevum.de Rework library detection in configure.ac
2022-09-02 wellnhofer@aevum.de Rearrange configure.ac
2022-09-02 wellnhofer@aevum.de Consolidate zlib and lzma detection
2022-09-02 wellnhofer@aevum.de Remove "runtime debugging"
2022-09-02 wellnhofer@aevum.de Consolidate simple API modules in configure.ac
2022-09-01 wellnhofer@aevum.de Fix dependency resolution in configure.ac
2022-09-01 wellnhofer@aevum.de Fix --with-valid --without-regexps build
2022-09-01 wellnhofer@aevum.de Fix --with-schemas --without-xpath build
2022-09-01 wellnhofer@aevum.de Don't build unneeded .c source files
2022-09-01 wellnhofer@aevum.de Move xmlIsXHTML to tree.c
2022-09-01 wellnhofer@aevum.de Remove or annotate char casts
2022-09-01 wellnhofer@aevum.de Don't use sizeof(xmlChar) or sizeof(char)
Bug: 934413, 1395186, 1394382
Change-Id: I7378159bdecd11c5d9860f03f23a0c4d8c683aa6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3966853
Commit-Queue: Stephen Chenney <schenney@chromium.org>
Auto-Submit: Joey Arhar <jarhar@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1061793}
(cherry picked from commit edaa18c262318d1476d1ec10c3a05a2821d58b8f)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/449917
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4091624:
Roll libxml from 5930fe01 to ad338ca7
M102 merge issues:
Conflict with the deleted file third_party/libxml/src/libxml2.spec
2022-09-01 wellnhofer@aevum.de Remove explicit integer casts
2022-09-01 wellnhofer@aevum.de Fix overflow check in SAX2.c
2022-09-01 wellnhofer@aevum.de Make xmlNewSAXParserCtx take a const sax handler
2022-08-29 wellnhofer@aevum.de Fix libxml_PyFileGet with stdout on macOS
2022-08-29 wellnhofer@aevum.de Migrate from PyEval_ to PyObject_
2022-08-29 wellnhofer@aevum.de Cleanup distribution settings in Makefile.am
2022-08-26 wellnhofer@aevum.de Also clean *.pyc files for Python 2
2022-08-26 wellnhofer@aevum.de Don't distribute libxml2.spec
2022-08-26 xry111@xry111.site build: require automake-1.16.3 or later
2022-08-26 wellnhofer@aevum.de Work around strange -fsanitize=integer issue
2022-08-26 wellnhofer@aevum.de Remove set-but-unused variable in xmlXPathScanName
2022-08-26 wellnhofer@aevum.de Allow Python deprecation warnings for now
2022-08-26 wellnhofer@aevum.de Update MAINTAINERS.md
2022-08-26 wellnhofer@aevum.de Silence -Warray-bounds warning
2022-08-26 wellnhofer@aevum.de Don't create missing.xml when running testapi
2022-08-26 wellnhofer@aevum.de Don't forget to install xmlversion.h
2022-08-26 wellnhofer@aevum.de Remove xmlErrMemory from symbols
2022-08-26 wellnhofer@aevum.de Consolidate private header files
2022-08-25 wellnhofer@aevum.de Remove internal macros from parserInternals.h
2022-08-25 wellnhofer@aevum.de Deprecate internal parser functions
2022-08-25 wellnhofer@aevum.de Deprecate old HTML SAX API
2022-08-25 wellnhofer@aevum.de Generate deprecation warnings for old SAX API
2022-08-25 wellnhofer@aevum.de Remove generated files from distribution
2022-08-25 wellnhofer@aevum.de Bump version to 2.11.0
2022-08-24 wellnhofer@aevum.de Move some HTML functions to correct header file
2022-08-24 wellnhofer@aevum.de Mark more functions setting globals as deprecated
2022-08-24 wellnhofer@aevum.de xmllint: Don't set deprecated globals
2022-08-24 wellnhofer@aevum.de Rebuild documentation
2022-08-24 wellnhofer@aevum.de Mark more parser functions as deprecated
2022-08-24 wellnhofer@aevum.de Improve cross-references in API docs
2022-08-24 wellnhofer@aevum.de Rebuild documentation
2022-08-24 wellnhofer@aevum.de Switch back to HTML output for API documentation
2022-08-24 wellnhofer@aevum.de Mark most SAX1 functions as deprecated
2022-08-24 wellnhofer@aevum.de xmllint: Stop calling xmlSAXDefaultVersion
2022-08-24 wellnhofer@aevum.de Introduce xmlNewSAXParserCtxt and htmlNewSAXParserCtxt
2022-08-24 wellnhofer@aevum.de Don't mess with parser options in htmlParseDocument
2022-08-24 wellnhofer@aevum.de Remove useless call to htmlDefaultSAXHandlerInit
2022-08-24 wellnhofer@aevum.de Improve documentation of globals
2022-08-24 wellnhofer@aevum.de Fix documentation parser
2022-08-24 wellnhofer@aevum.de Rebuild API documentation
2022-08-24 wellnhofer@aevum.de Support comments for global variables in documentation
2022-08-24 wellnhofer@aevum.de Fix update call in apibuild.py
2022-08-24 wellnhofer@aevum.de Don't index anything in DOC_DISABLE sections
2022-08-23 wellnhofer@aevum.de Deprecate some global variables
2022-08-23 wellnhofer@aevum.de cmake: Disable version script on macOS
2022-08-22 wellnhofer@aevum.de Fix testapi when building --without-sax1
2022-08-22 wellnhofer@aevum.de Remove htmlDefaultSAXHandler from non-SAX1 build
2022-08-22 wellnhofer@aevum.de Don't initialize SAX handler in htmlReadMemory
2022-08-22 wellnhofer@aevum.de Fix htmlReadMemory mixing up XML and HTML functions
2022-08-22 wellnhofer@aevum.de Don't use default SAX handler to report unrelated errors
2022-08-22 wellnhofer@aevum.de Fix HTML parser with threads and --without-legacy
2022-08-20 wellnhofer@aevum.de Use xmlStrlen in xmlNewStringInputStream
2022-08-20 wellnhofer@aevum.de Use xmlStrlen in *CtxtReadDoc
2022-08-20 wellnhofer@aevum.de Create stream with buffer in xmlNewStringInputStream
