| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual update of libdav1d to match the version introduced by patch
https://chromium-review.googlesource.com/c/chromium/src/+/4114163:
Roll src/third_party/dav1d/libdav1d/ 87f9a81cd..ed63a7459 (104 commits)
This roll required a few changes to get working:
- "properties" => "built in options" crossfile configuration change due to Meson deprecation.
- generic config creation never worked, so fixed.
- PPC64 configs were never checked in, so switched to generic.
- copyright header changes for generate_sources.
- Updated readme.chromium with potential issues that can arise.
https://chromium.googlesource.com/external/github.com/videolan/dav1d.git/+log/87f9a81cd770..ed63a7459376
$ git log 87f9a81cd..ed63a7459 --date=short --no-merges --format='%ad %ae %s'
2022-12-09 jamrial dav1d: add an option to skip decoding some frame types
2022-12-08 jamrial picture: support creating and freeing refs without tile data
2022-12-07 gramner x86: Add 10bpc 8x32/32x8 itx AVX-512 (Ice Lake) asm
2022-12-07 gramner x86: Add minor DC-only IDCT optimizations
2022-12-13 gramner getbits: Fix assertion failure
2022-12-13 gramner checkasm: Fix integer overflow in refmvs test
2022-01-26 gramner dav1dplay: Update to new libplacebo API
2022-12-09 gramner Add minor getbits improvements
2022-12-09 gramner Add a separate getbits function for getting a single bit
2022-12-09 gramner Remove redundant zeroing in sequence header parsing
2022-12-09 gramner Set the correct default value of initial_display_delay
2022-12-09 jamrial tools: remove the null last entry in inloop_filters_tbl
2022-12-04 lu_zero Do not assume the picture allocation starts as the left edge
2022-11-21 lu_zero ppc: Allocate the correct temp buffer size
2022-11-21 lu_zero ppc: Do not use static const with vec_splats
2022-11-02 charlie.c.hayden Add info to dav1d_send_data docs
2022-10-30 jbeich build: drop -D_DARWIN_C_SOURCE on macOS/iOS after 6b611d36acab
2022-10-30 jbeich build: drop -D_POSIX_C_SOURCE on non-Linux after 6b611d36acab
2022-06-28 victorien threading: Add a pending list for async task insertion
2022-10-26 martin Implement atomic_compare_exchange_strong in the atomic compat headers
2022-10-06 victorien threading: Fix a race around frame completion (frame-mt)
2022-10-07 sebastian Handle host_machine.system() 'ios' and 'tvos' the same way as 'darwin'
2022-09-23 gramner x86: Add 10-bit 8x8/8x16/16x8/16x16 itx AVX-512 (Ice Lake) asm
2022-09-30 gramner Specify hidden visibility for global data symbol declarations
2022-09-28 gramner build: strip() the result of cc.get_define()
2022-09-26 gramner checkasm: Move printf format string to .rodata on x86
2022-09-26 gramner checkasm: Improve 32-bit parameter clobbering on x86-64
2022-09-26 gramner x86: Fix incorrect 32-bit parameter usage in high bit-depth AVX-512 mc
2022-09-09 martin arm: itx: Add clipping to row_clip_min/max in the 10 bpc codepaths
2022-09-15 gramner x86: Fix overflows in 12bpc AVX2 IDCT/IADST
2022-09-15 gramner x86: Fix overflows in 12bpc AVX2 DC-only IDCT
2022-09-15 gramner x86: Fix clipping in high bit-depth AVX2 4x16 IDCT
2022-03-21 martin Don't use gas-preprocessor with clang-cl for arm targets
2022-06-07 david_conrad Fix checking the reference dimesions for the projection process
2022-06-07 david_conrad Fix calculation of OBMC lap dimensions
2022-06-07 david_conrad Support film grain application whose only effect is clipping to video range
2022-06-07 david_conrad Ignore T.35 metadata if the OBU contains no payload
2022-06-07 david_conrad Fix chroma deblock filter size calculation for lossless
2022-06-07 david_conrad Fix rounding in the calculation of initialSubpelX
2022-06-07 david_conrad Fix overflow when saturating dequantized coefficients clipped to 0
2022-06-08 david_conrad Fix overflow in 8-bit NEON ADST
2022-09-14 martin tools: Allocate the priv structs with proper alignment
2022-09-08 gramner x86: Fix clipping in 10bpc SSE4.1 IDCT asm
2022-09-08 gramner build: Improve Windows linking options
2022-09-08 gramner tools: Improve demuxer probing
2022-08-30 code CI: Disable trimming on some tests
2022-08-30 code CI: Remove git 'safe.directory' config
2022-08-30 code gcovr: Ignore parsing errors
2022-08-30 code crossfiles: Update Android toolchains
2022-08-30 code CI: Update images
(...)