2022-08-20 wellnhofer@aevum.de Fix xmlCtxtReadDoc with encoding
2022-08-19 wellnhofer@aevum.de Rebuild documentation
2022-08-18 wellnhofer@aevum.de Port build_glob.py to Python 3
2022-08-18 wellnhofer@aevum.de Port genChRanges.py to Python 3
2022-08-18 wellnhofer@aevum.de Port doc/examples/index.py to Python 3
2022-08-18 wellnhofer@aevum.de Fix warnings from apibuild.py
2022-08-18 wellnhofer@aevum.de Fix order of exports in libxml2-api.xml
2022-08-18 wellnhofer@aevum.de Remove libxml2-refs.xml
2022-08-18 wellnhofer@aevum.de Remove Makefile rule to build testapi.c
2022-08-17 wellnhofer@aevum.de Start with documentation for maintainers
2022-08-17 wellnhofer@aevum.de Release v2.10.0
2022-08-17 wellnhofer@aevum.de Cleanup files generated by test suite
2022-08-17 wellnhofer@aevum.de Add uninstall target for examples
2022-08-17 wellnhofer@aevum.de Rebuild documentation
2022-08-17 wellnhofer@aevum.de Don't autogenerate doc/examples/Makefile.am
2022-08-17 wellnhofer@aevum.de Make gentest.py work with Python 2
2022-08-15 wellnhofer@aevum.de Fix memory leak with invalid XSD
2022-08-05 wellnhofer@aevum.de Fix build with older pkg-config versions
2022-07-15 wellnhofer@aevum.de Skip incorrectly opened HTML comments
2022-07-15 wellnhofer@aevum.de Reduce indentation in HTMLparser.c
2022-07-19 wellnhofer@aevum.de Improve documentation of tree manipulation API
2022-07-28 wellnhofer@aevum.de Make XPath depth check work with recursive invocations
2022-07-28 wellnhofer@aevum.de Also reset nsNr in htmlCtxtReset
This also adds a patch to un-deprecate a method which is used in
third_party/maldoca. More on that here:
https://github.com/google/maldoca/issues/87
This patch also removes some files from libxml/BUILD.gn which were
removed upstream.
(cherry picked from commit 8f457b266483168ad909d2e0ff3d451b8f1ef741)
Bug: 934413, 1395186, 1394382
Change-Id: I5c1df002d499393f06e8b6e39409ee4ebd28172d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3863846
Commit-Queue: Stephen Chenney <schenney@chromium.org>
Auto-Submit: Joey Arhar <jarhar@chromium.org>
Reviewed-by: Stephen Chenney <schenney@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1042852}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4091624
Owners-Override: Jana Grill <janagrill@google.com>
Reviewed-by: Jana Grill <janagrill@google.com>
Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com>
Cr-Commit-Position: refs/branch-heads/5005@{#1416}
Cr-Branched-From: 5b4d9450fee01f821b6400e947b3839727643a71-refs/heads/main@{#992738}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/449916
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4090607:
Roll libxml from e08d8c37 to 5930fe01
2022-07-18 wellnhofer@aevum.de Reset nsNr in xmlCtxtReset
2022-07-13 daniel.engberg.lists@pyret.net cmake: Install libxml.m4 on UNIX-like platforms
2022-07-13 daniel.engberg.lists@pyret.net cmake: Use symbol versioning on UNIX-like platforms
2022-07-06 sergey.kosukhin@mpimet.mpg.de Use NAN/INFINITY if available to init XPath NaN/Inf
2022-06-28 wellnhofer@aevum.de Fix memory leak in xmlLoadEntityContent error path
2022-06-28 wellnhofer@aevum.de Avoid double-free if malloc fails in inputPush
2022-05-20 wellnhofer@aevum.de Avoid calling xmlSetTreeDoc
2022-05-20 wellnhofer@aevum.de Simplify xmlFreeNode
2022-05-18 wellnhofer@aevum.de Don't reset nsDef when changing node content
2022-05-18 wellnhofer@aevum.de Fix unintended fall-through in xmlNodeAddContentLen
2022-05-14 wellnhofer@aevum.de Fix Python tests on macOS
2022-05-13 ddkilzer@apple.com Reserve byte for NUL terminator and report errors consistently in xmlBuf and xmlBuffer
2022-05-29 ddkilzer@apple.com Fix missing NUL terminators in xmlBuf and xmlBuffer functions
2022-06-15 wellnhofer@aevum.de Fix xmlCleanupThreads on Windows
2022-06-14 wellnhofer@aevum.de Fix reinitialization of library on Windows
2022-05-28 ddkilzer@apple.com Fix integer overflow in xmlBufferDump()
2022-05-25 ddkilzer@apple.com xmlBufAvail() should return length without including a byte for NUL terminator
2022-05-25 ddkilzer@apple.com Remove unused xmlBuf functions
2022-05-25 ddkilzer@apple.com Fix double colon typos in xmlBufferResize()
2022-03-19 ddkilzer@apple.com Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc()
2022-05-20 wellnhofer@aevum.de Use xmlNewDocText in xmlXIncludeCopyRange
2022-05-20 wellnhofer@aevum.de Disable network in API tests
2022-04-10 ddkilzer@apple.com Fix use-after-free bugs when calling xmlTextReaderClose() before xmlFreeTextReader() on post-validating parser
2022-05-14 ddkilzer@apple.com Restore behavior of htmlDocContentDumpFormatOutput()
Bug: 934413, 1395186, 1394382
Change-Id: I541ec92a85e5544963fe1bb8830a8ba752fb1a14
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3771046
Commit-Queue: Joey Arhar <jarhar@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1025761}
(cherry picked from commit 1043bbc6d43972bb99e43baa7f5499a82f19d938)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/449915
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4090606:
Roll libxml from f2987a29 to e08d8c37
This roll also includes a patch I made to fix the windows configure
script which I am planning on merging upstream.
2022-05-06 jarhar@chromium.org Add xptr_locs flag to win32/configure.js
2022-05-06 kmehltretter@pcs.de fix typo in comment
2022-05-06 kmehltretter@pcs.de fix Schematron spelling
2022-03-08 wellnhofer@aevum.de [CVE-2022-29824] Fix integer overflows in xmlBuf and xmlBuffer
2022-04-27 wellnhofer@aevum.de Define LFS macros before including system headers
2022-04-23 wellnhofer@aevum.de Fix parsing of subtracted regex character classes
2022-04-23 wellnhofer@aevum.de Redirect examples test output to /dev/null
2022-04-23 wellnhofer@aevum.de Don't try to copy children of entity references
2022-04-21 wellnhofer@aevum.de Port genUnicode.py to Python 3
2022-04-22 floppym@gentoo.org testapi: remove leading slash from "/missing.xml"
2022-04-21 wellnhofer@aevum.de Build Autotools CI tests out of source tree (VPATH)
2022-04-21 wellnhofer@aevum.de Add --with-minimum build to CI tests
2022-04-21 wellnhofer@aevum.de Fix warnings when testing --with-minimum build
2022-04-21 wellnhofer@aevum.de Implement xpath1() XPointer scheme
2022-04-20 wellnhofer@aevum.de Add configuration flag for XPointer locations support
2022-04-21 wellnhofer@aevum.de Regenerate api.xml and testapi.c
2022-04-21 wellnhofer@aevum.de Port gentest.py to Python 3
2022-04-20 wellnhofer@aevum.de Remove remaining definitions of STDC_HEADERS
2022-04-20 wellnhofer@aevum.de cmake: Run all tests when threads are disabled
2022-04-20 wellnhofer@aevum.de cmake: Fix build with thread support
2022-04-13 wellnhofer@aevum.de Also build CI tests with -Werror
2022-04-13 wellnhofer@aevum.de Don't mix declarations and code in runtest.c
2022-04-13 wellnhofer@aevum.de cmake: Disable FTP and legacy modules by default
2022-04-13 wellnhofer@aevum.de Run CI tests with FTP and legacy modules
2022-04-13 wellnhofer@aevum.de Fix compiler warnings in Python code
2022-04-13 wellnhofer@aevum.de cmake: Fix build without thread support
2022-04-08 ddkilzer@webkit.org Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars()
2022-04-08 ddkilzer@webkit.org Use UPDATE_COMPAT() consistently in buf.c
2022-04-10 wellnhofer@aevum.de Fix short-lived regression in xmlStaticCopyNode
2022-04-08 wellnhofer@aevum.de cmake: Install documentation in CMAKE_INSTALL_DOCDIR
2022-04-08 daniel.engberg.lists@pyret.net cmake: Remove more unnecessary files installed in docs dir
2016-05-20 ddkilzer@webkit.org Mark more static data as `const`
2022-04-06 ddkilzer@apple.com Fix leak of xmlElementContent
2022-04-07 wellnhofer@aevum.de CMakeLists.txt: Fix LIBXML_VERSION_NUMBER
2022-04-06 soap@gentoo.org Use portable python shebangs
(cherry picked from commit c6ab8819d4555971fb37b0d030ed51826024ab0b)
Bug: 1395186, 1394382
Change-Id: I2fca594e77c81f989f60abea7599c3677851ef21
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3632592
Commit-Queue: Joey Arhar <jarhar@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1001300}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4090606
Owners-Override: Jana Grill <janagrill@google.com>
Reviewed-by: Jana Grill <janagrill@google.com>
Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com>
Cr-Commit-Position: refs/branch-heads/5005@{#1413}
Cr-Branched-From: 5b4d9450fee01f821b6400e947b3839727643a71-refs/heads/main@{#992738}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/449914
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch orignally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4073806:
Reset source SiteInstance before scheduling PDF navigations in subframes.
This CL fixes a SiteInstance/BrowserContext lifetime issue in
PdfNavigationThrottle::WillStartRequest(), which cancels certain
subframe PDF navigations and schedules replacement navigations with
slightly tweaked params via a PostTask. The PostTask takes in
OpenURLParams, which contains the source SiteInstance in a
scoped_refptr. Unfortunately, issue 1382761 shows that the
BrowserContext can get destroyed after the task is scheduled but
before it runs, and even though the task uses a WebContents WeakPtr to
return early in that case, the task's OpenURLParams would only get
destroyed and decrement the source SiteInstance's refcount at the time
of that early return, which is already after the BrowserContext is
destroyed. When the (source) SiteInstance destructor runs and tries
to use the SiteInstance's BrowserContext, things blow up.
As a short-term fix, we can avoid keeping the source SiteInstance
alive longer than its BrowserContext by not passing it through
OpenURLParams, but rather setting it directly when the task runs.