2022-09-01 victorien checkasm: Add short options
2022-09-01 victorien checkasm: Add pattern matching to --test
2022-09-01 victorien checkasm: Remove pattern matching from --bench
2022-08-29 victorien checkasm: Add a --function option
2022-08-30 victorien threading: Fix copy_lpf_progress initialization
2022-08-19 jamrial data: don't overwrite the Dav1dDataProps size value
2022-07-18 gramner Adjust inlining attributes on some functions
2022-07-19 gramner x86: Remove leftover instruction in loopfilter AVX2 asm
2022-06-07 david_conrad Enable pointer authentication in assembly when building arm64e
2022-06-07 david_conrad Don't trash the return stack buffer in the NEON loop filter
2022-07-03 thresh CI: Removed snap package generation
2022-07-06 gramner Eliminate unused C DSP functions at compile time
2022-07-06 gramner cpu: Inline dav1d_get_cpu_flags()
2022-06-22 gramner x86: Add minor loopfilter asm improvements
2022-06-15 gramner checkasm: Speed up signal handling
2022-06-15 gramner checkasm: Improve seed generation on Windows
2022-06-20 gramner ci: Don't specify a specific MacOS version
2022-06-14 gramner x86: Add high bit-depth loopfilter AVX-512 (Ice Lake) asm
2022-06-13 victorien checkasm/lpf: Use operating dimensions
2022-06-03 gramner checkasm: Print the cpu model and cpuid signature on x86
2022-06-03 gramner checkasm: Add a vzeroupper check on x86
2022-06-02 gramner x86: Add a workaround for quirky AVX-512 hardware behavior
2022-05-31 victorien checkasm: Fix uninitialized variable
2022-05-14 code CI: Update coverage collecting
2022-05-05 code CI: Add a build with the minimum requirements
2022-05-05 code CI: Deactivate git 'safe.directory'
2022-03-24 code CI: Update images
2022-05-25 victorien Fix typo
2022-05-19 gramner x86: Add high bit-depth cdef_filter AVX-512 (Ice Lake) asm
2022-05-20 gramner checkasm: Print --help message to stderr instead of stdout
2022-05-20 gramner checkasm: Split cdef test into separate pri/sec/pri+sec parts
2022-05-20 gramner checkasm: Improve benchmarking of functions that modify their input
2022-05-18 b x86/itx_avx2: fix typo
2022-04-22 code CI: Add gcc12 and clang14 builds with mold linker
2022-04-26 code CI: Trigger documentation rebuild if configuration changes
2022-04-24 code meson/doc: Fix doxygen config
2022-04-28 gramner Use a relaxed memory ordering in dav1d_ref_inc()
2022-04-28 gramner Remove redundant code in dav1d_cdf_thread_unref()
2022-04-28 gramner Inline dav1d_ref_inc()
2022-04-24 code x86/itx: Add 32x8 12bpc AVX2 transforms
2022-04-24 code x86/itx: Add 8x32 12bpc AVX2 transforms
2022-04-24 code x86/itx: Deduplicate dconly code
2022-04-23 code lib: Fix typo in documentation
2022-04-07 jamrial obu: don't output invisible but showable key frames more than once
2022-04-07 jamrial obu: check that the frame referenced by existing_frame_idx is showable
2022-04-07 jamrial obu: check refresh_frame_flags is not equal to allFrames on Intra Only frames
2022-03-29 robux4 remove multipass wait from dav1d_decode_frame
2022-04-07 jamrial picture: ensure the new seq header and op param info flags are attached to the next visible picture in display order
2022-03-31 jamrial lib: add a function to query the decoder frame delay
2022-03-31 jamrial lib: split calculating thread count to its own function
Created with:
roll-dep src/third_party/dav1d/libdav1d
Fixed: 1401571
Change-Id: Ic3cef540a87a2cf411abe6071fd4c9963ea61f75
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4114163
Reviewed-by: Wan-Teh Chang <wtc@google.com>
Commit-Queue: Dale Curtis <dalecurtis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1084574}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468619
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/4290868:
Merged: [ic] store slow stubs for objects with access checks in DefineNamedIC
The CheckIfCanDefine() used to check the attributes of the object
as well as reporting to access check failure callbacks can update
the lookup iterator, resulting in wrong store handlers being
installed. Restart the lookup iterator in this case to make
sure that slow handlers are installed.
Bug: chromium:1415249
(cherry picked from commit da2df213bc70437ef76f47e0ab6995fa45f8014a)
Change-Id: I92d60af7ea798d80b1115e63b7fce8e2e8026ed9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4290868
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/branch-heads/11.0@{#33}
Cr-Branched-From: 06097c6f0c5af54fd5d6965d37027efb72decd4f-refs/heads/11.0.226@{#1}
Cr-Branched-From: 6bf3344f5d9940de1ab253f1817dcb99c641c9d3-refs/heads/main@{#84857}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468618
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4288168:
Convert known it != end() DCHECK failures to CHECK
M102 merge issues:
third_party/blink/renderer/core/annotation/annotation_agent_impl.cc is
not present in 102
These have hit on DCHECK builds in the wild and precede erasing or
dereferencing an iterator that is UB.
This CL excludes DCHECK failures that precede non-DCHECK handling of the
it != end() failures. Those should probably be rewritten as CHECKs
but are less urgent and semi-orthogonal.