This is possible because in this case the source SiteInstance should
always be the SiteInstance of the PDF extension loaded in the guest's
main frame.
Longer-term, we should find a more systematic way to fix these
problems, for example by not exposing refcounting of SiteInstances
outside of //content or introducing an API for scheduling navigations
that is robust against BrowserContext destruction. See the bug for
more details and other ideas.
(cherry picked from commit 9f9db7e8406998b525d5fa1786800ce2e3fc3215)
Bug: 1382761
Change-Id: I9a08847e05cfca85eb4f9f2a5bb95815e90c6042
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4043432
Reviewed-by: K. Moon <kmoon@chromium.org>
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1074889}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4073806
Cr-Commit-Position: refs/branch-heads/5359@{#1066}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/449912
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4085820:
Fix UaF in ui::DropTargetEvent::DropTargetEvent.
There is an async operation in WebContentsViewAura that uses a ui::DropTargetEvent. DropTargetEvent has a pointer to OSExchangeData which gets destroyed before the async operation is called. This triggers the UaF because the operation attempts to reference a freed object (OSExchangeData).
Fix is for WebContentsViewAura::DragUpdatedCallback to use a DropMetadata struct instead of a ui::DropTargetEvent. This is the same pattern used by other callbacks in WebContentsViewAura.
(cherry picked from commit 9f4b5761c546a118b7187c0c7ddcb9ee5756f32c)
Bug: 1392661
Change-Id: I3c62a7473ef9b6cdd223f75fbda50671f539f9eb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4070787
Reviewed-by: Avi Drissman <avi@chromium.org>
Commit-Queue: David Yeung <dayeung@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1078218}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4085820
Cr-Commit-Position: refs/branch-heads/5414@{#551}
Cr-Branched-From: 4417ee59d7bf6df7a9c9ea28f7722d2ee6203413-refs/heads/main@{#1070088}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/449911
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4055626:
Make WidgetBase::BeginMainFrame resilient to disposed 'this'
This patch makes sure that WidgetBase::BeginMainFrame can finish
execution even if processing the RAF-throttled handlers
(DispatchRafAlignedInput) destroys 'this' instance.
(cherry picked from commit af6e22c14bec7ad64115b24ece6d423f144214ca)
Bug: chromium:1381871
Change-Id: I81aa4ba697f80f8666bb2a3b5542cac210b1efa9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4030809
Reviewed-by: Dave Tapuska <dtapuska@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1072864}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4055626
Auto-Submit: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/branch-heads/5414@{#279}
Cr-Branched-From: 4417ee59d7bf6df7a9c9ea28f7722d2ee6203413-refs/heads/main@{#1070088}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/449910
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4081072:
Fix UAF caused by vector operations during iteration
M102 merge issues:
Build issue, dead_players_.empty() used instead of
dead_players_.IsEmpty() (inspector_media_context_impl.cc:112)
MediaInspectorContextImpl::CullPlayers iterates through dead_players_
to remove their events, but this can cause a GC event which can
end up adding more players to the |dead_players_| vector, causing
it to get re-allocated and it's iterators invalidated.
We can fix this simply by not using an iterator, and removing elements
from the vector before we trigger any GC operations that might cause
other changes to the vector.
Bug: 1383991
(cherry picked from commit 819d876e1bb8926b129618ab17b62a76ec4e83d1)
Change-Id: I59f5824c156ff58cf6b55ac9b942c8efdb1ed65a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4064295
Reviewed-by: Andrey Kosyakov <caseq@chromium.org>
Commit-Queue: Ted (Chromium) Meyer <tmathmeyer@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1078842}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4081072
Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com>
Reviewed-by: Artem Sumaneev <asumaneev@google.com>
Cr-Commit-Position: refs/branch-heads/5005@{#1411}
Cr-Branched-From: 5b4d9450fee01f821b6400e947b3839727643a71-refs/heads/main@{#992738}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/449909
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4066994:
Mojo: Fix potential UAF in IPC Channel
Fixed: 1394692
Change-Id: I1753b79eb6e9230ebb663eca47295d81dd859068
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4066994
Commit-Queue: Ken Rockot <rockot@google.com>
Cr-Commit-Position: refs/heads/main@{#1077742}
(cherry picked from commit 120b4b05ac7eaa9024f677394aa663c2702174ce)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/449908
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://webrtc-review.googlesource.com/c/src/+/276620:
Fix crash when appending empty array to AudioMultiVector.
Bug: webrtc:14442,chromium:1367993
Change-Id: I9453e300a6d3d78571d08cc65770787e13d43885
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/276620
Commit-Queue: Jakob Ivarsson <jakobi@webrtc.org>
Reviewed-by: Henrik Lundin <henrik.lundin@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#38208}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/449907
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3905476:
Unify security check for Javascript URL navigation
This change unifies CSP and Trusted Types check for Javascript URL
navigations.
Bug: 1365082
Change-Id: I46aea31a918c6397ea71fd5ab345bc9dc19d91c2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3905476
Auto-Submit: Jun Kokatsu <jkokatsu@google.com>
Commit-Queue: Jun Kokatsu <jkokatsu@google.com>
Reviewed-by: Nate Chapin <japhet@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1050416}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/449906
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
| |
Update libaom to fix security issues.
Change-Id: I1109e9d2236f5b4f809e9fed4e9b6eae5a34b257
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/447836
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originallt reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3938387:
Remove unneeded codepath AXWidgetObjWrapper::OnVisibilityChanged
This function was once needed[1] because focus changes might not be
conveyed when widgets were hidden.
Since then, focus is computed by AutomationInternalCustomBindings based
on raw tree updates, so this specific path is no longer needed.
This also has the benefit of avoiding a potential UAF (see bug) which
gets triggered when trying to dispatch a focus change during shutdown.
1. https://codereview.chromium.org/2456673002
R=katie@chromium.org
Bug: 1370562
AX-Relnotes: n/a
Test: cq. Manually open find dialog and press escape as per crbug.com/659813 and see bug does not occur.
Change-Id: I495a17defcdbe4be6e562f61a4d1834efa349543
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3938387
Reviewed-by: Katie Dektar <katie@chromium.org>
Commit-Queue: David Tseng <dtseng@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1056019}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/447108
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3945587:
FSA: Block .url files in getFileHandle and getEntries
Fixed: 1354518
Change-Id: I663d4481ccc2047c49d7466bbfe9751e8c140edf
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3945587
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Commit-Queue: Marijn Kruisselbrink <mek@chromium.org>
Auto-Submit: Austin Sullivan <asully@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1057675}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/447107
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4025427:
Do not traverse directory symlinks when uploading folder
Previous patch crrev.com/c/3866767 removed symlink files when uploading
a folder. However, while the remaining files are themselves not
symlinks, they may be included as the result of traversing directory
symlink.
This patch further excludes such files by checking if any parent
directory is a symlink, all the way until the base directory (which is
the directory chosen for upload).
(cherry picked from commit 4fa830d8af6b2fb293219edeb39eebccfd322305)
Fixed: 1378997
Change-Id: I75a92df4cd50f9aba7824955a3de792583bc6154
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3997720
Reviewed-by: Austin Sullivan <asully@chromium.org>
Reviewed-by: Mason Freed <masonf@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: Xiaocheng Hu <xiaochengh@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1067310}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4025427
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Srinivas Sista <srinivassista@chromium.org>
Owners-Override: Srinivas Sista <srinivassista@chromium.org>
Cr-Commit-Position: refs/branch-heads/5359@{#823}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/447104
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4014883:
Don't use NativePixmapPlane ctor when cloning handle.
Bug: 1372019
Test: None
Change-Id: Ibb434089e4fe67d16a299d8d2bae2e33964d1f45
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4014883
Commit-Queue: Andres Calderon Jaramillo <andrescj@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1069320}
(cherry picked from commit cbdf837367a2da7782f1c8ec2e65c1ba30b6f9a2)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/447835
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
ihttps://chromium-review.googlesource.com/c/chromium/src/+/4042332:
Reland "ClientNativePixmapFactory: Improve validation."
M102 merge issues:
ui/gfx/linux/client_native_pixmap_dmabuf.cc:
Mostly conflicts with mmap() being called on ImportFromDmabuf() in
102 and not on main.
Include conflicts.
This is a reland of commit 64e4766a0f6e6dd079588b9d65fea6132371522a
Reland changes (see diff since PS1):
The original CL caused some test breakages [1]. While I figure out the
details, I made the validation in
ClientNativePixmapFactoryDmabuf::ImportFromHandle() apply only when
creating a ClientNativePixmapDmaBuf and not a ClientNativePixmapOpaque.
Note that this is not a validation regression with respect of
tip-of-tree.
[1] https://ci.chromium.org/chromium/ui/p/chrome/builders/ci/chromeos-eve-chrome/24724
Original change's description:
> ClientNativePixmapFactory: Improve validation.
>
> This CL improves the validation performed by ClientNativePixmapFactory
> implementations on NativePixmapHandles by adding extra validation and
> making wider use of checked math and safe conversions.
>
> This CL also takes this opportunity to move duplicate validation code in
> client_native_pixmap_dmabuf.cc, client_native_pixmap_factory_dmabuf.cc,
> client_native_pixmap_factory_flatland.cc, and
> client_native_pixmap_factory_scenic.cc to a helper function,
> gfx::CanFitImageForSizeAndFormat() so that there's less of a chance of
> validation diverging in the future for these implementations.
>
> Bug: 1372019
> Test: None
> Change-Id: I8ba714f256c315eb760c24d0b3de0886046614c3
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3937773
> Reviewed-by: Sergey Ulanov <sergeyu@chromium.org>
> Commit-Queue: Andres Calderon Jaramillo <andrescj@chromium.org>
> Reviewed-by: Daniel Nicoara <dnicoara@chromium.org>
> Reviewed-by: Robert Kroeger <rjkroege@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1065129}
Test: arc.AudioValidity.playback_vm on eve
Test: arc.AudioValidity.record_vm on eve
Test: arc.ChromeCrash.vm_logged_in on eve
Test: arc.WindowState.clamshell_vm on eve
Test: crostini.AppAndroidStudio.clamshell_stable on eve
Test: crostini.AppEmacs.clamshell_stable on eve
Test: crostini.CopyPaste.wayland_to_wayland_bullseye_stable on eve
Test: crostini.CopyPaste.wayland_to_x11_bullseye_stable on eve
Test: crostini.CopyPaste.x11_to_wayland_bullseye_stable on eve
Test: crostini.SecureCopyPaste.copy_wayland_bullseye_stable on eve
Test: crostini.SecureCopyPaste.copy_x11_bullseye_stable on eve
Test: crostini.SecureCopyPaste.paste_wayland_bullseye_stable on eve
Test: crostini.Toolkit.gtk3_wayland_bullseye_stable on eve
Test: crostini.Toolkit.gtk3_x11_bullseye_stable on eve
Test: crostini.Toolkit.qt5_bullseye_stable on eve
Test: inputs.PhysicalKeyboardGrammarCheck.lacros on eve
Test: mlservice.WebHandwritingRecognition.lacros on eve
Bug: 1372019
Change-Id: I7a78d45f55b9522b623cb98ab51ba5cfa0627696
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3991908
Commit-Queue: Andres Calderon Jaramillo <andrescj@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1065522}
(cherry picked from commit 3fd451785b224f3a82d9c531b781bfc529c7608c)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/447834
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4040138:
ClientNativePixmapDmabuf: Execute mmap() in Map()
ClientNativePixmapDmabuf maps planes in the constructor. The mapping
planes are unnecessary in some scenarios. For example, GpuMemoryBuffer
is backed by ClientNativePixmapDmabuf and the GpuMemoryBuffer is
provided from browser process (e.g. camera) and lastly passed to a GPU
process (e.g. for a hardware video encoding).