Known crashes (one per file) are:
crash/dc49e3cadab36d4c
crash/0ee3427d25937024
crash/b89303e84d123019
crash/cc35183b861a4992
Bug: 1418734
Change-Id: I81ed7b45be33769e250c65c8bb7334a34be4380e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4288168
Commit-Queue: Peter Boström <pbos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1109350}
(cherry picked from commit 1aec0b297900a7b59bd24314dff239f3c5697f45)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468621
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originallt reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4150813:
Handle a transitory state of context/destination correctly for AudioWorklet operation
When the context resumes from a suspended state, it is possible for
the internal (destination) and the external (context) state to be
different in a rare case. This allows the non-worklet thread to
touch the worklet-related objects, which can causes invalid access
to the V8-managed memory space.
This CL adds a check; if the context state is suspended it swaps
the task runner right away without waiting until a resume() promise
is resolved.
Bug: 1403515
Test: The provided repro case doesn't crash ASAN anymore.
Change-Id: Ic2ea7b0337c444b7dc7d9d8b7195ed3e9ac3955f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4150813
Reviewed-by: Michael Wilson <mjwilson@chromium.org>
Commit-Queue: Hongchan Choi <hongchan@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1096948}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468224
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
| |
Change-Id: I2484e4c4b2a2643e7bdb38b4f8900259acf083f0
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468669
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4116604:
Fix extension fingerprinting via resource timing entry
This CL is to prevent resource timing entry being emitted for resources
that are initiated in the Non main world.
Test cases are added for resources initiated from both the main world
and non main world.
Bug: 1045681
Change-Id: I309b54dae63f56e8d1d71e5c33507623b0c80389
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4116604
Reviewed-by: Yoav Weiss <yoavweiss@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Hao Liu <haoliuk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1088254}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468622
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/4296377:
check if maps become deprecated during optimization
M102 merge issues:
codegen/bailout-reason.h:
Conflicting entries and indent level for BAILOUT_MESSAGES_LIST
Bug: chromium:1417585
Change-Id: Ie8eb76d2afb3ee4be66cf5d1c4bff8f745dc145b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4255648
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85848}
(cherry picked from commit f82d802a20aa62e42269f977302f26c5c3ed031b)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468620
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/4184203:
Fix error dispatch in the v8 inspector session.
Bug: chromium:1337747
Change-Id: I920f3c6370ac9f9bc351eff34e46b1e8d520fe3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4184203
Auto-Submit: Danil Somsikov <dsv@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85449}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468617
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4276661:
webcodecs: Fix VP9 p2 encoding of NV12 frames
(cherry picked from commit 503831d1bdfdbe20c096f04cefc2231efd9ca4c0)
Bug: 1412991
Change-Id: I2e596f65170c1fc98c122bfb0ecff4b241feee15
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4250421
Commit-Queue: Eugene Zemtsov <eugene@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1105528}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4276661
Cr-Commit-Position: refs/branch-heads/5563@{#709}
Cr-Branched-From: 3ac59a6729cdb287a7ee629a0004c907ec1b06dc-refs/heads/main@{#1097615}
(cherry picked from commit 2a98a1c69f6df6c93bddfeba6f1ea887c8e23d8a)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468616
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4324998:
Disable glShaderBinary in the passthrough cmd decoder.
This matches the behaviour of the validating command decoder. The client
does not use this function and it's not exposed to WebGL.
Bug: 1422594
Change-Id: I87c670e4e80b0078fddb9f089b7ac7777a6debfa
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4324998
Commit-Queue: Geoff Lang <geofflang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1115379}
(cherry picked from commit 4a81311a62d853a43e002f45c6867f73c0accdab)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468615
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/angle/angle/+/4348335:
M110: D3D11: Add logic to disassociate EGL image storages.
The TextureStorage classes for External and EGLImages were missing the
logic to disassociate from images. This lead to the images continuing
to hold references to deleted storages.
Bug: chromium:1415330
Change-Id: I8303f6751d87a9b0a52993c7d4e9509b086b93f3
Reviewed-on: https://chromium-review.googlesource.com/c/angle/angle/+/4328347
Reviewed-by: Peng Huang <penghuang@chromium.org>
Commit-Queue: Geoff Lang <geofflang@chromium.org>
(cherry picked from commit a8720455fda43167465c3d2f9a13fca60c21f56e)
Reviewed-on: https://chromium-review.googlesource.com/c/angle/angle/+/4348335
Reviewed-by: Shahbaz Youssefi <syoussefi@chromium.org>
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468614
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://pdfium-review.googlesource.com/c/pdfium/+/104511:
More tightly validate XML names in CXFA_FFDocView::GetWidgetByName()
Widget names must conform to XML name rules.
-- Beef up tests while at it.
Fixed: chromium:1419831
Change-Id: Id36b4a7b3d84aa0b74d54c91eed2f1a11da8298f
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/104511
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468613
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://pdfium-review.googlesource.com/c/pdfium/+/104833:
Observe CPWL_* object destruction across CPDFSDK_Widget methods
This is a simple fix to stop the symptoms while we investigate
how to avoid mutations at these points in the first place.
-- fix some nearby braces and annoying blank lines while at it.