This delays mmap execution to Map().
Bug: b:241349739, 1372019
Test: webrtc call with a hardware video encoding
Test: webrtc call with a software video encoding
Change-Id: Idedbf2c2f5d04c5204adbf01af3a559801d80541
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3865134
Commit-Queue: Hirokazu Honda <hiroh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1043062}
(cherry picked from commit 1d5e6b62299870c7d7deedc9ac08c4a59e00e43b)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/447833
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3609036:
Remove GpuMemoryBufferFactory usages from platform_video_frame_utils.*.
media/gpu/chromeos/platform_video_frame_utils.cc:
CreateGpuMemoryBufferVideoFrame():
The original CL doesn't have the frame check that is present in 102
media/mojo/services/gpu_mojo_media_client_cros.cc:
102 passes traits.gpu_memory_buffer_factory to PlatformVideoFramePool instead
of null. Kept the change removing the parameter.
media/mojo/services/stable_video_decoder_factory_service.cc:
changed code isn't present in 102, skipped
After CL:3597211, we no longer use the GpuMemoryBufferFactory paths in
platform_video_frame_utils.{cc,h} in non-test code. Therefore, we should
be able to remove a lot of code there and in places where a
GpuMemoryBufferFactory is plumbed through. This CL does that.
No functional changes intended in non-test code.
Bug: b:230370976
Test: video.DecodeAccelVD.h264_resolution_switch on volteer
Test: video.DecodeAccelVDPerf.h264_1080p_60fps on volteer
Test: video.DecodeAccel.h264_resolution_switch on volteer
Test: video.DecodeAccelPerf.h264_1080p_60fps on volteer
Test: video.EncodeAccel.h264_1080p on volteer
Change-Id: I1c35f49fe88b5e5777e15c649662c436f25b9806
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3609036
Commit-Queue: Andres Calderon Jaramillo <andrescj@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1003830}
(cherry picked from commit 101402b62c1190fc5e0aa88c4e7432b98ed8d521)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/447832
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
| |
Change-Id: If07133999d3238522d8074639e876e0d786e294b
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/447566
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/4066543:
Merged: [parser] Fix eval tracking
Due to mismatch in strictness we otherwise invalidly mark scopes as
calling sloppy eval.
Bug: chromium:1394403
(cherry picked from commit 27fa951ae4a3801126e84bc94d5c82dd2370d18b)
Change-Id: I292a86ed117638c6b569b8f1c5a37e5b9eb254c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4066543
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/branch-heads/10.8@{#40}
Cr-Branched-From: f1bc03fd6b4c201abd9f0fd9d51fb989150f97b9-refs/heads/10.8.168@{#1}
Cr-Branched-From: 237de893e1c0a0628a57d0f5797483d3add7f005-refs/heads/main@{#83672}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/447565
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4024547:
Replace raw pointer to LocalMuter with weak ptr
This CL replaces a raw pointer to LocalMuter with a weak ptr. Additional
info about this bug here: http://crbug/1377783
(cherry picked from commit 9989b93eb12c93b9351d5bf2872c1069ef5f7d01)
Bug: 1377783
Change-Id: Id821ea800ba12f1cfae4677fc591c12dec112852
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3997421
Commit-Queue: Evan Liu <evliu@google.com>
Cr-Original-Commit-Position: refs/heads/main@{#1068776}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4024547
Auto-Submit: Evan Liu <evliu@google.com>
Owners-Override: Srinivas Sista <srinivassista@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Evan Liu <evliu@google.com>
Cr-Commit-Position: refs/branch-heads/5359@{#824}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
(cherry picked from commit 65d46507a0c9e88b407060d0b8b7d9f0897d09e2)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/446484
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3929023:
Disable Storage.getCookies for untrusted clients. It doesn't seem to be used by extensions right now and is exposing information that is browser wide and might be inappropriate for extensions.
Bug: 1344647
Change-Id: I37e3fcdfed312342d100b489ed523425bd2b0a0e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3929023
Reviewed-by: Andrey Kosyakov <caseq@chromium.org>
Auto-Submit: Danil Somsikov <dsv@chromium.org>
Commit-Queue: Danil Somsikov <dsv@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1053471}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/447106
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Partial manual cherry-pick of patch originallt reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4028799:
Add GetWindowBounds for PictureInPicture
The window bounds would be used to check for any overlaps with the
Autofill popup in the next CLs.
(cherry picked from commit 87cf1589bb30dde902d74657840c8486b605a9b1)
Bug: 1358647
Change-Id: Ie564d1cdf26532a30b796eff15c402c5879332d0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3921456
Reviewed-by: Fr <beaufort.francois@gmail.com>
Commit-Queue: Vidhan Jain <vidhanj@google.com>
Reviewed-by: Kazuki Takise <takise@chromium.org>
Reviewed-by: Eliot Courtney <edcourtney@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1059914}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4028799
Owners-Override: Srinivas Sista <srinivassista@chromium.org>
Commit-Queue: Srinivas Sista <srinivassista@chromium.org>
Reviewed-by: Srinivas Sista <srinivassista@chromium.org>
Auto-Submit: Christoph Schwering <schwering@google.com>
Cr-Commit-Position: refs/branch-heads/5359@{#934}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/447105
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3971895:
Fenced frame: have anchor focus require user activation
Currently, focus can be pulled across a fenced frame boundary without
any user activation by using anchor fragments (aka setting location.href
to a.com#anchor). We already have script-based focus properly gated, but
this is a corner case that we missed.
This CL adds a new variable to FocusParams(): `gate_on_user_activation`.
If set to true, then focus that crosses a fenced frame boundary will
only be allowed to happen if the target frame has transient user
activation. This check takes place in
`Frame::AllowFocusWithoutUserActivation()`.
This CL also updates the Focus() call in
`ElementFragmentAnchor::ApplyFocusIfNeeded` to set
`gate_on_user_activation` to true. This has the effect of treating
anchor focusing as a programmatic focus. However, there isn't a
legitimate use case where a fenced frame will need to pull focus into
itself without user gesture using anchor focusing, and, the behavior
will remain unchanged for anchor focusing that does not cross a fenced
frame boundary. So, it's okay to add this restriction.
(cherry picked from commit 855a43d7acc395d80c3932d382061ade2c82626e)
Bug: 1368739
Change-Id: Ia25e96e23e19d780ac8a4c8edb60c0b2472a9e18
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3933078
Reviewed-by: Dave Tapuska <dtapuska@chromium.org>
Commit-Queue: Liam Brady <lbrady@google.com>
Cr-Original-Commit-Position: refs/heads/main@{#1061827}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3971895
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Dominic Farolino <dom@chromium.org>
Cr-Commit-Position: refs/branch-heads/5359@{#196}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/446488
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4032526:
Avoid use-after-free in ValidationMessageOverlayDelegate
When ValidationMessageOverlayDelegate calls
ForceSynchronousDocumentInstall, it can somehow cause another validation
overlay to be created and delete the ValidationMessageOverlayDelegate.
This patch avoids additional code from being run inside the deleted
ValidationMessageOverlayDelegate.
(cherry picked from commit a37b66ded21af7ff1442bddd2ec3a0845535b3d6)
Fixed: 1382581
Change-Id: I044f91ecb55c77c4a5c40030b6856fc9a8ac7f6f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4019655
Commit-Queue: Joey Arhar <jarhar@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1071652}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4032526
Auto-Submit: Joey Arhar <jarhar@chromium.org>
Commit-Queue: David Baron <dbaron@chromium.org>
Cr-Commit-Position: refs/branch-heads/5414@{#85}
Cr-Branched-From: 4417ee59d7bf6df7a9c9ea28f7722d2ee6203413-refs/heads/main@{#1070088}
(cherry picked from commit fb2bc66e8483c76ce56d2021e2ff82883bd16f87)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/446487
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4035114:
Fix a data race leading to use-after-free in mojo::ChannelMac ShutDown
(cherry picked from commit bd8a1e43aa93d5bb7674cb5a431e7375f7e2f192)
Bug: 1378564
Change-Id: I67041b1e2ef08dd0ee1ccbf6d534249c539b74db
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4027242
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Cr-Original-Commit-Position: refs/heads/main@{#1071700}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4035114
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Robert Sesek <rsesek@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/branch-heads/5359@{#881}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/446486
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3853657:
Mojo: Fix null deref in ChannelMac
In ShutDownOnIOThread, ChannelMac's `send_buffer_` is invalidated, but
an IO thread task to run SendPendingMessages() may have already been
posted. In that case the task will attempt to dereference a null
`send_buffer_` and crash.
This changes ChannelMac to also set `reject_writes_` on shutdown,
ensuring that all subsequent write or flush attempts are ignored.
Bug: None
Change-Id: I40ebdafa0a67da9339d80ca968eb53f2ddc390f9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3853657
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Ken Rockot <rockot@google.com>
Cr-Commit-Position: refs/heads/main@{#1038946}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/446485
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3994146:
Validate that a message is allowed to use the sync flag.
M102 merge issues:
mojo/public/cpp/bindings/associated_receiver.h:
MessageToStableIPCHash_ (present in 102) isn't
present in the change
mojo/public/cpp/bindings/interface_endpoint_client.h:
include conflicts
mojo/public/cpp/bindings/lib/binding_state.h:
MessageToStableIPCHash_ isn't present in the change
mojo/public/cpp/bindings/lib/interface_ptr_state.h:
include conflicts
mojo/public/cpp/bindings/tests/bindings_perftest.cc:
MessageToStableIPCHash_ isn't present in the change
mojo/public/cpp/bindings/tests/multiplex_router_unittest.cc:
MessageToStableIPCHash_ isn't present in the change
This changes consists of several coordinated changes:
- The C++ bindings generator now emits an array of method ordinals that
are allowed to use sync calls, but only if any method has a [Sync]
annotation. This is intended to minimize the code cost to interfaces
that do not have any sync methods (i.e. most of them).
- The C++ binding endpoints (mojo::Receiver, et cetera) now plumb the
array of sync-allowed ordinals to the InterfaceEndpointClient.
- Processing an incoming message checks if the incoming message is
allowed to use the sync flag by filtering it against the array of
sync-allowed ordinals that was previously passed to the
InterfaceEndpointClient.
This also fixes an incorrect forward declaration of ValidationContext in
the generated bindings that discovered in the process of writing the
test.