Bug: chromium:1419831
Change-Id: I20c38806b91c7c0c9016bb1b567a04ce319243d8
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/104397
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
(cherry picked from commit 63e3719f1ec20ee6db804b2b2d4b00680db18d9c)
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/104833
Auto-Submit: Tom Sepez <tsepez@chromium.org>
(cherry picked from commit a0d16d18d072ce77e639a09ed211340a2ad9034e)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468612
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4320692:
hid: Handle empty input reports
It's possible for a HID device to define its report descriptor such that
one or more reports have no data fields within the report. When receiving these reports, the report buffer should contain only the
report ID byte and no other data.
Ensure that we do not read past the end of the buffer when handling
zero-length input reports.
(cherry picked from commit c9d77da78bc66c135520ac77873d67b89cdcaee6)
Bug: 1419718
Change-Id: I51d32c20f6b16f0d2b0172e0a165469b6b79748c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4296562
Commit-Queue: Matt Reynolds <mattreynolds@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1112009}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4320692
Commit-Queue: Reilly Grant <reillyg@chromium.org>
Auto-Submit: Matt Reynolds <mattreynolds@chromium.org>
Cr-Commit-Position: refs/branch-heads/5481@{#1341}
Cr-Branched-From: 130f3e4d850f4bc7387cfb8d08aa993d288a67a9-refs/heads/main@{#1084008}
(cherry picked from commit b041159d06adbf7487639bd33a261cc0270d7a34)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468611
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of commit originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4150308:
Ensure that invoked method is an actual v8::Function
CallMethodOnFrame invokes a function part of an object which in turn
is installed on globalThis. E.g. globalThis['foo'].bar();
CallMethodOnFrame already bails out if 'foo' or 'bar' can't be found,
but we should also bail out if 'bar' is not an actual function.
Fixed: 1404704
Change-Id: I67c0883a53b358176898bd04fad3c45cf98721ed
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4150308
Reviewed-by: David Bokan <bokan@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1091189}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468226
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4289351:
Fix potential out of bounds write in base::SampleVectorBase
BUG=1417185
(cherry picked from commit 552939b035e724e022fedb90fd80cd008e441fcf)
Change-Id: I70719d0f9afb81dda373f88ab3a1c177397659ec
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4265437
Commit-Queue: Will Harris <wfh@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1106984}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4289351
Commit-Queue: Zakhar Voit <voit@google.com>
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Owners-Override: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/5359@{#1397}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468223
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4280124:
Prevent potential integer overflow in PersistentMemoryAllocator
https://crrev.com/c/4250177 added an extra check for potential
integer overflow in GetAllocSize but forgot to add the same
check in GetBlock.
This meant that it was possible to get a pointer to a block
but calling GetAllocSize on the same block would return zero.
This change makes the two functions consistent with each other
so calling GetBlock on invalid data will return nullptr.
BUG=1417317,1415328
(cherry picked from commit 81be8e8f2e13a9f1fe6d3150205a3c13af1db6e9)
Change-Id: I8eb3d91bae4528fc97517d202baf337536a4c81f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4264177
Commit-Queue: Alexei Svitkine <asvitkine@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1107105}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4280124
Owners-Override: Victor-Gabriel Savu <vsavu@google.com>
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Commit-Queue: Zakhar Voit <voit@google.com>
Cr-Commit-Position: refs/branch-heads/5359@{#1402}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468222
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4279942:
Do not register browser_watcher activity report with crashpad
BUG=1415328
(cherry picked from commit f93c88303ccbb64014a575b8ae093aa166832922)
Change-Id: I109f6dac083a69a26841ee5e975e02093ca4cbf6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4257669
Commit-Queue: Will Harris <wfh@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1106253}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4279942
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Commit-Queue: Zakhar Voit <voit@google.com>
Owners-Override: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/5359@{#1401}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468221
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4279513:
Prevent potential integer overflow in PersistentMemoryAllocator
BUG=1415328
(cherry picked from commit 19de280a0c28065acf2a7e001af5c981698a461c)
Change-Id: I66dcae6a1aacc1310ddd715033b3704c932b9800
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4250177
Commit-Queue: Will Harris <wfh@chromium.org>
Commit-Queue: Alexei Svitkine <asvitkine@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1105177}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4279513
Commit-Queue: Zakhar Voit <voit@google.com>
Owners-Override: Victor-Gabriel Savu <vsavu@google.com>
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/5359@{#1400}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468220
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4291513:
Shutdown RtpContributingSourceCache in Dispose().
The cache is an off-heap object, but it is owned by an on-heap object
(RTCPeerConnection). Dispoing the owning object poisons memory owned by
it, but the cache may have in-flight tasks (cache doing ClearCache in a
delayed microtask). This CL adds a Shutdown() method to ensure the
cache isn't doing anything in the next microtask after disposal.
No reliable way to repro this has been found but the change should be
safe so hoping we can land without tests.