Bug: 1376099
Change-Id: Icb5864dcab96ccd18c98b4cc6ade7cdef39e209f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3994146
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1067894}
(cherry picked from commit 4365dddb49847a422bce674383b4aa4f38ff9e89)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/446483
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3989408:
Mojo: Disable sync call interrupts in the browser
M102 merge issues:
content/app/content_main_runner_impl.cc:
should_start_minimal_browser is present in 102 but not on main
mojo/public/cpp/bindings/lib/sync_call_restrictions.cc:
include conflicts, base/check_op.h isn't included in 102
This changes the default Mojo sync call behavior in the browser process
to prevent any blocking sync calls from being interrupted by other
incoming sync IPC dispatches.
Bug: 1376099
Change-Id: I53681ef379fdd3c2bfc37d7e16b3de17acad5d20
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3989408
Commit-Queue: Ken Rockot <rockot@google.com>
Cr-Commit-Position: refs/heads/main@{#1065369}
(cherry picked from commit b6f921260e0e763db7a72de9c7a3f0f78a99f21f)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/446482
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4023295:
Fix UAF in VideoCaptureDeviceWin::FrameReceived
(cherry picked from commit d08a3822658cb4ca4261659f1487069a14b51bd9)
Bug: 1381401
Change-Id: Ib742ec7b86d3c419f37f12694bf9cd5f3f03305c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4013158
Reviewed-by: Markus Handell <handellm@google.com>
Commit-Queue: Ilya Nikolaevskiy <ilnik@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1069054}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4023295
Cr-Commit-Position: refs/branch-heads/5359@{#809}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/446481
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3623055:
Fix a deadlock in VideoCaptureDeviceWin
|CFilterGraph| may internally try to grab a lock, which it also holds
when calling |FrameReceived| callback. This lock order inversion was
causing a deadlock on shutdown. To prevent it from happening now |lock_|
is only held to change |state_| in the capture thread and to check it in
the callback.
Bug: 1321062
Change-Id: Ia1e29d48623aa4f9a4ef7943d946f85a134ab155
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3623055
Commit-Queue: Ilya Nikolaevskiy <ilnik@chromium.org>
Reviewed-by: Henrik Boström <hbos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#998822}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/446480
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3608192:
Add lock to VideoCaptureDeviceWin to combat data race
Also don't forward frames after capture is stopped.
Bug: 1137308
Change-Id: Iaf9f1dc98bf188598049ad0d928ad558671a5772
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3608192
Reviewed-by: Henrik Boström <hbos@chromium.org>
Commit-Queue: Ilya Nikolaevskiy <ilnik@chromium.org>
Cr-Commit-Position: refs/heads/main@{#996112}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/446479
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/4020423:
[M102-LTS] Reland "[Promise.any] Fix errors allocation"
M102 merge issues:
Conflicts on tools/v8heapconst.py; Reverted the conflicting
changes and generated a new v8heapconst.py following the
tests/mkgrokdump/README instructions
This is a reland of commit e08fa94bbcc49f3a5c3aa1371986c6365e5a09fb
Changes since revert:
Use max(remainingElements - 1, index + 1) instead of index + 1 as
newCapacity computation to avoid excessive allocations causing the
timeout.
Original change's description:
> [Promise.any] Fix errors allocation
>
> Bug: chromium:1379054
> Change-Id: Ibfcdd4ddc3c9a26471094074c8e7810d93abc898
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3988924
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Auto-Submit: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83968}
Bug: chromium:1379054
Change-Id: Ic788b8d0b42f4e24eaf8b2f2d05b24390fda247b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3990627
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83987}
(cherry picked from commit 8b35091b2d244c975975e1c78e4cd09cb479b5dc)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/446478
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4049706:
Fix potential OOB problem with validating command decoder
Bug: 1392715
Change-Id: If51b10cc08e5b3ca4b6012b97261347a5e4c134e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4049706
Commit-Queue: Srinivas Sista <srinivassista@chromium.org>
Reviewed-by: Peng Huang <penghuang@chromium.org>
Cr-Commit-Position: refs/branch-heads/5249@{#944}
Cr-Branched-From: 4f7bea5de862aaa52e6bde5920755a9ef9db120b-refs/heads/main@{#1036826}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/445636
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Do not use inbound_audio after the std::move, use inboud_audo_ptr instead.
This amends 994bc5b8475fc5231040cbb6986cc7732255acdd
Task-number: QTBUG-108843
Change-Id: I80a05df260b2e891fc5d38f8346bbbc7d71c75cb
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/445368
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
TEST=manual
R=sunnyps@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3661941
Fixes: QTBUG-108636
Change-Id: I7d3da2fc8d143037149d4f400af587a2bfffae76
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/445072
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
| |
compilation with MSVC2022 failed due to missing string definition within std namespace
Fixes: QTBUG-108532
Change-Id: I2119952d5809895e2511ce1c2c262022af3ba191
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/444132
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally submitted at
https://gitlab.freedesktop.org/freetype/freetype/-/merge_requests/216/commits:
[sfnt] Additional bounds checks in `COLR` v1.
* src/sfnt/ttcolr.c (read_paint): Use new ENSURE_READ_BYTES macro,
ensure that 3 bytes can be read.
(tt_face_get_paint_layers): Ensure that the 4-byte paint table
offset can be read.
Follow up to !124 and issue
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52404
Change-Id: I800ff5a6ada85246e6fc2076b6576b3602b7293b
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/443049
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally submitted as
https://gitlab.freedesktop.org/freetype/freetype/-/merge_requests/214/commits:
[sfnt] Guard individual `COLR` v1 paint field reads in `read_paint`.
Fixes oss-fuzz:52404 [1]
* src/sfnt/ttcolr.c (read_paint): After the start pointer p has been
checked for whether it allows reading the format byte, each successive
paint table field read need to be bounds checked before reading further
values.
[1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52404
Change-Id: I36399424db35455ed87d90cc4c7d9eec8db78b6a
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/443048
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