(cherry picked from commit 4d450ecd6ec7776c7505dcf7d2f04157ff3ba0eb)
Bug: 1413628
Change-Id: I479aace9859f4c10cd75d4aa5a34808b4726299d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4247023
Commit-Queue: Henrik Boström <hbos@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1105653}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4291513
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Owners-Override: Achuith Bhandarkar <achuith@chromium.org>
Reviewed-by: Henrik Boström <hbos@chromium.org>
Commit-Queue: Zakhar Voit <voit@google.com>
Cr-Commit-Position: refs/branch-heads/5359@{#1404}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468219
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4284559:
win: Only process up to EXCEPTION_MAXIMUM_PARAMETERS in an EXCEPTION_RECORD
The EXCEPTION_RECORD contains a NumberParameters field, which could
store a value that exceeds the amount of space allocated for the
ExceptionInformation array.
Bug: chromium:1412658
Change-Id: Ibfed8eb6317e28d3addf9215cda7fffc32e1030d
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4284559
Reviewed-by: Alex Gough <ajgo@chromium.org>
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468218
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4307470:
In Typed CSSOM, reject adding to something that is not a list.
M102 merge issues:
third_party/blink/renderer/core/css/cssom/style_property_map.cc:
The check before the added IsValueList check isn't present in 102
Fixed: 1417176
Change-Id: Idef1a81af46d334c181979778c28f19ce6369718
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4293477
Commit-Queue: Steinar H Gunderson <sesse@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1110281}
(cherry picked from commit 7301cf1e40fdd97594ea491676b867cf4e577edc)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468217
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
| |
Fixes: QTBUG-111697
Change-Id: I51fca3b3eb627b2617ff5c6c051fa1182671244d
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/464490
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 9de0d8a90d9b0176542db8b54d678a9fcbb69337)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468197
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4274984:
Exclude Policy and Play API engines from Sync merging
There's a security bug in which the call to ResetTemplateURLGUID can
cause a policy-created engine to be deleted. This means that after
the call, either the current `conflicting_turl` pointer, or future
iterations in the loop may point to an already-freed TemplateURL,
causing the use-after free bug.
This CL addresses that by forbidding Policy-created and Play API
engines from being merged into Synced engines.
Although Play API engines aren't directly affected, they seem to also
not be something that should be merged to Synced engines.
(cherry picked from commit 315632458eb795ef9d9dce3fd1062f9e6f2c2077)
Bug: 1414224
Change-Id: Ide43d71e9844e04a7ffe2e7ad2a522b6ca1535a3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4250623
Commit-Queue: Tommy Li <tommycli@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1106249}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4274984
Commit-Queue: Krishna Govind <govind@chromium.org>
Cr-Commit-Position: refs/branch-heads/5481@{#1238}
Cr-Branched-From: 130f3e4d850f4bc7387cfb8d08aa993d288a67a9-refs/heads/main@{#1084008}
(cherry picked from commit 06851790480e8e16a2913461d271437d525451a2)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/462770
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://pdfium-review.googlesource.com/c/pdfium/+/103078:
Validate the page count.
In CountPages(), which recursively calls itself, validate the page
count. When any part of the pages tree contains bad data, bail out.
Bug: chromium:1404864
Change-Id: Ifdbc14213ec3f963b4b2cb5793b83c15d03336e8
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/103078
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/462769
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4225497:
Further simplify WebMediaPlayerMSCompositor lifetime.
M102 merge issues:
third_party/blink/renderer/modules/mediastream/webmediaplayer_ms.cc:
- video_task_runner_ is named io_task_runner_ in 102
- Conflicting arguments for CrossThreadBindOnce in ActivateSurfaceLayerForVideo()
third_party/blink/renderer/modules/mediastream/webmediaplayer_ms_compositor.cc:
- The use_surface_layer check is different in 102
- video_task_runner_ is named io_task_runner_ in 102 (conflict in
ReplaceCurrentFrameWithACopy)
Due to the raw pointer held by VideoFrameSubmitter, there may be
tasks pending on the compositor task runner after the RefCounted
traits have "destructed" WebMediaPlayerMSCompositor. Through this
raw pointer VFS was invoking OnContextLost which attempts to use
the zero ref count compositor.
The solution here is again similar to VideoFrameCompositor, its
destruction should be explicit instead of a tangle of RefCounted
owners.
(cherry picked from commit 1622bffc6534a0cc4f53d07c43e0cd8f49975d10)
Fixed: 1407701, 1411601
Change-Id: Ic77294d1113d54ab83bc0f5b625a997edf57bf7c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4210508
Commit-Queue: Tony Herre <toprice@chromium.org>
Auto-Submit: Dale Curtis <dalecurtis@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1099726}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4225497
Reviewed-by: Michael Ershov <miersh@google.com>
Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com>
Owners-Override: Michael Ershov <miersh@google.com>
Cr-Commit-Position: refs/branch-heads/5005@{#1436}
Cr-Branched-From: 5b4d9450fee01f821b6400e947b3839727643a71-refs/heads/main@{#992738}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/462768
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed
https://chromium-review.googlesource.com/c/chromium/src/+/4227731:
Simplify WebMediaPlayerMSCompositor destruction.
The code was only sometimes calling StopUsingProvider() and posted
the submitter destruction unnecessarily.
Destruction now works the same as in VideoFrameCompositor, where the
class itself is responsible for calling StopUsingProvider() during
its own destruction.
(cherry picked from commit cbd238e85903b7d94910bd2c6362ff9abf9908cc)
Fixed: 1407701
Change-Id: Ia649cb5532519468eea34e12745ed9c990580d82
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4195824
Auto-Submit: Dale Curtis <dalecurtis@chromium.org>
Commit-Queue: Tony Herre <toprice@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1098505}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4227731
Owners-Override: Michael Ershov <miersh@google.com>
Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com>
Reviewed-by: Michael Ershov <miersh@google.com>
Cr-Commit-Position: refs/branch-heads/5005@{#1435}
Cr-Branched-From: 5b4d9450fee01f821b6400e947b3839727643a71-refs/heads/main@{#992738}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/462767
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4143606:
CHECK that YUV readback finished synchronously
DoReadbackYUVImagePixelsINTERNAL is implemented using skia asynchronous
readback and to make it synchronous we use sync cpu and gpu. In some
edge cases on linux we saw that doesn't happen if readback triggered
vulkan device lost.
To avoid use after free, CHECK that callback was actually called. In
case of device-lost gpu process will restart anyway, so while this is
not proper fix of the problem, it doesn't result in worse user visible
behaviour.
Bug: 1399742
Change-Id: Ie2172539bb907b9696ef62c70d398aca3967177c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4143606
Reviewed-by: Peng Huang <penghuang@chromium.org>
Commit-Queue: Vasiliy Telezhnikov <vasilyt@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1093064}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/462766
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The lack of checksum may cause assert and error messages when a mailbox
is passed from a release render process to a debug render process.
Task-number: QTBUG-110504
Change-Id: Ib7d78e1e86a3f2ddda6dc8066abf9198040c38f6
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/461554
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit f10c0c429f688fa7ee39ca8af4ff522e30776bea)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/462336
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
| |
It is causing trouble with the inspector and it is low impact and should not
matter for production use cases.
This reverts commit aecb8093dd91f09f0333eb634fe6f0db38f6f48f.
Change-Id: I19cca67617ea0e43914a71f3b7fc97a9cbefaf7b
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/461212
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4171564:
Fix include_subdomains handling with PKI Metadata pins list
M102 merge issues:
net/http/transport_security_state_unittest.cc:
- Conflicting names for network_anonymization_key
(network_isolation_key in 102).
- The kStaticKeyPinningEnforcement feature flag isn't present in
102, but removing its init/activation from the test didn't affect
test results
Previously include_subdomains was ignored once the pinning list was
loaded from a component (due to the find() call for the map using the
full domain). This fixes this by calling it again with the url substring
starting at the next . if the full domain is not found.
(cherry picked from commit ca9cbe0aad4e4070b1e3c1ca530ede8a8a52cc4f)
Bug: 1404811
Change-Id: I2d487401711a8a44e9cedb4b91c84ae5553c6932
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4137286
Commit-Queue: Carlos IL <carlosil@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1091464}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4171564
Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com>
Owners-Override: Achuith Bhandarkar <achuith@chromium.org>
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Cr-Commit-Position: refs/branch-heads/5005@{#1427}
Cr-Branched-From: 5b4d9450fee01f821b6400e947b3839727643a71-refs/heads/main@{#992738}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/460489
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4176412:
Delete PeerConnectionHandler in PeerConnection finalizer
Also guard against removal of PC during PeerConnectionHandler
call that may cause garbage collection.
(cherry picked from commit 5066dd66309d884762e5fb9be04b59582893d09a)
Bug: chromium:1405256
Change-Id: I9adf7b219e2026e07ccc0868c1a85f3b35cd9d26
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4154578
Commit-Queue: Harald Alvestrand <hta@chromium.org>
Reviewed-by: Guido Urdaneta <guidou@chromium.org>
Commit-Queue: Guido Urdaneta <guidou@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1091801}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4176412
Auto-Submit: Harald Alvestrand <hta@chromium.org>
Cr-Commit-Position: refs/branch-heads/5359@{#1347}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/456883
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/460492
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4178714
Remove NUM_COMMAND_BUFFER_NAMESPACES from SyncToken.mojom
Mojo validates input for allowed values, NUM_COMMAND_BUFFER_NAMESPACES
is not valid value to send over ipc and is used only to know maximum
value in code.
(cherry picked from commit d652130c4bc2842d5df5488c69ef4f3168634a54)
Bug: 1406115
Change-Id: I8e5c3b6b2a9a9206fbeb377b27ceb1242a4f54e2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4167409
Reviewed-by: danakj <danakj@chromium.org>
Commit-Queue: Vasiliy Telezhnikov <vasilyt@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1093100}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4178714
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/branch-heads/5359@{#1352}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/456881
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/460490
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4025933:
[MediaStream] Use bad message for unexpected OnStreamStarted IPC in MSDH
Originally we were using a DCHECK, but crashing the renderer process is
a safer option since a well-behaved renderer should not send it.
Bug: 829317
Change-Id: I41be62b11ecce82c94a56c604e8475be9071fbf5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4025933
Reviewed-by: Elad Alon <eladalon@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: Guido Urdaneta <guidou@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1071628}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/460502
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4020095:
Make browser start recording indicator
Prior to this CL, the recording indicator was turned on by a call sent
by the renderer process.
This CL makes the browser process turn on the indicator directly, which protects against a potential malicious renderer that intentionally does
not make the call.
The difference in behavior is that, originally, the indicator was turned on after the tracks were started and now it is turned on before they start. The same approach is already in use for pepper media capture.
In both cases, the indicator was turned off by the browser when the sources backing the tracks stopped.
Bug: 829317
Change-Id: I1af1f481cbc0e8eb0fb96919313b667ac1fa0a0a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4020095
Reviewed-by: Tomas Gunnarsson <tommi@chromium.org>
Commit-Queue: Guido Urdaneta <guidou@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1070795}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/460501
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4024654:
Mojo: Add release-mode sequence checks
A fairly common class of bugs is for Mojo consumers to use thread-affine
objects like Remote<T> from the wrong thread. These bugs are dangerous
since they can lead to UAFs etc.
This CL enables release-mode sequence checks on InterfaceEndpointClient,
the main thread-affine state object underying Remote<T> etc.
Fixed: 1325096
Change-Id: I362b798b015c021316ddca14ea35cb7618942538
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4024654
Commit-Queue: Ken Rockot <rockot@google.com>
Reviewed-by: Oksana Zhuravlova <oksamyt@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1074883}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/460503
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originaly reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4106102:
DevTools: reject debugging web socket connections with a defined Origin header
Unless the browser is started with a new flag `--remote-allow-origins=<origin>[,<origin>, ...]`. The star origin `*` allows all origins.
This CL should not affect non-browser clients such as Puppeteer and WebDriver. It affects DevTools e2e tests in the hosted mode which is fixed in [1]. It should not affect features like remote debugging that
don't use web sockets.
[1]: https://crrev.com/c/4112007
Bug: chromium:1385982
Change-Id: I721f7db3167ebab63416c8a1f48281735f063e48
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4106102
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Alex Rudenko <alexrudenko@chromium.org>
Reviewed-by: Andrey Kosyakov <caseq@chromium.org>
Reviewed-by: Danil Somsikov <dsv@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1085812}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/460500
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3645670:
Ensure WFWI::current_drag_data_ is null at the end of a drag.
This is a tentative fix for the DCHECK bugs below. The bugs appeared at
two different times, but they share the common symptom that
WebFrameWidgetImpl::DragTargetDragEnter very infrequently encounters a
non-null current_drag_data_. We were not able to repro the problem.
This tentative fix assumes that an early return on a drag-leave may
be accidentally skipping setting the state to null.
Bug: 1316301, 1367848
Change-Id: Ib6e9e000271515a0659a6780a59467db149d3b3f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3645670
Commit-Queue: Mustaq Ahmed <mustaq@chromium.org>
Reviewed-by: Robert Flack <flackr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1075157}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/460499
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4083922:
Clear data if GetBucketContents early terminates
Follow up to
https://chromium-review.googlesource.com/c/chromium/src/+/4076865
Bug: 1371859
Change-Id: I33dbcd6e7e8094d44fe3d7623dc9c152224342e2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4083922
Commit-Queue: Brandon Jones <bajones@chromium.org>
Reviewed-by: Victor Miura <vmiura@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1080121}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/460498
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4076865:
Early terminate GetBucketContents if WaitForCmd fails
This should avoid the scenario outlined in crbug.com/1371859 where the
command isn't run due to the GPU process shutting down, but the memcpy
is attempted anyway.
Bug: 1371859
Change-Id: Ib2a4b735365f29d092be8003ba668854be1d5c3b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4076865
Reviewed-by: Victor Miura <vmiura@chromium.org>
Commit-Queue: Brandon Jones <bajones@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1078779}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/460497
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4166946:
ClearBrowsingData: Prevent heap overflow with false data type
Users can call ClearBrowsingDataHandler::HandleClearBrowsingData with
false arguments through devtools. This usually results in a clean crash.
Passing an invalid data type results in a heap overflow. This is turned
into a clean crash by changing a DCHECK into a CHECK.
Bug: 1405123
Change-Id: I00c7d7aefcd8b1d68a285fce62edf8ebdf2e3b4b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4166946
Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org>
Commit-Queue: Demetrios Papadopoulos <dpapad@chromium.org>
Auto-Submit: Christian Dullweber <dullweber@chromium.org>
Reviewed-by: Martin Šrámek <msramek@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1093506}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/460496
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4183821:
Check arguments type in DevToolsHost.showContextMenuAtPoint
(cherry picked from commit 954e76692edf965e588ee80350c20ad403f82ea0)
Bug: 1405574
Change-Id: Id06637839096402e05a2278b06f2f84b3037e21d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4165089
Auto-Submit: Danil Somsikov <dsv@chromium.org>
Commit-Queue: Kouhei Ueno <kouhei@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1093205}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4183821
Cr-Commit-Position: refs/branch-heads/5481@{#498}
Cr-Branched-From: 130f3e4d850f4bc7387cfb8d08aa993d288a67a9-refs/heads/main@{#1084008}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/460495
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://webrtc-review.googlesource.com/c/src/+/291112:
Handle the case of missing certificates.
Creating a data channel or negotiating it can make the SCTP transport
name go from nothing (empty string) to something. Inside the
RTCStatsCollector this is relevant because which transports we have
affect which certificates we should cache, so this is an instance of
having to call ClearStatsCache().
The bug is that we don't. This CL fixes the bug.
I tried to create unittests to cover this, but I was unable to
reproduce the race in a testing environment (if I did it would have
hit an RTC_DCHECK). Not ideal... but I hope we can land it anyway since
the fix is trivial and clearing the cache in response to API calls is
worst case harmless.
Bug: webrtc:14844
Change-Id: Ia7174cde040839e5555237db6de285297120b123
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/291112
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Commit-Queue: Henrik Boström <hbos@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#39160}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/460494
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://webrtc-review.googlesource.com/c/src/+/291109:
Handle the case of missing certificates.
M102 merge issues:
No conflict but needed to reset the author of this commit to be able
to upload it. Original author: Henrik Boström <hbos@webrtc.org>
Certificates being missing is a sign of a bug (e.g. webrtc:14844, to be
fixed separately) which is why we have a DCHECK. But this DCHECK does
not protect against accessing the invalid iterator if it is a release
build. This CL makes that safe.
Bug: chromium:1408392
Change-Id: I97a82786028e41c58ef8ef15002c3f959bbec7f1
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/291109
Commit-Queue: Henrik Boström <hbos@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#39159}
(cherry picked from commit 124d7c3fe5bdc79a355c9df02d07f25331631a68)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/460493
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4143058:
Ensure clean destruction of network::WebTransport
Once the destruction of the object begins, we should not process any
callbacks, nor should we attempt to reset the streams on a connection
that is already being closed.
(cherry picked from commit 57c54ae221d60e9f9394d7ee69634d66c9cd26f3)
Bug: 1376354
Change-Id: Ib49e0ce0b177062cccd0e52368782e291cf8166c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4117501
Commit-Queue: Victor Vasiliev <vasilvv@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1085965}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4143058
Reviewed-by: Victor Vasiliev <vasilvv@chromium.org>
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Owners-Override: Achuith Bhandarkar <achuith@chromium.org>
Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com>
Cr-Commit-Position: refs/branch-heads/5005@{#1424}
Cr-Branched-From: 5b4d9450fee01f821b6400e947b3839727643a71-refs/heads/main@{#992738}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/460491
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Revert the change made in ffmpeg_demuxer.cc as it messing up
timestamp calculations that makes some mp4s unplayable.
This fix breaks the compatibility with system ffmpeg 5.0 and above
as chromium tries to use the 'first_dts' value, that has been moved
out from public api and it is only available from bundled ffmpeg.
See: https://github.com/FFmpeg/FFmpeg/commit/591b88e6787c
Fixes: QTBUG-110749
Change-Id: I5786b1a40939d7c9e490ad51ae2e910b8498c71c
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/457644
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 0efb774616745b2e103efbca814b45fa1da0626c)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/460039
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes performance profiling in devtools.
Fixes: QTBUG-101983
Change-Id: I232165f8449a42aa1b2d7a7c2eb2423c5a32a271
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/458710
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 9faaf2ea7ed1f879c513bc407f3d5da1d30e7f0e)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/459020
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviwed on
https://chromium-review.googlesource.com/c/chromium/src/+/3961634:
Remove TFLite Support's whitespace tokenizer
whitespace tokenizer uses an unsafe function, chartorune, which
cannot be easily fixed upstream. In the mean time we'll just remove it
so nobody accidentally uses it.
Bug: 1346675
Change-Id: I7fb3ba52e0f9cdf55ace15c3828550853535cfdf
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3961634
Reviewed-by: Michael Crouse <mcrouse@chromium.org>
Commit-Queue: Robert Ogden <robertogden@chromium.org>
Change-Id: I4ac08e8a9ecc5f544c775172900d29260571da30
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/454297
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3967950:
Net: Update net::HttpUtil::IsSafeHeader to follow the latest spec
This patch adds new forbidden cases from the fetch standard.
The code is implemented behind a feature flag, but enabled by default.
This is for the case if this change breaks something big in the real
world.
Bug: 1362331
Change-Id: I6d2f4203f89978bd7bd79527f1640a69b4db4c21
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3967950
Reviewed-by: Matt Menke <mmenke@chromium.org>
Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1062673}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/454296
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3963942:
Net: API change to take a value to evaluate safe headers
This patch changes the net::HttpUtil::IsSafeHeader() API to take
a header value in addition to the name. This API change is needed
in a coming change, and this CL is a preparation to avoid mixing
the core change with mechanical changes spread around the code base.
This also affects blink::cors::IsForbiddenHeaderName().
Bug: 1362331
Change-Id: I517799b96c3a045c336d2a509691bb8cc1f173e0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3963942
Reviewed-by: Scott Violet <sky@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1062009}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/454295
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|